Privacy policy
Somaha Foundation privacy policy
With this privacy policy, we inform you about the personal
data we process in connection with our activities and tasks,
including our
For individual or additional activities and tasks, further privacy
statements and other legal documents such as terms and conditions
(T&Cs), terms of use, or participation conditions may apply.
1. Contact Addresses
Responsible for the processing of personal data
Somaha Foundation
Weinbergstrasse 102
8006 Zurich
Switzerland
We point out if there are other responsible parties for the processing of personal data in individual cases.
2. Terms and Legal Basis
2.1 Terms
Personal data refers to all information relating to a specific or identifiable natural person. An affected person is a person whose personal data we process.
Processing includes every handling of personal data, regardless of the means and methods used, such as querying, matching, adjusting, archiving, storing, reading out, disclosing, obtaining, collecting, deleting, disclosing, arranging, organizing, storing, modifying, distributing, linking, destroying, and using personal data.
2.2 Legal Basis
We process personal data in accordance with Swiss data protection law, in particular the Federal Data Protection Act (Data Protection Act, DPA) and the Data Protection Ordinance (Data Protection Regulation, DPR).
3. Type, Scope, and Purpose
We process those personal data that are necessary to carry out our activities and tasks in a permanent, user-friendly, safe, and reliable manner. Such personal data can particularly fall into the categories of inventory and contact data, browser and device data, content data, meta or marginal data, usage data, location data, sales data, and contract and payment data.
We process personal data for the duration required for the respective purpose or purposes or as required by law. Personal data that is no longer necessary for processing is anonymized or deleted.
We may have personal data processed by third parties. We can process personal data together with third parties or transfer it to third parties. Such third parties are especially specialized providers whose services we use. We also ensure data protection with such third parties.
We process personal data only with the consent of the affected person unless processing is permitted for other legal reasons. Processing without consent may, for example, be permissible to fulfill a contract with the affected person and for corresponding pre-contractual measures, to safeguard our predominant legitimate interests, because the processing is evident from the circumstances, or after prior information.
In this context, we process in particular information that an affected person voluntarily provides to us when contacting us — for example, by mail, email, instant messaging, contact form, social media, or telephone — or when registering for a user account. We may store such information, for example, in an address book or with similar tools. If we receive data about other people, the transmitting persons are obliged to ensure data protection towards these people and to ensure the accuracy of this personal data.
We also process personal data that we obtain from third parties, obtain from publicly accessible sources, or collect when carrying out our activities and tasks, provided and to the extent that such processing is legally permissible.
4. Applications
We process personal data about applicants to the extent necessary to assess their suitability for an employment relationship or for the subsequent execution of an employment contract. The necessary personal data results in particular from the requested information, for example, as part of a job advertisement. We also process personal data that applicants voluntarily communicate or publish, especially as part of cover letters, resumes, and other application documents, as well as online profiles.
5. Personal Data Abroad
We process personal data primarily in Switzerland. However, we can also disclose or export personal data to other countries, especially to process or have it processed there.
We can disclose personal data to all countries and territories on Earth and elsewhere in the universe, provided that the local law, according to the decision of the Swiss Federal Council, ensures adequate data protection.
We can disclose personal data in countries whose law does not ensure adequate data protection if adequate data protection is ensured for other reasons. Adequate data protection can, for example, be ensured by corresponding contractual agreements based on standard data protection clauses or with other suitable guarantees. Exceptionally, we can export personal data to countries without adequate or suitable data protection if the special data protection requirements are met, for example, the explicit consent of the affected persons or a direct connection with the conclusion or processing of a contract. We will gladly provide affected persons with information about any guarantees or provide a copy of guarantees upon request.
6. Rights of Affected Persons
6.1 Data Protection Claims
We grant affected persons all claims according to applicable data protection law. Affected persons have, in particular, the following rights:
- Information: Affected persons can request information about whether we process personal data about them and, if so, which personal data. Affected persons also receive the information necessary to assert their data protection claims and ensure transparency. This includes the processed personal data as such, but also, among other things, information about the processing purpose, the duration of storage, any disclosure or export of data to other countries, and the origin of the personal data.
- Correction and Restriction: Affected persons can correct incorrect personal data and have their data processing restricted.
- Deletion and Objection: Affected persons can have personal data deleted (the “right to be forgotten”) and object to the processing of their data.
- Data Release and Data Transfer: Affected persons can request the release of personal data or the transfer of their data to another responsible party.
We can postpone, restrict, or refuse the exercise of the rights of affected persons within the legally permissible framework. We can point out to affected persons any prerequisites that may have to be met for the exercise of their data protection claims. For example, we can refuse to provide information with reference to trade secrets or the protection of other persons in whole or in part. For example, we can also refuse to delete personal data with reference to statutory retention obligations in whole or in part.
We can provide for the exercise of rights exceptionally at a cost. We inform affected persons in advance about any costs.
We are obliged to identify affected persons who request information or assert other rights with appropriate measures. Affected persons are obliged to cooperate.
6.2 Right to Complain
Affected persons have the right to assert their data protection claims in court or to file a complaint with a competent data protection supervisory authority.
The data protection supervisory authority for private responsible parties and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
7. Data Security
We take appropriate technical and organizational measures to ensure data security appropriate to the respective risk. However, we cannot guarantee absolute data security.
Access to our website is encrypted (SSL / TLS, especially with the Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers indicate encryption with a padlock in the address bar.
Our digital communication is subject to — like basically any digital communication — mass surveillance without cause and suspicion as well as other surveillance by security authorities in Switzerland, the rest of Europe, the United States of America (USA), and other countries. We cannot directly influence the corresponding processing of personal data by intelligence services, police stations, and other security authorities.
8. Use of the Website
8.1 Cookies
We may use cookies. Cookies — our own cookies (first-party cookies) as well as cookies from third parties whose services we use (third-party cookies) — are data stored in the browser. Such stored data does not have to be limited to traditional cookies in text form.
Cookies can be stored temporarily in the browser as “session cookies” or for a specific period as so-called permanent cookies. “Session cookies” are automatically deleted when the browser is closed. Permanent cookies have a specific storage duration. Cookies, in particular, allow a browser to be recognized the next time you visit our website and thus, for example, to measure the reach of our website. Permanent cookies can also be used for online marketing.
Cookies can be deactivated or deleted in the browser settings at any time, in whole or in part. Without cookies, our website may not be fully available. We ask — at least if and to the extent required — for explicit consent to the use of cookies.
8.2 Server Log Files
We can record the following information for each access to our website, provided that it is transmitted by your browser to our server infrastructure or can be determined by our web server: Date and time including time zone, Internet Protocol (IP) address, access status (HTTP status code), operating system including user interface and version, browser including language and version, the individual sub-page of our website accessed including the amount of data transferred, the last website accessed in the same browser window (referrer).
We store such information, which can also represent personal data, in server log files. The information is necessary to provide our website permanently, user-friendly, safely, and reliably and to ensure data security and thus, in particular, the protection of personal data — also by third parties or with the help of third parties.
8.3 Counting Pixel
We may use counting pixels on our website. Counting pixels are also referred to as web beacons. Counting pixels — including those from third parties whose services we use — are small, usually invisible images that are automatically retrieved when visiting our website. With counting pixels, the same information as in server log files can be captured.
9. Social Media
We are present on social media platforms and other online platforms to communicate with interested individuals and to inform about our activities and tasks. In connection with such platforms, personal data may also be processed outside of Switzerland.
The general terms and conditions (T&Cs) and terms of use, as well as privacy policies and other provisions of the individual operators of such platforms, also apply. These provisions specifically inform about the rights of affected individuals directly against the respective platform, including, for example, the right to information.
10. Third-Party Services
We use services from specialized third parties to carry out our activities and tasks permanently, user-friendly, securely, and reliably. With such services, we can, among other things, embed functions and content into our website. When embedding, the services used technically capture at least temporarily the Internet Protocol (IP) addresses of the users.
For necessary security-related, statistical, and technical purposes, third parties whose services we use can process data related to our activities and tasks in an aggregated, anonymized, or pseudonymized manner. This includes, for example, performance or usage data to offer the respective service.
Digital Infrastructure
We use services from specialized third parties to access the required digital infrastructure in connection with our activities and tasks. This includes, for example, hosting and storage services from selected providers.
We specifically use:
- Hoststar: Hosting; Provider: Multimedia Networks AG (Switzerland); Privacy information: Privacy Policy, “Data Security at Hoststar”.
- StackPath CDN: Content Delivery Network (CDN); Providers: StackPath LLC (USA) / Highwinds Network Group Inc. (USA); Privacy information: Privacy Policy.
11. Website Extensions
We use extensions for our website to access additional features.
We specifically use:
- jQuery (OpenJS Foundation): Free JavaScript library; Provider: OpenJS Foundation (USA) using StackPath CDN; Privacy information: Privacy Policy (OpenJS Foundation), Cookie Policy (OpenJS Foundation).
12. Final Provisions
We can adjust and supplement this privacy policy at any time. We will inform about such adjustments and additions in an appropriate manner, especially by publishing the current privacy policy on our website.