Privacy Policy
General
This Data Privacy Policy applies to Helvetas Swiss Intercooperation (henceforth "Helvetas"), Switzerland.
We explain in this Data Privacy Policy how we collect and process personal data. We define personal data as all information related to an identified or identifiable person. When we refer to the processing of your personal data in this Data Privacy Policy, we mean any operation with your personal data. This includes in particular the collection, storage, management, use, transmission, disclosure or deletion of personal data.
When you provide us with the personal data of others (such as family members and work colleagues), please ensure that these individuals understand this Data Privacy Policy and only share their personal data with us if you are permitted to do so and the personal data are correct.
Protecting your personal data is very important to us and the responsibility of all Helvetas staff; this applies to employees as well as volunteers. Helvetas does not trade in addresses, nor does it rent, sell or exchange any personal data. Helvetas observes the applicable data protection provisions, in particular the Federal Data Protection Act and the General Data Protection Regulation. Moreover, Helvetas complies with the ZEWO Standards and the Ethical Guidelines for Fundraising as defined by Swissfundraising, the Swiss association of fundraisers.
1. When do we collect personal data?
We collect personal data as part of our commitment to development cooperation in order to conclude contracts with our customers, donors, sponsors and business partners, and comply with the resulting obligations. If you work for a customer or business partner of Helvetas, your personal data may be collected in connection with your role.
We collect your personal data when we are in contact with you or you visit our website. There are many situations in which we have contact with you. This includes the following circumstances in particular:
- You support Helvetas with a donation;
- You sign up for a newsletter;
- You take part in a Helvetas event or contact Helvetas at third-party events;
- You commission Helvetas or use a service;
- You take part in a competition or prize draw;
- You use or communicate with us or third parties via our websites, apps for mobile devices or offerings on Internet platforms, multimedia portals or social networks;
- You communicate with us by telephone, fax, email, voice messaging, text messaging (SMS), image messaging (MMS), video messaging or instant messaging;
- You take part in one of our market research events or opinion surveys.
2. What personal data do we collect?
We collect personal data which you provide to us or which are automatically generated or manually recorded when you contact Helvetas.
Identity data
- First name and last name;
- Residential address, postcode; city;
- Date of birth and age;
- Gender;
- Household size or other household members;
- Purchasing habits;
- Information on purchasing power or creditworthiness;
- Customer and purchase preferences;
- Delivery address;
- Billing address;
- Credit card, debit card and account information;
- Language preferences;
- Telephone number(s);
- Email address(es);
- Information on subscribed newsletters or other advertising;
- Consent for receiving advertising;
- Online customer/donation account information (including opening date, user names, profile images);
- Memberships, sponsorships, pledges for regular donations;
- Photo and video recordings when participating in events.
Activity information
- Contract data (such as contract date, contract type, contract content; contract partners, contract term, contract value; payment method, asserted claims from the contract);
- Donation information (including donation date, place and time; type, quantity and value of donation made; payment methods used; paying agent; donation history);
- Customer service information (including complaints);
- Data related to visiting our websites, apps for mobile devices or offerings on Internet platforms, multimedia portals or social media (including the length and frequency of visits, language and country settings, information on browser and computer operating system, Internet protocol addresses, search terms and search results; ratings submitted);
- Communication by telephone, fax, email, voice messaging, text messaging (SMS), image messaging (MMS), video messaging or instant messaging.
3. Why do we process personal data?
We process personal data for the purpose stated when collecting the data (see chapter 1). Furthermore, we process personal data for fundraising, to the extent this is permissible and we consider appropriate, and when fundraising relates to the following reasons in which we have a legitimate interest or where we have acquired your prior consent:
Processing purposes in connection with communication
- Provision, administration and execution of donation and customer communication by post and via electronic means of communication;
- Commercial communication by post and telephone, fax, email, voice messaging, text messaging (SMS), image messaging (MMS), video messaging or instant messaging;
- Analysis of the use of our offers via telephone, fax, email, voice messaging, text messaging (SMS), image messaging (MMS) or instant messaging, including: type of use, frequency and duration of use, exact location of use.
Processing purposes in connection with special activities and events
- Organisation and execution of competitions or prize draws, including notification and publication of winners via our websites, apps for mobile devices or our offerings on Internet platforms, multimedia portals or social networks;
- Organisation and execution of events.
Processing purposes in connection with behavior analysis
- We optimize the product range by recording and analyzing the historical and current donation in an individualized and personal, but also anonymous and group-related (i) manner. When you use the offers on our websites, on apps for mobile devices or on Internet platforms, multimedia portals or social networks, we also record these data and analyze them in order to improve our communication. (ii) We identify, classify and analyse current and potential donation needs as well as donation interests, and (iii) we categorize donation behaviour as well as donation potential and analyze these data for the purpose of optimizing our offers;
- We statistically analyze donation behavior;
- We combine the newly collected personal data about your identity with the data we already collected in the past;
- We combine personal data that we have collected with publicly accessible data, such that we are able to more effectively align our data basis and the analysis of donation behavior to you. The enrichment of profiles with third-party data includes: missing address and contact data (such as telephone numbers), data from the Federal Statistical Office, calendar data or geodata.
- Where you have given your consent, we process your personal data partially automatically, such that we can analyze individual personal aspects (profiling). We use profiling in particular to inform and advise you about products in a targeted manner. In this connection, we use analysis instruments which enable us to engage in needs-based communication and advertising including market and opinion research.
- As a rule, we do not use any fully automatic decision-making systems, neither to establish nor execute commercial relations. In the event that we use such procedures in individual cases, we will specifically inform you accordingly and request your prior consent, insofar as this is prescribed by law, and we will explain the associated rights to you.
Processing purposes in connection with direct marketing
- Processes – such as for donations or bookings – are simplified. We can use insights from analysing donation and customer behaviour in order to continually improve all donation and service offers;
- Insights obtained from analysing customer behavior enable individualized and personalised contact and help to prevent unnecessary advertising;
- Sending of individualized and personalized advertising by post and telephone, fax, email, voice messaging, text messaging (SMS), image messaging (MMS), video messaging or instant messaging;
- Individualized and personalized adjustment of offers as well as advertising on our websites, apps for mobile devices or for our channels on Internet platforms, multimedia portals or social networks.
4. How do we protect personal data?
We have technical and organizational security procedures to maintain the security of personal data and protect personal data from unauthorized or unlawful processing and/or against unintentional loss, alteration, disclosure or access. These comply with the security standards laid out in the appropriate legislation such as the GDPR or Swiss Federal Data Protection Act.
5. How long do we retain data?
We process and store personal data for as long as necessary for the fulfilment of our contractual and statutory duties or as required for processing in accordance with the pursued purposes; for example, for as long as the entire commercial relationship lasts (from initiation and processing to the completion of a contract); or additionally, if this is required by statutory retention and documentation obligations. In this connection, it is possible that personal data are retained for the period in which claims may be asserted against our organisation and for as long as we are otherwise legally obliged or such retention is necessitated by legitimate commercial interests (such as for verification and documentation purposes). Data collected for performance analysis purposes is anonymized and kept in aggregate for as long as required to perform longitudinal analysis. Data collected with your consent for marketing purposes is kept for as long as is required to perform the marketing activities for which we have received your consent. As soon as we no longer need personal data for the above-mentioned purposes, they will generally be deleted or anonymized, where possible.
6. What rights do you have in connection with your personal data?
In connection with data protection law applicable to you and, to the extent prescribed therein, you have the right to information, correction, deletion, restriction of data processing and to object against our data processing. Insofar as the European General Data Protection Regulation applies, you also have the right to have your personal data transferred to another organization (data portability). However, please note that we reserve the right on our part to assert the legally prescribed limitations, such as if we are obliged to retain or process certain data, we have a prevailing interest in the data (to the extent we may invoke this provision) or we require these data to assert claims. In the event that costs are incurred to you, we will inform you in advance. Please also note that the exercise of these rights may be opposed by contractual agreements and may result in consequences such as premature termination of contract. In such cases, we will inform you in advance unless this is already contractually regulated.
In order that you can exercise such rights, you are generally required to unequivocally verify your identity (such as by presenting a copy of your identification if your identity is unclear or cannot be verified).
Each data subject also has the right to assert their claims in court or to lodge a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (https://www.edoeb.admin.ch/edoeb/en/home.html).
Insofar as you have provided your consent for us to process your personal data for certain purposes (for example, if you signed up for a newsletter or consented to personalized advertising), we will process your personal data in accordance with, and based on, this consent, provided that we have no other legal basis for processing and require such consent. Granted consent may be revoked at any time. However, this will have no effect on any previous data processing.
7. How can you contact us?
If you would like to assert your rights related to your personal data or have questions or concerns with respect to the processing of your personal data, you can contact us as follows: mail@helvetas.org. We will respond to your questions or concerns within a reasonable period upon receipt.
8. What personal data do we share with third parties?
In connection with our commercial activities and purposes, we also pass on personal data to third parties, to the extent this is permitted and we deem appropriate. This is either because they process these data on our behalf or they require these data for their own purposes. This concerns the following organizations in particular:
- Service providers commissioned by us to process your data (such as banks, insurers, collection agencies, printers, distribution partners, logistics companies or payment platforms including RaiseNow);
- Public authorities, administrations or courts;
For the most part, these organizations are based in Switzerland or in the Member States of the European Union (EU) or the European Economic Area (EEA). Data may be transferred outside of Switzerland and the EU. When this happens it may be sent to a country with equivalent data protections as judged in an adequacy decision made by the appropriate data authority.
When we wish to transmit data to a country which does not have an appropriate statutory level of data protection, we ensure a suitable level of protection as legally prescribed with corresponding contracts or apply legal exemptions, or request your consent prior to transmission.
9. Email campaigns and e-news
Helvetas provides information by email on current issues, fundraising campaigns and invites for events. We will only send you our Helvetas e-news if you have given us your consent (such as on the website or by participating in a competition). You have the option to unsubscribe from Helvetas e-news at any time, either using the unsubscribe link contained in each e-news dispatch or sending an email to news@helvetas.org.
To the extent permitted, we sometimes integrate in our newsletters and other marketing emails visible and invisible image elements which, when accessed from our servers, enables us to tell whether and when the email was opened. This allows us to analyze whether our communication is read and is relevant to you. You can block this function in your email program.
10. Cookies/tracking and other technologies in connection with your use of our website
10.1. About Cookies
A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
Cookies may be either "persistent" cookies or "session" cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
10.2. Cookies that we use
We use cookies for the following purposes:
(a) authentication - we use cookies to authenticate your or identify you when you visit our website and as you navigate our website;
(b) personalizsation - we use cookies to store information about your preferences and to personalizse the website for you;
(c) security - we use cookies as an element of the security measures used to protect user accounts, including preventing fraudulent use of login credentials, and to protect our website and services generally;
(d) advertising - we use cookies to help us to display advertisements that will be relevant to you;
(e) analysis - we use cookies to help us to analyzse the use and performance of our website and services; and
(f) cookie consent - we use cookies to store your preferences in relation to the use of cookies more generally.
For details on the individual cookies we use please see our Cookie Notice.
10.3. Cookies used by our service providers
Our service providers use cookies and those cookies may be stored on your computer when you visit our website.
We use Google Analytics to analyze the use of our website. Google Analytics gathers information about website use by means of cookies. The information gathered relating to our website is used to create reports about the use of our website. Google's privacy policy is available at: https://policies.google.com/privacy.
We use Facebook plug-ins on our website, via the AddThis tool, to allow users to share information of our website to their Facebook profile. When you are logged into your Facebook account Facebook may be able to see that you have visited our site and your behaviour on it via these plugins. Facebook’s privacy policy is available at: https://www.facebook.com/policy.php. You can find AddThis’ privacy policy here: https://www.addthis.com/privacy/index
We use conversion tracking for some of our advertising networks to better understand the success of our advertising campaigns. These include the Facebook, LinkedIn, Google and Microsoft Ad Networks. These conversion tracking features use cookies to track the results of visits driven by advertising. They may also be used to track your behavior across any websites that also have these tracking tools set up. You can find the policies for Google and Facebook mentioned above. LinkedIn’s privacy policy can be found here: https://www.linkedin.com/legal/privacy-policy. The privacy policy of Microsoft is available here: https://privacy.microsoft.com/en-gb/privacystatement.
We have YouTube videos embedded in our site. These YouTube embeds add cookies to the site that are used to track visitors usage behaviour across multiple sites. You can find YouTube’s privacy policy here: https://policies.google.com/privacy.
For details on the individual cookies we use please see our Cookie Notice.
10.4. Managing Cookies
Cookies are broken down into several types based on the reason they are being set. Unless a cookie is “strictly necessary” for the operation of our website it will not be set without your consent. You can manage your consent via the Cookie Preference Centre on our site. This can be opened be clicking here:
Additionally, most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:
(a) https://support.google.com/chrome/answer/95647?hl=en (Chrome);
(b) https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences (Firefox);
(c) http://www.opera.com/help/tutorials/security/cookies/ (Opera);
(d) https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies (Internet Explorer);
(e) https://support.apple.com/kb/PH21411 (Safari); and
(f) https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy (Edge).
Blocking all cookies will have a negative impact upon the usability of many websites.
If you block cookies, you will not be able to use all the features on our website.
10.5. Facebook fan page
You can disclose personal data on the Facebook fan page of Helvetas. In accordance with the Facebook terms of use, which every user agrees to when creating a Facebook profile, Helvetas can identify the subscribers and fans of the Helvetas Facebook profile as well as view their profiles and further shared information.
On our Facebook fan page, we process the personal data of users such that we are able to offer them and other visitors an up-to-date information and interaction platform. You do not have to be a member of Facebook in order to view the content.
The European Court of Justice (ECJ) decided in its ruling dated 5 June 2018 that the operator of a Facebook page is responsible together with Facebook for the processing of personal data. We have therefore entered into the agreement Page Controller Addendum with Facebook. You can find this here.
We are aware that Facebook processes the data of users for the following purposes: Facebook uses cookies to store and further process information. These cookies are stored on the various end devices of users. Provided a user has a Facebook profile and is logged in to it, the storage and analysis will also occur across devices. The Facebook data privacy policy contains more information on data processing.
As the operator of the website and the Facebook fan page, we are unable to rule out the transmission and further processing of personal user data in third countries, such as the USA, as well as the associated potential risks for the users.
Facebook Inc., the US parent company of Facebook Ireland Ltd., is certified under the EU-US Privacy Shield and thus commits to adhere to European data protection standards. Further information on the Privacy Shield status of Facebook is available here.
The "insights" of the Facebook page enables us to view statistical data in various categories on an anonymous basis. These statistics are generated and provided by Facebook. As the operator of the website, we have no influence on the generation and representation of these statistics. We cannot suspend this function nor prevent the generation and processing of data. With respect to our Facebook page, we are provided with the following data by Facebook for a selectable period as well as for the categories fans, subscribers, persons reached and interacting persons: total number of page visits, "Like" information, page activity, post interaction, reach, video views, post reach, comments, shared content, replies, proportion of men and women, origin related to country and city, language, clicks on the route planner, clicks on telephone numbers. Such data are likewise provided with respect to the Facebook groups linked with our Facebook page. The ongoing development of Facebook results in changes to the availability and preparation of the data. We therefore refer to the data privacy policy of Facebook for more details in this connection. More information about the insights is available here.
We can use these data to make our posts and activities on our Facebook page more attractive to users. For instance, we use the distributions by age and gender to adjust our language accordingly and the preferred visiting times of users to optimise when we publish our posts. Information about the type of end devices used by visitors helps us to adapt the posts visually.
Since only Facebook has full access to the user data, we recommend contacting Facebook directly if you would like further information or have other questions about your rights as a user (for example, right to deletion). Should you require assistance or have any other questions, please contact us via the address provided.
11. Amendments to this Data Privacy Policy
We reserve the right to revise, change or otherwise amend this Data Privacy Policy at any time. The respectively updated version published on our website applies. In the event that we make changes, we will publish these immediately on our website. Your visit to our website is deemed to be agreement with this Data Privacy Policy. Insofar as the Data Privacy Policy is part of an agreement with you, we will inform you by email or via another appropriate channel about an update or amendment.
12. Responsibility
Responsible for this Data Privacy Policy:
HELVETAS Swiss Intercooperation
Weinbergstrasse 22a
8021 Zurich, Switzerland
mail@helvetas.org