The protection of your privacy when processing personal data as well as the security of all personal data are important to us. With this data protection policy (“Policy”) we inform you about which data we process from you, what we need this data for and how you can oppose to the data processing.
We collect, process and store personal data (including IP addresses) only in accordance with the statutory provisions or if you have given us your consent, for example in the course of registration.
This Policy regulates the obligations of the Limmat Stiftung (“LS”) when we process your personal data in accordance with the Swiss Data Protection Act (“FDPA”) and the European Data Protection Regulation (“GDPR”) in the current version (FDPA and FDPAVO together “Data Protection Legislation”).
The Data Protection Legislation defines “personal data” as any information relating to an identified or identifiable natural or legal person, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural or legal person. This Policy sets out the procedures that LS must follow when processing personal data. LS must comply with the procedures and principles set out here at all times.
LS processes personal data to fulfil its obligations arising from the legal or contractual relationship with you, for the purpose of other justified interests or to fulfil a legal obligation imposed on LS in connection with relevant applicable law.
We only collect personal data that is related to our relationship with you. The personal data we collect includes in particular your contact details such as name, telephone number, address or e-mail address as well as other information, especially in connection with a donation, the establishing of a earmarked fund or the incorporation of a subfoundation and the use of our website. Information that cannot be linked to your identity (e.g. statistical data on the number of users of our online service), on the other hand, is not considered personal data.
As a rule, we collect personal data in the following cases: When you donate to LS, when you establish an earmarked fund or establish a subfoundation with us; when you visit our website; when you communicate directly with us; when you register for our events; when you participate in a survey; or when you give us your personal data for other reasons. In all cases, we process your personal data exclusively for the purpose intended and recognizable to you.
This privacy policy aims to ensure compliance with data protection legislation. The data protection legislation sets out the principles to be observed by anyone who comes into contact with personal data. According to these principles, all personal data must be
(a) handled lawfully, fairly and in a transparent manner;
(b) collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes;
(c) adequate and relevant to the purpose and limited to what is necessary for the purposes of the processing;
(d) accurate and, where necessary, kept up to date; all reasonable steps shall be taken to ensure that personal data which are inaccurate as to the purposes for which they are processed are erased or rectified without delay;
(e) kept in a form which permits identification for no longer than is necessary for the purposes for which the personal data are processed;
(f) processed in such a way as to ensure adequate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or deterioration by appropriate technical or organizational measures.
Your personal data will only be passed on by us to other third parties if we are legally entitled to do so or if you have given us your consent to do so. This is the case, for example, if we carry out external evaluations in agreement with you. Personal data will only be transferred to a country outside the EEA (European Economic Area) if contractual clauses (e.g. EU Model Clauses, Swiss Transborder Data Flow Agreement, US-Swiss Privacy Shield) or other guarantees that comply with data protection legislation are in place.
External service providers who process data on our behalf are strictly bound by contract in accordance with the FDPA. We have ensured that the external service providers are able to guarantee data security. They may only transfer the processing of personal data to a third party with our prior consent
As a matter of principle, we store your data for as long as our business relationship with you requires it or we have a legitimate interest in its further storage. In all other cases, we delete your personal data with the exception of data that we must continue to store in order to fulfil legal obligations (e.g. we are obliged by law to store documents such as contracts and invoices for a period of ten years).
We use appropriate technical and organizational security measures to protect your personal data stored with us against manipulation, partial or complete loss and against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
We reserve the right to amend and supplement this privacy policy at any time at our discretion and in accordance with data protection legislation. Please consult our website regularly.
Should there be discrepancies between the interpretation of the German and English versions of this policy statement, the German version shall prevail.
This Privacy Policy and all matters arising out of or relating to this Privacy Policy are governed by the substantive laws of Switzerland (excluding the Vienna Convention on Contracts for the International Sale of Goods).
Any disputes or claims between you and LS are subject to the exclusive jurisdiction of the courts of the city of Zurich 1.