Data Privacy Statement of the Leopold Bachmann Foundation
In this Data Privacy Statement, we – the Leopold Bachmann Foundation – explain how we collect and otherwise process personal data. This is not a conclusive description; where appropriate, other documents may govern specific circumstances of relevance to data protection. Personal data is defined as all information relating to a defined or definable individual.
This Data Privacy Statement is aligned with the EU General Data Protection Regulation (GDPR) and also with the Federal Act on Data Protection (FADP). Although the GDPR is a regulation of the European Union, it can be significant for us. The FADP is heavily influenced by EU law, and organisations outside the European Union and/or the European Economic Area (EEA) must adhere to the GDPR under certain circumstances.
The party responsible for the data processing operations which we describe here (the Controller) is the Leopold Bachmann Foundation, Säumerstrasse 51, 8803 Rüschlikon. If you have concerns in connection with data protection law, you may notify us of them at the following contact address, for the attention of the management: Leopold Bachmann Foundation, Säumerstrasse 51, 8803 Rüschlikon; telephone +41 (0)43 388 08 41, email@example.com.
2. The Leopold Bachmann Foundation respects your privacy
Protecting your privacy in the course of processing personal data, and the security of all personal data, are major concerns of ours. By means of this Data Privacy Statement, we inform you as to which of your data we process, why we need this data, and how you can object to data processing.
We only collect, process and store personal data (including IP addresses) in accordance with the relevant statutory provisions, or if you have given us your consent to do so – for example, in connection with a registration.
3. How and for what purpose do we collect personal data?
We use the personal data that we collect primarily in order to achieve our Foundation's purpose by supporting and encouraging individuals, institutions and projects in this country and abroad that engage in non-profit activities of a charitable, humanitarian, health-promoting, educational, scientific/academic and cultural nature, and that are committed to sustainable development.
As a general rule, we collect personal data in the following cases: when you submit a funds request to our Foundation; when we enter into a funding relationship and/or funding partnership; when you visit our website; when you communicate directly with us; or when you make your personal data available to us for other reasons. In all cases, we process your personal data exclusively for the purpose that is specified in each case and is recognisable to you (i.e. management and handling of a funding relationship, visit to the website, communication, performance of a contract, etc.).
We also extract certain data from publicly accessible sources (e.g. debt collection registers, land registers, commercial registers, the press, the internet) or receive such data from other organisations, public authorities and other third parties, insofar as this is permitted and insofar as it serves our interests. In addition to your data which you provide to us directly, the categories of personal data that we obtain about you from third parties include, in particular, information from public registers, information which we acquire in connection with official and court proceedings, information related to your professional functions and activities, information about you in correspondence and discussions with third parties, creditworthiness information, information about you provided to us by persons close to you so that we can conclude or perform contracts with you or with your involvement, and personal information about you from the media and the internet.
If you have given us your consent to process your personal data for specific purposes, we will process your personal data within the scope of and on the basis of this consent, insofar as we have no other legal basis and insofar as we require such a basis. Consent that has been issued may be revoked at any time, although this shall not affect data processing operations that have already taken place.
4. Which personal data do we collect?
We collect personal data that pertains to our relationship with you (primarily: the relationship pertaining to the submission of an application, funding activities, funding partnership, potential partnerships, communication etc.). The data we collect includes, in particular, your contact data such as name(s), telephone number(s), physical address or email address, and additional information related in particular to a funds request and to the use of our website. On the other hand, information which cannot be associated with your identity (e.g. statistical information) is not deemed to be personal data.
5. Do we disclose your personal data?
As a general rule, your personal data is disclosed by us to other third parties only if we are legally authorised or obliged to do so (e.g. to public authorities, official bodies, courts) or if you have given us your consent to do so. For example, this is the case if we carry out external project evaluations by agreement with you. For the purpose of networking partners, we reserve the right to make the personal data of existing network partners available to other network partners. You can find more information about this in the Grant Agreement.
External service providers who process data on our behalf are subject to strict contractual obligations in accordance with the applicable legal basis. We have ascertained that the external service providers are able to ensure data security. They may only transfer the processing of personal data to a third party with our prior approval.
Some of the aforementioned third parties are located in this country, but they may be located anywhere in the world. In particular, you must expect your data to be transmitted to all countries where the Leopold Bachmann Foundation is active. If we transmit data to a country without adequate legal data protection, we will ensure an adequate level of protection by means of appropriate contracts as required by law or by relying on the legal exceptions of consent, performance of contract, establishment, exercise or enforcement of legal claims, overriding public interests, published personal data, or because it is necessary to do so in order to protect the integrity of the data subjects.
6. For how long do we store your personal data?
We process and store your personal data for as long as necessary in order to meet our contractual and statutory obligations or, otherwise, for the purposes pursued by means of such processing, i.e. (for example) for the duration of the entire funding relationship and beyond, in accordance with statutory retention and documentation obligations. In this context, it is possible that personal data will be stored for the period during which claims can be asserted against our Foundation and to the extent that we are otherwise obligated by law to do so, or to the extent required by legitimate interests (e.g. for the purposes of evidential proof and documentation). As soon as your personal data ceases to be required for the aforementioned purposes, the said data is generally, and insofar as possible, erased or anonymised.
In case of a funding application which we reject unconditionally, the personal data disclosed to us in connection with the said application is erased immediately after the rejection. If the rejection is merely provisional and it is consequently possible that we will contact you later in connection with your application, we reserve the right to set your organisation's contact data and any internal workflows to inactive in the CRM system after two years, so that they could be reactivated in the event that you are contacted again. Any project documents are erased after two years. Inactive data is also erased after ten years, if not before.
7. Which data is processed during use of our web pages?
In principle, you can visit our web pages without having to disclose any of your personal information. When anyone visits our web pages, our servers temporarily store every access in a log file. In this case, the following technical data is recorded and stored by us until it is deleted automatically after three days:
- User agent
- Time stamp
- Status code
This data is collected and processed for the purposes of system security and stability, error and performance analysis, and for internal statistical purposes.
8. Social media
On our website, you will find links or plug-ins for various social networks (such as LinkedIn). You can identify these links by the logo of the provider in question. Clicking on the links opens the corresponding social media pages, to which this Data Privacy Statement does not apply. For details of the provisions applicable to such pages, please consult the relevant data privacy statements on the websites of the individual providers.
No personal information is transmitted to the respective providers prior to accessing the relevant link or plug-in. By accessing the linked page, you simultaneously provide the basis for data processing by the respective providers. We have no influence over the data processing procedures, nor are we aware of the full scope of data collection, the purposes of such collection, or the storage periods. Likewise, we have no information about the erasure of the data by the plug-in providers.
You can subscribe to newsletters within the scope of our online offering. For this purpose, we use what is known as the "double opt-in procedure": this means that we will only send you a newsletter via email if you have explicitly confirmed activation of the newsletter service to us beforehand by clicking on a link in a message. If you should subsequently decide not to receive newsletters, you can terminate the subscription at any time with future effect by revoking your consent. In the case of email newsletters, consent can be revoked via the link reproduced in the newsletter. Alternatively, please use the data in paragraph 1 to contact us.
10. Data security
We make use of appropriate technical and organisational security measures in order to protect your personal data stored by us against manipulation, partial or total loss, and unauthorised access by third parties. Our security measures are constantly improved in keeping with technological developments.
11. Obligation to provide personal data
Within the scope of our funding relationship, you must provide such personal data as is necessary in order to initiate and conduct a funding relationship and to meet the related contractual obligations (you do not usually have a statutory obligation to provide data to us). Without this data, we will not usually be able to conclude a contract with you and/or your organisation, or to perform such a contract. It will also be impossible to use the website if certain information used to ensure data traffic (e.g. an IP address) is not disclosed.
12. What rights do you have in respect of your personal data?
Within the scope of data protection law as it applies to you and insofar as provided for therein (for example, in the case of the GDPR), you have the right to access, rectification, erasure, the right to restriction of data processing and, otherwise, the right of objection to our data processing operations, and also to the release of certain personal data for the purpose of transmission to another party. Please note, however, that for our part, we reserve the right to enforce the restrictions stipulated by law if (for example) we are obligated to retain or process certain data, if we have an overriding interest in such data (insofar as we are allowed to invoke such interest) or if we need it in order to assert claims. If costs arise for you, we will inform you in advance. We have already informed you about the possibility of revoking your consent. Note that the exercise of these rights may conflict with contractual agreements, and that this may have consequences such as early termination of a contract or may result in costs. We shall inform you in advance in this case, unless this is already contractually stipulated.
It is usually a prerequisite for the exercise of such rights that you unambiguously prove your identity (e.g. by means of a copy of an identity document in cases where your identity is not otherwise clear or verifiable). In order to assert your rights, you may contact us at the address stated in the "Contact" paragraph above.
In addition, every data subject has the right to enforce their claims in court or to lodge a complaint with the responsible data protection authority. The data protection authority responsible for Switzerland is the Federal Data Protection and Information Commissioner.
13. Amendments to this Data Privacy Statement
We reserve the right to amend and amplify this Statement at any time, at our free discretion and in accordance with data protection legislation. Please consult this Statement regularly. The valid version is always the current version published on our website.