Privacy policy

With this pri­vacy policy, we inform you about the per­so­nal data we pro­cess in con­nec­tion with our acti­vi­ties and tasks, inclu­ding our somaha-stiftung.ch web­site. We spe­ci­fi­cally inform about why, how, and where we pro­cess which per­so­nal data. We also inform about the rights of indi­vi­du­als whose data we pro­cess.
For indi­vi­dual or addi­tio­nal acti­vi­ties and tasks, fur­ther pri­vacy state­ments and other legal docu­ments such as terms and con­di­ti­ons (T&Cs), terms of use, or par­ti­ci­pa­tion con­di­ti­ons may apply.

1. Contact Addresses

Respon­si­ble for the pro­ces­sing of per­so­nal data

Somaha Foun­da­tion
Wein­berg­strasse 102
8006 Zurich
Switz­er­land

info@somaha-stiftung.ch

We point out if there are other respon­si­ble par­ties for the pro­ces­sing of per­so­nal data in indi­vi­dual cases.

2. Terms and Legal Basis

2.1 Terms

Per­so­nal data refers to all infor­ma­tion rela­ting to a spe­ci­fic or iden­ti­fia­ble natu­ral per­son. An affec­ted per­son is a per­son whose per­so­nal data we pro­cess.

Pro­ces­sing includes every hand­ling of per­so­nal data, regard­less of the means and methods used, such as query­ing, matching, adjus­ting, archi­ving, sto­ring, rea­ding out, dis­clo­sing, obtai­ning, coll­ec­ting, dele­ting, dis­clo­sing, arran­ging, orga­ni­zing, sto­ring, modi­fy­ing, dis­tri­bu­ting, lin­king, des­troy­ing, and using per­so­nal data.

2.2 Legal Basis

We pro­cess per­so­nal data in accordance with Swiss data pro­tec­tion law, in par­ti­cu­lar the Fede­ral Data Pro­tec­tion Act (Data Pro­tec­tion Act, DPA) and the Data Pro­tec­tion Ordi­nance (Data Pro­tec­tion Regu­la­tion, DPR).

3. Type, Scope, and Purpose

We pro­cess those per­so­nal data that are neces­sary to carry out our acti­vi­ties and tasks in a per­ma­nent, user-fri­endly, safe, and relia­ble man­ner. Such per­so­nal data can par­ti­cu­larly fall into the cate­go­ries of inven­tory and cont­act data, brow­ser and device data, con­tent data, meta or mar­gi­nal data, usage data, loca­tion data, sales data, and con­tract and pay­ment data.

We pro­cess per­so­nal data for the dura­tion requi­red for the respec­tive pur­pose or pur­po­ses or as requi­red by law. Per­so­nal data that is no lon­ger neces­sary for pro­ces­sing is anony­mi­zed or dele­ted.

We may have per­so­nal data pro­ces­sed by third par­ties. We can pro­cess per­so­nal data tog­e­ther with third par­ties or trans­fer it to third par­ties. Such third par­ties are espe­ci­ally spe­cia­li­zed pro­vi­ders whose ser­vices we use. We also ensure data pro­tec­tion with such third par­ties.

We pro­cess per­so­nal data only with the con­sent of the affec­ted per­son unless pro­ces­sing is per­mit­ted for other legal reasons. Pro­ces­sing wit­hout con­sent may, for exam­ple, be per­mis­si­ble to ful­fill a con­tract with the affec­ted per­son and for cor­re­spon­ding pre-con­trac­tual mea­su­res, to safe­guard our pre­do­mi­nant legi­ti­mate inte­rests, because the pro­ces­sing is evi­dent from the cir­cum­s­tances, or after prior infor­ma­tion.

In this con­text, we pro­cess in par­ti­cu­lar infor­ma­tion that an affec­ted per­son vol­un­t­a­rily pro­vi­des to us when cont­ac­ting us — for exam­ple, by mail, email, instant mes­sa­ging, cont­act form, social media, or tele­phone — or when regis­tering for a user account. We may store such infor­ma­tion, for exam­ple, in an address book or with simi­lar tools. If we receive data about other peo­ple, the trans­mit­ting per­sons are obli­ged to ensure data pro­tec­tion towards these peo­ple and to ensure the accu­racy of this per­so­nal data.

We also pro­cess per­so­nal data that we obtain from third par­ties, obtain from publicly acces­si­ble sources, or coll­ect when car­ry­ing out our acti­vi­ties and tasks, pro­vi­ded and to the ext­ent that such pro­ces­sing is legally per­mis­si­ble.

4. Applications

We pro­cess per­so­nal data about appli­cants to the ext­ent neces­sary to assess their sui­ta­bi­lity for an employ­ment rela­ti­onship or for the sub­se­quent exe­cu­tion of an employ­ment con­tract. The neces­sary per­so­nal data results in par­ti­cu­lar from the reques­ted infor­ma­tion, for exam­ple, as part of a job adver­ti­se­ment. We also pro­cess per­so­nal data that appli­cants vol­un­t­a­rily com­mu­ni­cate or publish, espe­ci­ally as part of cover let­ters, resu­mes, and other appli­ca­tion docu­ments, as well as online pro­files.

5. Personal Data Abroad

We pro­cess per­so­nal data pri­ma­rily in Switz­er­land. Howe­ver, we can also dis­c­lose or export per­so­nal data to other count­ries, espe­ci­ally to pro­cess or have it pro­ces­sed there.

We can dis­c­lose per­so­nal data to all count­ries and ter­ri­to­ries on Earth and else­where in the uni­verse, pro­vi­ded that the local law, accor­ding to the decis­ion of the Swiss Fede­ral Coun­cil, ensu­res ade­quate data pro­tec­tion.

We can dis­c­lose per­so­nal data in count­ries whose law does not ensure ade­quate data pro­tec­tion if ade­quate data pro­tec­tion is ensu­red for other reasons. Ade­quate data pro­tec­tion can, for exam­ple, be ensu­red by cor­re­spon­ding con­trac­tual agree­ments based on stan­dard data pro­tec­tion clau­ses or with other sui­ta­ble gua­ran­tees. Excep­tio­nally, we can export per­so­nal data to count­ries wit­hout ade­quate or sui­ta­ble data pro­tec­tion if the spe­cial data pro­tec­tion requi­re­ments are met, for exam­ple, the expli­cit con­sent of the affec­ted per­sons or a direct con­nec­tion with the con­clu­sion or pro­ces­sing of a con­tract. We will gladly pro­vide affec­ted per­sons with infor­ma­tion about any gua­ran­tees or pro­vide a copy of gua­ran­tees upon request.

6. Rights of Affected Persons

6.1 Data Protection Claims

We grant affec­ted per­sons all claims accor­ding to appli­ca­ble data pro­tec­tion law. Affec­ted per­sons have, in par­ti­cu­lar, the fol­lo­wing rights:

• Infor­ma­tion: Affec­ted per­sons can request infor­ma­tion about whe­ther we pro­cess per­so­nal data about them and, if so, which per­so­nal data. Affec­ted per­sons also receive the infor­ma­tion neces­sary to assert their data pro­tec­tion claims and ensure trans­pa­rency. This includes the pro­ces­sed per­so­nal data as such, but also, among other things, infor­ma­tion about the pro­ces­sing pur­pose, the dura­tion of sto­rage, any dis­clo­sure or export of data to other count­ries, and the ori­gin of the per­so­nal data.
• Cor­rec­tion and Rest­ric­tion: Affec­ted per­sons can cor­rect incor­rect per­so­nal data and have their data pro­ces­sing rest­ric­ted.
• Dele­tion and Objec­tion: Affec­ted per­sons can have per­so­nal data dele­ted (the “right to be for­got­ten”) and object to the pro­ces­sing of their data.
• Data Release and Data Trans­fer: Affec­ted per­sons can request the release of per­so­nal data or the trans­fer of their data to ano­ther respon­si­ble party.

We can post­pone, rest­rict, or refuse the exer­cise of the rights of affec­ted per­sons within the legally per­mis­si­ble frame­work. We can point out to affec­ted per­sons any pre­re­qui­si­tes that may have to be met for the exer­cise of their data pro­tec­tion claims. For exam­ple, we can refuse to pro­vide infor­ma­tion with refe­rence to trade secrets or the pro­tec­tion of other per­sons in whole or in part. For exam­ple, we can also refuse to delete per­so­nal data with refe­rence to sta­tu­tory reten­tion obli­ga­ti­ons in whole or in part.

We can pro­vide for the exer­cise of rights excep­tio­nally at a cost. We inform affec­ted per­sons in advance about any costs.

We are obli­ged to iden­tify affec­ted per­sons who request infor­ma­tion or assert other rights with appro­priate mea­su­res. Affec­ted per­sons are obli­ged to coope­rate.

6.2 Right to Complain

Affec­ted per­sons have the right to assert their data pro­tec­tion claims in court or to file a com­plaint with a com­pe­tent data pro­tec­tion super­vi­sory aut­ho­rity.

The data pro­tec­tion super­vi­sory aut­ho­rity for pri­vate respon­si­ble par­ties and fede­ral bodies in Switz­er­land is the Fede­ral Data Pro­tec­tion and Infor­ma­tion Com­mis­sio­ner (FDPIC).

7. Data Security

We take appro­priate tech­ni­cal and orga­niza­tio­nal mea­su­res to ensure data secu­rity appro­priate to the respec­tive risk. Howe­ver, we can­not gua­ran­tee abso­lute data secu­rity.

Access to our web­site is encrypted (SSL / TLS, espe­ci­ally with the Hyper­text Trans­fer Pro­to­col Secure, abbre­via­ted HTTPS). Most brow­sers indi­cate encryp­tion with a pad­lock in the address bar.

Our digi­tal com­mu­ni­ca­tion is sub­ject to — like basi­cally any digi­tal com­mu­ni­ca­tion — mass sur­veil­lance wit­hout cause and sus­pi­cion as well as other sur­veil­lance by secu­rity aut­ho­ri­ties in Switz­er­land, the rest of Europe, the United Sta­tes of Ame­rica (USA), and other count­ries. We can­not directly influence the cor­re­spon­ding pro­ces­sing of per­so­nal data by intel­li­gence ser­vices, police sta­ti­ons, and other secu­rity aut­ho­ri­ties.

8. Use of the Website

8.1 Cookies

We may use coo­kies. Coo­kies — our own coo­kies (first-party coo­kies) as well as coo­kies from third par­ties whose ser­vices we use (third-party coo­kies) — are data stored in the brow­ser. Such stored data does not have to be limi­ted to tra­di­tio­nal coo­kies in text form.

Coo­kies can be stored tem­po­r­a­rily in the brow­ser as “ses­sion coo­kies” or for a spe­ci­fic period as so-cal­led per­ma­nent coo­kies. “Ses­sion coo­kies” are auto­ma­ti­cally dele­ted when the brow­ser is clo­sed. Per­ma­nent coo­kies have a spe­ci­fic sto­rage dura­tion. Coo­kies, in par­ti­cu­lar, allow a brow­ser to be reco­gni­zed the next time you visit our web­site and thus, for exam­ple, to mea­sure the reach of our web­site. Per­ma­nent coo­kies can also be used for online mar­ke­ting.

Coo­kies can be deac­ti­va­ted or dele­ted in the brow­ser set­tings at any time, in whole or in part. Wit­hout coo­kies, our web­site may not be fully available. We ask — at least if and to the ext­ent requi­red — for expli­cit con­sent to the use of coo­kies.

8.2 Server Log Files

We can record the fol­lo­wing infor­ma­tion for each access to our web­site, pro­vi­ded that it is trans­mit­ted by your brow­ser to our ser­ver infra­struc­ture or can be deter­mi­ned by our web ser­ver: Date and time inclu­ding time zone, Inter­net Pro­to­col (IP) address, access sta­tus (HTTP sta­tus code), ope­ra­ting sys­tem inclu­ding user inter­face and ver­sion, brow­ser inclu­ding lan­guage and ver­sion, the indi­vi­dual sub-page of our web­site acces­sed inclu­ding the amount of data trans­fer­red, the last web­site acces­sed in the same brow­ser win­dow (refer­rer).

We store such infor­ma­tion, which can also repre­sent per­so­nal data, in ser­ver log files. The infor­ma­tion is neces­sary to pro­vide our web­site per­ma­nently, user-fri­endly, safely, and relia­bly and to ensure data secu­rity and thus, in par­ti­cu­lar, the pro­tec­tion of per­so­nal data — also by third par­ties or with the help of third par­ties.

8.3 Counting Pixel

We may use coun­ting pixels on our web­site. Coun­ting pixels are also refer­red to as web bea­cons. Coun­ting pixels — inclu­ding those from third par­ties whose ser­vices we use — are small, usually invi­si­ble images that are auto­ma­ti­cally retrie­ved when visi­ting our web­site. With coun­ting pixels, the same infor­ma­tion as in ser­ver log files can be cap­tu­red.

9. Social Media

We are pre­sent on social media plat­forms and other online plat­forms to com­mu­ni­cate with inte­res­ted indi­vi­du­als and to inform about our acti­vi­ties and tasks. In con­nec­tion with such plat­forms, per­so­nal data may also be pro­ces­sed out­side of Switz­er­land.

The gene­ral terms and con­di­ti­ons (T&Cs) and terms of use, as well as pri­vacy poli­cies and other pro­vi­si­ons of the indi­vi­dual ope­ra­tors of such plat­forms, also apply. These pro­vi­si­ons spe­ci­fi­cally inform about the rights of affec­ted indi­vi­du­als directly against the respec­tive plat­form, inclu­ding, for exam­ple, the right to infor­ma­tion.

10. Third-Party Services

We use ser­vices from spe­cia­li­zed third par­ties to carry out our acti­vi­ties and tasks per­ma­nently, user-fri­endly, secu­rely, and relia­bly. With such ser­vices, we can, among other things, embed func­tions and con­tent into our web­site. When embed­ding, the ser­vices used tech­ni­cally cap­ture at least tem­po­r­a­rily the Inter­net Pro­to­col (IP) addres­ses of the users.

For neces­sary secu­rity-rela­ted, sta­tis­ti­cal, and tech­ni­cal pur­po­ses, third par­ties whose ser­vices we use can pro­cess data rela­ted to our acti­vi­ties and tasks in an aggre­ga­ted, anony­mi­zed, or pseud­ony­mi­zed man­ner. This includes, for exam­ple, per­for­mance or usage data to offer the respec­tive ser­vice.

Digital Infrastructure

We use ser­vices from spe­cia­li­zed third par­ties to access the requi­red digi­tal infra­struc­ture in con­nec­tion with our acti­vi­ties and tasks. This includes, for exam­ple, hos­ting and sto­rage ser­vices from sel­ec­ted pro­vi­ders.

We spe­ci­fi­cally use:

• Host­star: Hos­ting; Pro­vi­der: Mul­ti­me­dia Net­works AG (Switz­er­land); Pri­vacy infor­ma­tion: Pri­vacy Policy, “Data Secu­rity at Host­star”.
• Stack­Path CDN: Con­tent Deli­very Net­work (CDN); Pro­vi­ders: Stack­Path LLC (USA) / High­winds Net­work Group Inc. (USA); Pri­vacy infor­ma­tion: Pri­vacy Policy.

11. Website Extensions

We use exten­si­ons for our web­site to access addi­tio­nal fea­tures.

We spe­ci­fi­cally use:

• jQuery (OpenJS Foun­da­tion): Free Java­Script library; Pro­vi­der: OpenJS Foun­da­tion (USA) using Stack­Path CDN; Pri­vacy infor­ma­tion: Pri­vacy Policy (OpenJS Foun­da­tion), Coo­kie Policy (OpenJS Foun­da­tion).

12. Final Provisions

We can adjust and sup­ple­ment this pri­vacy policy at any time. We will inform about such adjus­t­ments and addi­ti­ons in an appro­priate man­ner, espe­ci­ally by publi­shing the cur­rent pri­vacy policy on our web­site.