Privacy Statement of Fondation Aline

 

Valid from: August 31, 2024

In this privacy policy, we, the Fondation Aline (hereinafter, we or us), explain how we collect and process personal data. This is not an exhaustive description; other privacy policies or general terms and conditions, participation terms, and similar documents may regulate specific matters. Personal data includes all information relating to an identified or identifiable person.

If you provide us with personal data of other persons (e.g., family members, data of colleagues), please ensure that these persons are aware of this privacy policy and only share their personal data with us if you are allowed to do so and if this data is accurate.

This privacy policy is designed to comply with the requirements of the EU General Data Protection Regulation (“GDPR”), the Swiss Data Protection Act (“DSG”), and the revised Swiss Data Protection Act (“revDSG”). Whether and to what extent these laws apply depends on the individual case.

 

1. Controller / Data Protection Officer / Representative

The controller for the data processing activities described here is the Fondation Aline, unless otherwise specified in individual cases. If you have any data protection concerns, you can contact us at the following address:

You can reach our Data Protection Officer pursuant to Art. 37 or Art. 27 GDPR at welcome@fondationaline.org.

 

2. Collection and Processing of Personal Data

We primarily process personal data of natural and legal persons that we receive in the course of our business relationships with our current, former, and future customers, donors, supporting members, charitable organizations, and other business partners, as well as from other persons involved. We also collect data when operating our website, particularly through application forms (at: https://fondationaline.org/en/submit-an-application) or other applications or platforms from their users.

Where permitted, we may also obtain certain data from publicly accessible sources or receive such information from other organizations, companies, authorities, and other third parties. In addition to the data you provide directly, the categories of personal data we receive from third parties about you include information from public registers, details we learn in connection with official and judicial proceedings, information related to your professional roles and activities, details about you from correspondence and meetings with third parties, information about you provided by individuals from your environment (family, advisors, legal representatives, etc.) so that we can enter into or manage contracts with you or involving you (e.g., references, your address for deliveries, authorizations, information for compliance with legal requirements such as anti-money laundering and export restrictions, data from banks, insurance companies, distribution and other contract partners for the use or provision of services by you (e.g., payments made, purchases made)), information from the media and the internet concerning you (where appropriate in a specific case, e.g., in connection with project financing and support, applications, etc.), your addresses, and possibly interests and further sociodemographic data (for marketing), data related to website usage (e.g., IP address, MAC address of the smartphone or computer, device and settings information, cookies, date and time of visit, accessed pages and content, used functions, referring website, location data).

 

3. Purposes of Data Processing and Legal Basis

We primarily use the personal data we collect to enter into and manage contracts with our customers, donors, supporting members, charitable organizations, and other business partners, especially in the context of our global charitable activities as a foundation in the fields of health and sports, culture and social affairs, as well as ethics and society. If you work for the aforementioned persons, your personal data may also be affected in this capacity.

Furthermore, we process personal data of you and others, where permitted and as deemed appropriate, for the following purposes, in which we (and sometimes third parties) have a legitimate interest corresponding to the purpose:

  • - Offering and developing our services, websites, apps, and other platforms on which we
      are present;

  • - Communication with third parties and processing their inquiries, especially in connection
      with donation and support applications;

  • - Reviewing and optimizing procedures for needs analysis for direct customer approach as
      well as collecting personal data from publicly available sources for acquiring potential
      donors;

  • - Advertising and marketing (including the organization of events), provided you have not
      objected to the use of your data (if we send you advertising, you can object at any time,
      and we will place you on a blacklist to prevent further advertising);

  • - Market and opinion research, media monitoring;

  • - Assertion of legal claims and defense in connection with legal disputes and
      administrative proceedings;

  • - Prevention and investigation of crimes and other misconduct (e.g., conducting internal
      investigations, data analysis for fraud and anti-money laundering);

  • - Ensuring our operations, particularly IT, our websites, apps, and other platforms;

  • - Video surveillance to protect property rights and other measures for IT, building, and
      system security and the protection of our employees and others, as well as the protection
      of assets entrusted to us (such as access controls, visitor lists, network and mail scanners,
      phone recordings).

If you have given us consent to process your personal data for specific purposes (e.g., signing up for newsletters), we process your personal data within the scope of and based on this consent, as long as we do not have another legal basis and require one. Consent can be revoked at any time, but this does not affect data processing that has already taken place.

 

4. Cookies / Tracking and Other Technologies Related to Website Usage

We typically use “cookies” and similar technologies on our website, which can identify your browser or device. A cookie is a small file sent to your computer or automatically stored on your computer or mobile device by the web browser you use when you visit our website. When you revisit the website, we can recognize you even if we do not know who you are. Besides session cookies, which are only used during a session and are deleted after visiting the website, cookies can also store user preferences and other information over a period (e.g., two years). You can configure your browser to reject cookies, store them only for a session, or delete them early. Most browsers are set to accept cookies by default. We use permanent cookies to better understand how you use our services and content. Blocking cookies may cause some functionalities (e.g., language selection) not to work.

By using our website and consenting to receive newsletters and other marketing emails, you agree to the use of these techniques. If you do not wish this, you must set your browser or email program accordingly.

We may use Google Analytics or similar services on our websites. This is a service provided by third parties who may be located anywhere in the world (in the case of Google Analytics, it is Google Ireland (based in Ireland), relying on Google LLC (based in the USA) as a processor (both “Google”, www.google.com)), which allows us to measure and evaluate website usage (non-personally identifiable). These services also use permanent cookies, which are set by the service provider. If you have registered with the service provider, they may know you. The processing of your personal data by the service provider then occurs under their responsibility and according to their privacy policies. The service provider only informs us about how our respective website is used (no information about you personally).

We also use social media plugins like Facebook, Twitter, YouTube, Pinterest, or Instagram on our websites. These are identifiable by corresponding symbols. We have configured these elements so that they are deactivated by default. If you activate them (by clicking), the operators of the respective social networks can register that you are on our website and where and may use this information for their purposes. The processing of your personal data is then the responsibility of this operator according to their privacy policies. We do not receive any information about you from them. More information on how these third-party providers use your personal data collected via their social media plugins can be found in their respective privacy policies.

 

5. Data Sharing and Transfer Abroad

In the context of our business activities and the purposes outlined in Section 3, we may share personal data with third parties, where permitted and as deemed appropriate. This may occur because they process data for us or because they wish to use it for their own purposes. The main recipients include:

  • - Our service providers (and external parties such as banks, insurance companies),
      including processors (e.g., IT providers);

  • - Distributors, suppliers, subcontractors, and other business partners;

  • - Customers;

  • - Domestic and foreign authorities, offices, or courts;

  • - Media;

  • - The public, including visitors to websites and social media;

  • - Competitors, industry organizations, associations, organizations, and other bodies;

- Other parties in possible or actual legal proceedings;

all recipients together.

 

These recipients may be located within the country or anywhere in the world. You should especially anticipate the transfer of your data to countries where we are represented through group companies, branches, or other offices, as well as to other countries in Europe and the USA, where our service providers are located (e.g., Microsoft, Cisco).

If a recipient is located in a country without adequate legal data protection, we require the recipient to comply with applicable data protection through contractual obligations (using the revised standard contractual clauses of the European Commission, available here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj, including the necessary additions for Switzerland), unless they are already subject to a legally recognized framework to ensure data protection, and unless we can rely on an exception. An exception may apply in the case of legal proceedings abroad, but also in cases of overriding public interests or if contract performance requires such disclosure, if you have consented, or if obtaining your consent is not feasible within a reasonable time and the disclosure is necessary to protect your or another's life or physical integrity, or if it concerns data that you have generally made publicly accessible and whose processing you have not objected to. We may also rely on the exception for data from a legally prescribed register (e.g., commercial register) to which we have rightful access.

 

6. Duration of Retention of Personal Data

We process and store your personal data as long as it is necessary to fulfill our contractual and legal obligations or other purposes pursued with processing, i.e., for the duration of the entire business relationship (from initiation and execution to termination of a contract) and beyond in accordance with legal retention and documentation obligations. It is possible that personal data will be retained for the time during which claims may be made against us, as well as as long as we are otherwise legally required to do so or have a legitimate business interest in retaining the data (e.g., for evidence and documentation purposes). Once your personal data is no longer required for the above-mentioned purposes, it will generally be deleted or anonymized as far as possible. For operational data (e.g., system logs), shorter retention periods of twelve months or less generally apply.

 

7. Data Security

We take appropriate technical and organizational security measures to protect your personal data from unauthorized access and misuse, such as issuing instructions, training, IT and network security solutions, access controls and restrictions, encryption of data carriers and transmissions, pseudonymization, and controls.

 

8. Obligation to Provide Personal Data

In the context of our business relationship, you must provide the personal data necessary for establishing and conducting a business relationship and fulfilling the associated contractual obligations (you are generally not legally required to provide us with data). Without this data, we will generally not be able to enter into or execute a contract with you (or the entity or person you represent). The website cannot be used if certain information required for data traffic (such as IP address) is not disclosed.

 

9. Profiling

We partially process your personal data automatically to evaluate certain personal aspects (profiling). We use profiling mainly to provide you with targeted information and advice about our ongoing projects. For this purpose, we use evaluation tools that allow us to carry out needs-based communication and advertising, including market and opinion research.

 

10. Rights of the Data Subject

You have the right under applicable data protection law (such as the GDPR) to access, rectify, erase, restrict data processing, and otherwise object to our processing of your data, especially for direct marketing purposes, profiling for direct advertising, and other legitimate interests in processing. You also have the right to obtain certain personal data for transfer to another entity (data portability). However, we reserve the right to enforce the legally prescribed limitations, such as when we are required or entitled to retain or process certain data, have an overriding interest (where applicable), or need the data to assert claims. If costs apply, we will inform you in advance. We have already informed you of the possibility of withdrawing your consent in Section 3. Please note that exercising these rights may conflict with contractual arrangements, potentially leading to consequences such as premature termination of contracts or costs. In such cases, we will inform you beforehand if not already contractually regulated.

Exercising such rights generally requires proof of your identity (e.g., a copy of your ID where your identity is otherwise unclear or cannot be verified). To exercise your rights, you can contact us at the address provided in Section 1.

Every data subject also has the right to assert their claims in court or file a complaint with the relevant data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).

 

11. Changes

We may amend this privacy policy at any time without prior notice. The current version published on our website applies. If the privacy policy is part of an agreement with you, we will notify you of updates via email or other appropriate means in the event of a change.

*****