Privacy policy
Somaha Foundation privacy policy
With this privacy policy, we inform about the processing of personal data in connection with our activities and operations including our somaha-stiftung.ch website. We inform in particular about what, how, and where we process personal data. We also inform about the rights of persons whose data we process.
For individual or additional activities and operations, further privacy policies or other information on data protection may apply.
1. Contact Addresses
Somaha Foundation
Weinbergstrasse 102
8006 Zurich
Switzerland
In individual cases, third parties may be responsible for processing personal data or there may be joint responsibility with third parties.
2. Terms and Legal Bases
2.1 Terms
Data Subject: Natural person whose personal data we process.
Personal Data: All information that relates to an identified or identifiable natural person.
Particularly Sensitive Personal Data: Data on trade union, political, religious or ideological views and activities, data on health, intimacy, or belonging to an ethnic or racial group, genetic data, biometric data that uniquely identify a natural person, data on criminal and administrative sanctions or prosecutions, and data on measures of social assistance.
Processing: Any handling of personal data, regardless of the means and procedures used, such as querying, matching, adjusting, archiving, retaining, reading, disclosing, obtaining, recording, collecting, deleting, disclosing, organizing, storing, altering, disseminating, linking, destroying, and using personal data.
3. Nature, Scope, and Purpose of Processing Personal Data
We process the personal data that are necessary to permanently, humanely, safely, and reliably perform our activities and operations. The processed personal data may particularly fall into the categories of browser and device data, content data, communication data, metadata, usage data, master data including inventory and contact data, location data, transaction data, contract data, and payment data.
We also process personal data that we receive from third parties, obtain from publicly accessible sources, or collect in the course of our activities and operations, provided such processing is legally permissible.
We process personal data, as necessary, with the consent of the data subjects. In many cases, we may process personal data without consent, for example, to fulfill legal obligations or to protect overriding interests. We may also seek consent from data subjects even if their consent is not required.
We process personal data for the duration necessary for the respective purpose. We anonymize or delete personal data, in particular depending on legal retention and limitation periods.
4. Disclosure of Personal Data
We may disclose personal data to third parties, have them processed by third parties, or process them jointly with third parties. Such third parties are, in particular, specialized providers whose services we use.
We may disclose personal data, for example, to banks and other financial service providers, authorities, educational and research institutions, advisors and lawyers, interest groups, IT service providers, cooperation partners, credit and economic information agencies, logistics and shipping companies, marketing and advertising agencies, media, organizations and associations, social institutions, telecommunications companies, and insurance companies.
5. Communication
We process personal data to be able to communicate with third parties. In this context, we particularly process data provided by a data subject when contacting us, for example by postal mail or email. We may store such data in an address book or with comparable tools.
Third parties who transmit data about other persons are required to ensure data protection for such data subjects. This includes, among other things, ensuring the accuracy of the transmitted personal data.
6. Applications
We process personal data about applicants to the extent necessary to assess their suitability for an employment relationship or for the subsequent execution of an employment contract. The necessary personal data are derived in particular from the requested information, for example in the context of a job advertisement. We may publish job advertisements with the help of suitable third parties, for example in electronic and print media or on job portals and job platforms.
We also process the personal data that applicants voluntarily provide or publish, particularly as part of cover letters, resumes, and other application documents as well as online profiles.
We may enable applicants to store their information in our talent pool to consider them for future job openings. We may also use such information to maintain contact and inform about news. If we believe an applicant is suitable for an open position based on the information provided, we may inform the applicant accordingly.
7. Data Security
We take appropriate technical and organizational measures to ensure a level of data security appropriate to the respective risk. With our measures, we particularly ensure the confidentiality, availability, traceability, and integrity of the processed personal data, although absolute data security cannot be guaranteed.
Access to our website and other online presences is provided using transport encryption (SSL / TLS, particularly with Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers warn against visiting websites without transport encryption.
Our digital communication is subject – as basically all digital communication – to mass surveillance without cause and suspicion by security authorities in Switzerland, the rest of Europe, the United States of America (USA), and other countries. We cannot directly influence the corresponding processing of personal data by intelligence agencies, police departments, and other security authorities. We also cannot rule out that a data subject is specifically monitored.
8. Personal Data Abroad
We process personal data basically in Switzerland. However, we may disclose or export personal data to other countries, particularly to process them there or have them processed.
We may disclose personal data to all countries and territories on Earth, provided the local law ensures adequate data protection according to a decision of the Swiss Federal Council.
We may disclose personal data to countries whose law does not ensure adequate data protection, provided other reasons ensure appropriate data protection, particularly based on standard data protection clauses or other suitable guarantees. Exceptionally, we may export personal data to countries without adequate or appropriate data protection if the specific data protection requirements are met, such as the explicit consent of the data subjects or a direct connection with the conclusion or execution of a contract. We are happy to provide data subjects with information on any guarantees or deliver a copy of guarantees upon request.
9. Rights of Data Subjects
9.1 Data Protection Claims
We grant data subjects all claims in accordance with applicable data protection law. Data subjects have, in particular, the following rights:
- Access: Data subjects can request information on whether we process personal data about them, and if so, what personal data is involved. Data subjects also receive the information necessary to assert their data protection claims and ensure transparency. This includes the processed personal data as such, but also, among other things, information on the purpose of processing, the duration of retention, any disclosure or export of data to other countries, and the origin of the personal data.
- Correction and Restriction: Data subjects can have incorrect personal data corrected, incomplete data completed, and the processing of their data restricted.
- Deletion and Objection: Data subjects can have personal data deleted (“right to be forgotten”) and object to the processing of their data with future effect.
- Data Portability: Data subjects can request the release of personal data or the transfer of their data to another controller.
We may defer, limit, or deny the exercise of data subjects’ rights to the extent legally permissible. We may inform data subjects of any conditions to be met for the exercise of their data protection claims. For example, we may refuse to provide information in whole or in part by referring to trade secrets or the protection of other persons. We may also refuse to delete personal data in whole or in part by referring to legal retention obligations.
We may exceptionally provide for costs for the exercise of rights. We inform data subjects in advance about any costs.
We are obliged to identify data subjects who request information or assert other rights with appropriate measures. Data subjects are required to cooperate.
9.2 Legal Protection
Data subjects have the right to enforce their data protection claims through legal action or to lodge a complaint with a data protection supervisory authority.
The data protection supervisory authority for private controllers and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
10. Use of the Website
10.1 Cookies
We may use cookies. Cookies – our own cookies (first-party cookies) as well as cookies from third parties whose services we use (third-party cookies) – are data stored in the browser. Such stored data does not necessarily have to be traditional cookies in text form.
Cookies can be stored in the browser temporarily as “session cookies” or for a certain period as so-called permanent cookies. “Session cookies” are automatically deleted when the browser is closed. Permanent cookies have a certain storage duration. Cookies enable, in particular, recognizing a browser on the next visit to our website and thus, for example, measuring the reach of our website. Permanent cookies can also be used for online marketing, for example.
Cookies can be deactivated and deleted at any time in the browser settings. Without cookies, our website may no longer be fully available. We request – at least where and to the extent necessary – active consent to the use of cookies.
10.2 Logging
We may log the following data for each access to our website and our other online presence, provided that such data is transmitted to our digital infrastructure: date and time including time zone, IP address, access status (HTTP status code), operating system including user interface and version, browser including language and version, accessed individual sub-page of our website including the amount of data transmitted, last accessed website in the same browser window (referrer or referrer).
We log such data, which may also be personal data, in log files. The data is necessary to provide our online presence permanently, humanely, and reliably. The data is also necessary to ensure data security – also by third parties or with the help of third parties.
10.3 Counting Pixels
We may integrate counting pixels into our online presence. Counting pixels are also known as web beacons. Counting pixels – also from third parties whose services we use – are usually small, invisible images or JavaScript code that are automatically retrieved when accessing our online presence. Counting pixels can record at least the same data as log files.
11. Notifications and Communications
11.1 Success and Reach Measurement
Notifications and communications may contain web links or counting pixels that record whether an individual message was opened and which web links were clicked. Such web links and counting pixels can also record the use of notifications and communications in a personalized manner. We need this statistical recording of usage for success and reach measurement to be able to send notifications and communications effectively and user-friendly, as well as permanently, securely, and reliably, based on the needs and reading habits of the recipients.
11.2 Consent and Objection
You generally have to consent to the use of your email address and other contact addresses unless the use is permissible for other legal reasons. For obtaining a double-confirmed consent, we may use the “double opt-in” procedure. In this case, you will receive a message with instructions for double confirmation. We may log obtained consents including IP address and timestamp for evidence and security reasons.
You can generally object to receiving notifications and communications, such as newsletters, at any time. By objecting, you can also object to the statistical recording of usage for success and reach measurement. Excluded are necessary notifications and communications in connection with our activities and operations.
11.3 Service Providers for Notifications and Communications
We send notifications and communications with the help of specialized service providers.
We use, in particular:
- Mailchimp: Communication platform; provider: The Rocket Science Group LLC DBA Mailchimp (USA) as a subsidiary of Intuit Inc. (USA); data protection information: Privacy Statement (Intuit) including “Country and Region-Specific Terms”, “Mailchimp Intuit Privacy FAQ”, “Mailchimp and European Data Transfers”, “Security”, Cookie Policy, “Privacy Rights Requests”, “Legal”.
12. Social Media
We are present on social media platforms and other online platforms to communicate with interested persons and inform about our activities and operations. In connection with such platforms, personal data may also be processed outside of Switzerland.
The general terms and conditions (GTC) and terms of use as well as privacy policies and other provisions of the individual operators of such platforms apply. These provisions particularly inform about the rights of data subjects directly towards the respective platform, such as the right to access.
13. Services of Third Parties
We use services from specialized third parties to perform our activities and operations permanently, humanely, safely, and reliably. With such services, we can, among other things, embed functions and content into our website. For such embedding, the services used must technically record at least temporarily the IP addresses of users.
For necessary security-related, statistical, and technical purposes, third parties whose services we use may process data in connection with our activities and operations in an aggregated, anonymized, or pseudonymized manner. This includes performance or usage data to provide the respective service.
Digital Infrastructure
We use services from specialized third parties to obtain the necessary digital infrastructure in connection with our activities and operations. This includes, for example, hosting and storage services from selected providers.
We use, in particular:
- Hoststar: Hosting; provider: Multimedia Networks AG (Switzerland); data protection information: Privacy Policy, “Data Security at Hoststar”.
14. Final Provisions
We may amend and supplement this privacy policy at any time. We will inform about such amendments and supplements in an appropriate manner, particularly by publishing the current privacy policy on our website.