Caritas Switzerland takes the protection of personal data seriously. For this reason, we would like to provide users of our online service with information on which data we store and how we use it.
Unless otherwise stated in individual cases, Caritas Switzerland is responsible for the forms of data processing described here. If you have any queries about data protection law, you can contact us as follows:
Head of Data Protection: Marco D'Onofrio, email@example.com
We do not forward your personal data
We will not forward your data to third parties. We work with external service providers for particular tasks, for example, putting addresses on shipments. These service providers are obliged to comply fully with data protection regulations, are not permitted to use your data for any other purposes whatsoever and must delete it after 30 days. Your address details may be transferred to CRIF Ltd. in Zurich for the purpose of updating your postal address, for example if you move house. This helps us to prevent mail being returned and reduces unnecessary postage costs. You can find more detailed information at www.mycrifdata.ch/home/dsg. All Caritas Switzerland employees who handle your data are obliged to comply with data protection regulations.
Use of data
We will not misuse any data that you provide to us about yourself. In order to send you a newsletter you are subscribed to, respond to your queries, process your donations, ensure your participation in petitions, campaign promotions or competitions or complete your order in the online shop, we require some information from you. We will use the information that you provide via a form on the website or by other means to achieve these ends and process the resulting communication. If you make a donation via our website, we will notify you about some of Caritas Switzerland’s ongoing projects. Just like any online provider, we collect user data in order to optimise our service. We collect and store information in such a way that it is not personally identifiable. We therefore cannot check which user has accessed which data. In particular, we do not collect any names, postal addresses, telephone numbers or e-mail addresses when you visit our website, nor any details about your personal interests or donations. If you have given us consent to process your personal data for particular purposes (for example when you subscribe to newsletters), we will process your personal data on the basis of this consent. You can revoke your consent at any time. We process personal data for fundraising insofar as it is permitted and appears to us to be appropriate. We process your personal data partly by automatic means, in order to be able to inform and advise you specifically about products (profiling).We use evaluation tools that enable us to pursue needs-oriented communication and advertising, incl. market and opinion research.
Right to rectification, blocking and to be informed
Within the scope of the data protection legislation applicable to you and in so far as this legislation provides (as in the case of the GDPR, for instance), you have the right to rectification and erasure, as well as the right to restrict data processing, object to our data processing and publish certain personal data for the purpose of transferring it to another authority (known as data portability). Please note, however, that we reserve the right to enforce the legally prescribed restrictions, for example if we are obliged to store or process your data or need it to assert claims. If this incurs any costs for you, we will notify you in advance. We have already explained the option of revoking your consent in the «Use of data» section. If you send a written request to Caritas Switzerland, we will inform you about the data we have stored about you. When requesting this data, please send us your full name, e-mail address and a copy of an official identification document (ID card, passport). This is necessary to prevent any unauthorised persons gaining access to your data. You may exercise the rights indicated above with regard to the data stored about you. Furthermore, every data subject is entitled to assert their claims in court or file a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (www.edoeb.admin.ch/edoeb).
We occasionally use Google Analytics or similar services on our website. This is a service provided by third parties that may be located in any country in the world (in the case of Google Analytics, it is Google LLC in the USA, www.google.com), which allows us to measure and evaluate the use of the website (in such a way that it is not personally identifiable). For this purpose, we also use permanent cookies set by the service provider. The service provider will not receive any personal data from us or retain any IP addresses. It may, however, track your use of the website, combine this information with data from other websites you have visited that are also tracked by the service provider, and use these findings for its own purposes (for example, managing advertising). If you have registered with the service provider yourself, it will also know you. In this case, the service provider is responsible for processing your personal data in accordance with its own data protection provisions. The service provider will only tell us how our respective website is being used. We will not receive any information that identifies you personally.
Elements from other providers on our website
We use services from other providers on our websites and mobile applications. For example, videos are embedded via the YouTube platform. Content may be shared or recommended via Facebook, Twitter or Google+. Clicking an element from one of these third party providers (e.g. the «Like» plug-in from Facebook), may automatically connect you to this third-party provider’s servers. Data relating to your visit to the website may then be transferred to the third-party provider and possibly associated with the user account you have created with them. You can find out how these platforms collect and use data in their respective privacy policies, where you will also be given the option to adjust the settings to restrict the use of your personal data.
- IP address – this is anonymised before and after its use so that no-one can identify you directly;
- the cookie identifier which is a random string of characters stored on your device
- information about the operating system and other technical information (screen resolution, language settings, country settings, device ID and device type as well as the Browser type which was used to visit a Website; and
- date, time and region of your visit to a Website, the domain and URLs that you have visited previously.
The data collected in this process do not enable us to identify your name, contact details or other personal data. These cookies and the information obtained through them are used to make advertising messages more relevant to you, and include the following functions: Prevent the same advertisement from reappearing constantly, measure and report on the effectiveness of the advertising, determine the price and the specific advertising opportunity to be offered, select ads and content based on your interests, and ensure the integrity and security of the services that Adform offers its customers, including the analysis of whether a visit to a Website is made by a robot or a software.
Secure data transfer
All data that you provide to us on our website, when ordering a newsletter or making contact enquiries, is transferred to us via a secure connection in encrypted form. We use a state-of-the-art security procedure (SSL Secure Sockets Layer) to do this.
Liability for links
We also place links on our website to external services that we think you might like. Of course, we only provide links to pages that did not appear to contain any misleading or illegal content when the link was created. We have no control over the way these pages will be set up in future, however. We cannot therefore be held responsible for recommended pages that have been changed after the link was created. Liability for illegal, incorrect or incomplete content and, in particular, for any damage or loss suffered as a result of using this information lies solely with the provider of the page in question.
On our website, you can easily and securely make a donation or process a payment online using debit or credit cards. The company RaiseNow’s certified e-payment platform was designed specifically for non-profit and aid organisations. RaiseNow (www.raisenow.com/) with its head office in CH-Zurich complies with all the guidelines of the financial authorities and IT security standards and is PCI-DSS certified (Payment Card Industry Data Security-Standard). All transactions are transmitted securely via SSL. We will store the data you provide when making a donation, i.e. the amount, the specific purpose of your donation and your address, in our donor database.
If you subscribe to one of the newsletters we offer, we will use your data exclusively to send our newsletter as it is defined when you subscribe. You only need to provide your e-mail address to subscribe to our newsletter. You subscribe to newsletters via what is known as a double opt-in procedure. After subscribing, you will receive an e-mail prompting you to confirm your subscription. This confirmation is necessary to prevent anybody from subscribing with unauthorised e-mail addresses. Subscriptions or changes to newsletter subscriptions are recorded and are therefore traceable.
If you provide any more personal information when you subscribe, we will check it against our own address database to ensure that the addresses are fully up to date and of sufficient quality, thus optimising our communication with you. We will treat your newsletter data as strictly confidential and will not forward or sell it to third parties. We work closely with our Internet and newsletter providers to provide maximum protection for your data from unauthorised access, loss, misuse or forgery. Please do not forward your newsletter as this may also send a means of accessing your personal information. To forward the newsletter, please use the «Forward message» function integrated into every newsletter or the URL for the online version of the newsletter.
Newsletters are sent using ActiveCampaign of ActiveCampaign Inc, 1 N Dearborn, 5th Floor, Chicago, IL 60601, USA, hereafter referred to as ‘distribution service provider’. You can find the distribution service provider’s data protection regulations here www.activecampaign.com/legal/privacy-policy. ActiveCampaign Inc. is certified under the Privacy Shield Framework www.privacyshield.gov/participant, which ensures compliance with European privacy standards. Furthermore, the distribution service provider may, according to its own information, use this data in pseudonymous form, i.e. without allocation to a user, to optimise or improve its own services, e.g. for technical optimisation of the distribution and presentation of the newsletter or for statistical purposes to determine from which countries the recipients come. However, the distribution service provider does not use the data of our newsletter recipients to contact them directly or to pass the data on to third parties.
The newsletters contain a ‘web-beacon’, which is a one pixel-sized file that is accessed by the distribution service provider’s server when the newsletter is opened. During this access, technical information is first collected, such as information about the browser and your system, as well as your IP address and the access time. This information is used to improve the technical performance of the services based on technical data or target groups and their reading habits, which are based on their access locations (which can be determined using the IP address) or access times. The statistical surveys also include determining whether the newsletters are opened, when they are opened, and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is neither our intention, nor that of the distribution service provider, to observe individual users. The evaluations are instead focused on helping us to recognise the reading habits of our users and to adapt our content to them, or to send different content according to the interests of our users.
Your contact details from the forms provided by ConvertFlow are stored for the purpose of processing the request and in case of follow-up questions at ConvertFlow. The processing of the data entered by you in the ConvertFlow form is therefore based on your consent (Art. 6 para. 1 point a GDPR). You can revoke this consent at any time. An informal communication by email to firstname.lastname@example.org is sufficient.
The legality of the data processing operations carried out until revocation remains unaffected by the revocation. The data entered by you in the ConvertFlow forms remains with Caritas Switzerland until you ask us to delete it, revoke your consent for storage or the purpose for which the data was stored ceases to apply (e.g. after your request has been processed). Mandatory legal regulations – especially retention periods – remain unaffected.
Retention period for personal data
We process and store your personal data for the duration of the business relationship and in accordance with the statutory retention and documentation requirements. Data may therefore be retained for the period in which claims can be asserted against our company (including, in particular, during the statutory limitation period) and to the extent that we are otherwise required to do so by law or it is required by legitimate business interests (for example for evidence or documentation purposes). As soon as your personal data is no longer required for the aforementioned purposes, it will be deactivated and will no longer be used. For operational data (for example system records, logs), shorter retention periods of up to twelve months apply as a basic principle.
Obligation to provide personal data
As part of our business relationship, you are invited to provide the personal data that is required to enter into and conduct a business relationship and fulfil the associated contractual obligations. Generally speaking, you are not legally required to provide data to us. Without this data, we will usually be unable to conclude or process a contract with you (or the body or person you are representing). The website cannot be used either if certain details designed to secure data traffic (such as your IP address) are not disclosed.