We appreciate your interest in our organisation and would like you to feel secure when visiting our website, including with regard to the protection of your personal data. We take the issue of data protection seriously and ensure that your personal data is protected in accordance with the legal requirements of the Swiss Federal Act on Data Protection (FADP), the Ordinance to the Federal Act on Data Protection (FADP) and other provisions of data protection law that may be applicable, for example, the EU General Data Protection Regulation (GDPR).

This data protection declaration informs you about the type, scope and purpose of the processing of personal data when using our website and outside the website (e.g., social media platforms). Personal data is all data that can be related to you personally, e.g., name, address, email addresses, user behaviour (hereinafter referred to as “data”).

1. Person responsible
Person responsible for data protection
Save the Children
Sihlquai 253
8005 Zurich
dataprivacy@savethechildren.ch

2. Data processing within the scope of our activities, services and business relationships
Save the Children generally processes personal data from the following sources:

  • Data that you provide to us yourself in the context of donations and contributions. This also includes data that you share with us when you make a donation on the street via our donation collectors (face-to-face) or subscribe to our newsletter.
  • Data that we have obtained from publicly accessible sources directly or via specialised service providers, e.g., from the media, via public registers such as the commercial register or public address providers such as Swiss Post or Swisscom.
  • Data provided to us with your consent by third parties for the purpose of executing orders or fulfilling contracts, e.g., payment details, asset discounts.

3. Data processing via the savethechildren.ch website
3.1 When visiting our website
When visiting the website, the server temporarily stores each access in a log file. Until automatic deletion, the IP address of the requesting computer, the date and time of access, the name and URL of the accessed file, the website from which the access was made, the operating system of the computer used by the user and the browser used by the user as well as the country from which the user accessed the website are automatically obtained, among other things.
This data is generally collected and processed anonymously without reference to individuals for the purpose of enabling the use of the website (connection establishment), ensuring system security and stability on a permanent basis and optimising the Internet offering, as well as for internal statistical purposes. The aforementioned information is not linked to or stored with personal data.
Only in the event of an attack on our network infrastructure or suspicion of other unauthorised or abusive website use will the IP address be evaluated for the purpose of clarification and defence and, if necessary, used in the context of criminal proceedings for identification and civil and criminal proceedings against the users concerned.

3.2 Contact
When contacting us (e.g., by contact form, email, telephone or via social media), the user’s details are processed for the purpose of handling the contact request and its processing. The user’s details may be stored in a customer relationship management system (“CRM system”) or comparable enquiry organisation. Furthermore, the statutory archiving obligations apply.

3.3 When making a donation or taking over a sponsorship
You can donate or take over sponsorships for various projects directly on our website. For this purpose, we request data to process the request.
We use this data to carry out the donation or sponsorship you have requested. You can object to this data processing at any time (see section 10 “Rights of data subjects”).

3.4 Cookies
We use cookies. “Cookies” are small files that are stored on users’ computers. Different information can be stored within the cookies. The primary purpose of a cookie is to store information about a user (or the device on which the cookie is stored) during or after their visit to an online offer.
Save the Children Switzerland uses cookies for preferences, statistics and marketing and only uses them if the user agrees to them when they pop up on their first visit to the website. We use these cookies for statistical purposes and to be able to show users individual offers. We use “session cookies”, which are only stored for the duration of the current visit to our online presence. A randomly generated unique identification number, a so-called session ID, is stored in a session cookie. In addition, a cookie contains information about its origin and the storage period. These cookies cannot store any other data. Session cookies are deleted when you have finished using our online offer and close the browser.
If you do not want cookies to be stored on your computer, you will be asked to deactivate the corresponding option in the system settings of your browser or to refuse your consent at the cookie pop-up. You can change your cookie settings at any time by clicking on the “Manage cookies” link at the bottom of each page. Saved cookies can also be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.

3.5 Newsletter
3.5.1 Newsletter dispatch
With the following information we inform you about the contents of our newsletter as well as the registration, dispatch and statistical evaluation procedure and your rights of objection. By subscribing to our newsletter, you agree to receive it and to the procedures described. We send newsletters, emails and other electronic notifications with promotional information (hereinafter “newsletter”) only with the consent of the recipients or legal permission. Insofar as the contents of the newsletter are specifically described in the course of registration, they are decisive for the consent of the user. Apart from that, our newsletters contain information about our services and us. Registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registration you will receive an email in which you are asked to confirm your registration. This confirmation is necessary so that no one can register with other email addresses. The registrations for the newsletter are logged in order to be able to prove the registration process in accordance with the legal requirements. This includes the storage of the registration and confirmation time as well as the IP address. Changes to your data stored with the dispatch service provider are also logged. To register for the newsletter, it is sufficient to enter your email address. Optionally, we ask you to enter a name for the purpose of a personal address in the newsletter. The newsletter is sent and its success measured on the basis of the recipients’ consent. The logging of the registration process is based on our legitimate interests. Our interest is in the use of a user-friendly and secure newsletter system that serves our business interests as well as the expectations of the users and also allows us to prove consent. You can cancel the receipt of our newsletter at any time, i.e., revoke your consent. You will find a link to unsubscribe at the end of each newsletter. We may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them in order to be able to prove consent previously given. The processing of this data is limited to the purpose of a possible defence against claims. An individual deletion request is possible at any time.

3.5.2 Newsletter dispatch service provider
The newsletter is sent using the mailing service provider ActiveCampaign via Getunik Ag, Hardturmstrasse 101, 8005 Zurich. You can view the data protection provisions of the dispatch service provider here: https://www.activecampaign.com/legal/privacy-policy. The dispatch service provider is used on the basis of our legitimate interests and an order processing agreement. The dispatch service provider may use the recipients’ data in pseudonymous form, i.e., without assigning it to a user, to optimise or improve its own services, e.g., to technically optimise the dispatch and presentation of the newsletter or for statistical purposes. However, the dispatch service provider does not use the data of our newsletter recipients to write to them itself or to pass the data on to third parties.

3.5.3 Newsletter performance measurement
The newsletters contain a so-called “web beacon”, i.e., a pixel-sized file that is retrieved from our server when the newsletter is opened or, if we use a dispatch service provider, from their server. Within the scope of this retrieval, technical information such as information on the browser and your system, as well as your IP address and the time of the retrieval are initially collected. This information is used for the technical improvement of the services on the basis of the technical data or the target groups and their reading behaviour on the basis of their retrieval locations (which can be determined with the help of the IP address) or the access times. Statistical surveys also include determining whether newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is neither our intention nor, if used, that of the dispatch service provider to observe individual users. The evaluations serve us much more to recognise the reading habits of our users and to adapt our content to them or to send different content in accordance with the interests of our users. Unfortunately, a separate revocation of the performance measurement is not possible; in this case, the entire newsletter subscription must be cancelled.

3.6 Hosting and email dispatch: Getunik / RaiseNow
The hosting services used by us serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, email dispatch, security services and technical maintenance services, which we use for the purpose of operating this online offer. In doing so, we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, metadata and communication data of customers, interested parties and visitors of this online offer on the basis of our legitimate interests in an efficient and secure provision of this online offer (under conclusion of a contract processing agreement).

3.7 Collection of access data and log files
We, or our hosting provider, collect data on every access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider. Log file information is stored for security reasons (e.g., for the clarification of abuse or fraud) for a maximum of 30 days and then deleted. Data whose further storage is required for evidentiary purposes is exempt from deletion until the respective incident is finally clarified.

3.8 Integration of third-party services and content
We use content or service offers from third-party providers within our online offer in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”). This always requires that the third-party providers of this content are aware of the IP address of the user, as without the IP address they would not be able to send the content to their browser. The IP address is therefore necessary for the display of this content. We endeavour to use only such content whose respective providers only use the IP address to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The pixel tags can be used to analyse information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offer, as well as be linked to such information from other sources.

In general, you can disable (opt-out of) the use of cookies by third parties, such as Google, by visiting the Network Advertising Initiative opt-out settings page: https://thenai.org/opt-out/

3.8.1 Google Tag Manager
Google Tag Manager is a solution with which we can manage so-called website tags via an interface (and thus integrate Google Analytics and other Google marketing services into our online offering, for example). The tag manager itself (which implements the tags) does not process any personal data of the users. With regard to the processing of users’ personal data, please refer to the following information on Google services. Usage guidelines: https://www.google.com/intl/de/tagmanager/use-policy.html

3.8.2 Google Analytics
We use Google Analytics, a web analytics service provided by Google LLC (“Google”), on the basis of our legitimate interests (i.e., interest in the analysis, optimisation and economic operation of our online offering).

When collecting data in Google Analytics 4, no individual IP addresses are logged or stored. For accesses originating from Europe, IP address data is only used to derive location data (city, continent, country, region) and then deleted immediately. They are not logged, are not accessible and are not used for further use cases.
When collecting measurement data in Analytics, all IP searches occur on Europe-based servers before traffic is routed to Analytics servers for processing.

Users can prevent the storage of cookies by setting their browser software accordingly; users can also prevent the collection of the data generated by the cookie and related to their use of the online offer to Google as well as the processing of this data by Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout. For more information on Google’s use of data, settings and opt-out options, please refer to Google’s privacy policy (https://policies.google.com/technologies/ads) and the settings for the display of advertising by Google (https://adssettings.google.com/authenticated). The users’ personal data is deleted or anonymised after 14 months.

3.8.3 Target group formation with Google Analytics
We use Google Analytics to display the ads placed within advertising services of Google and its partners only to those users who have also shown an interest in our online offer or who have certain characteristics (e.g., interests in certain topics or products determined on the basis of the websites visited), which we transmit to Google (so-called “Remarketing Audiences” or “Google Analytics Audiences”). With the help of Remarketing Audiences, we also want to ensure that our advertisements correspond to the potential interest of the users.

3.8.4 Google AdWords and conversion measurement
We use the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”) on the basis of our legitimate interests (i.e., interest in the analysis, optimisation and economic operation of our online offering) in order to place advertisements in the Google advertising network (e.g., in search results, in videos, on websites, etc.) so that they are displayed to users who have a presumed interest in the advertisements. This allows us to target ads for and within our online offering to present users only with ads that potentially match their interests. If, for example, a user is shown ads for products in which they were interested on other online offers, this is referred to as “remarketing”. For these purposes, when our website and other websites on which the Google advertising network is active are accessed, a code is executed directly by Google and so-called (re)marketing tags (invisible graphics or code, also known as “web beacons”) are integrated into the website. With their help, an individual cookie, i.e., a small file, is stored on the user’s device (comparable technologies can also be used instead of cookies). This file records which web pages the user has visited, which content the user is interested in and which offers the user has clicked on, as well as technical information on the browser and operating system, referring web pages, time of visit and other information on the use of the online offer. Furthermore, we receive an individual “conversion cookie”. The information obtained with the help of the cookie is used by Google to create conversion statistics for us. However, we only learn the anonymous total number of users who clicked on our ad and were redirected to a page tagged with a conversion tracking tag. However, we do not receive any information that personally identifies users. The users’ data is processed pseudonymously within the Google advertising network. This means that Google does not store and process the name or email address of the user, for example, but processes the relevant data on a cookie basis within pseudonymous user profiles. This means that from Google’s perspective, the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who this cookie holder is. This does not apply if a user has expressly allowed Google to process the data without this pseudonymisation. The information collected about users is transmitted to Google and stored on Google’s servers in the USA. For more information about Google’s use of data, settings and opt-out options, please refer to Google’s privacy policy (https://policies.google.com/technologies/ads) and the settings for the display of advertisements by Google (https://adssettings.google.com/authenticated).

3.8.5 YouTube
We integrate the videos of the platform “YouTube” of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.

3.8.6 Facebook (Meta)
Within our online offer, functions and contents of Facebook, offered by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”) may be integrated. This may include, for example, content such as images, videos or texts and buttons with which users can share content of this online offer within Facebook. If the users are members of the Facebook platform, Facebook can call-up to accessing the above-mentioned content and functions to the user’s profile there.
The purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as the related rights and settings options for protecting the privacy of users, can be found in Facebook’s privacy policy: https://www.facebook.com/about/privacy/. If a user is a Facebook member and does not want Facebook to collect data about them via this online offer and link it to their membership data stored with Facebook, they must log out of Facebook and delete their cookies before using our online offer. Further settings and objections to the use of data for advertising purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. The settings are platform-independent, i.e., they are applied to all devices, such as desktop computers or mobile devices.

3.8.7 Instagram (Meta)
Within our online offer, functions and contents of the service Instagram, offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA, may be integrated. This may include, for example, content such as images, videos or texts and buttons with which users can share content of this online offer within Instagram. If the users are members of the Instagram platform, Instagram can assign the accessing of the above-mentioned content and functions to the users’ profiles there. Instagram privacy policy: http://instagram.com/about/legal/privacy/.

3.8.8 X Corp.
Within our online offer, functions and contents of the service X Corp., offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, may be integrated. This may include, for example, content such as images, videos or texts and buttons with which users can share content of this online offer within X Corp.. If the users are members of the X Corp. platform, X Corp. can assign the accessing of the above-mentioned content and functions to the user’s profile there. Privacy policy: https://twitter.com/de/privacy, Opt-Out: https://twitter.com/personalization.

3.8.9 LinkedIn
Within our online offer, functions and contents of the service LinkedIn, offered by LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland, may be integrated. This may include, for example, content such as images, videos or texts and buttons with which users can share content of this online offer within LinkedIn. If the users are members of the LinkedIn platform, LinkedIn can assign the accessing of the above-mentioned content and functions to the user’s profile there. Privacy policy of LinkedIn: https://www.linkedin.com/legal/privacy-policy. Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

4. Business-related processing outside the website
In addition, we process

  • Contract data (e.g., subject matter of contract, term, customer category).
  • Payment data (e.g., bank details, payment history) of our customers, interested parties and business partners for the purpose of providing contractual services, service and customer care, marketing, advertising and market research.

4.1 External payment service providers
We use external payment service providers through whose platforms users and we can make payment transactions

We use the payment service providers within the framework of the fulfilment of contracts. We also use external payment service providers on the basis of our legitimate interests in order to offer our users effective and secure payment options.
The data processed by the payment service providers includes inventory data, such as the name and address, bank data, such as account numbers or credit card numbers, passwords, TANs and checksums, as well as the contract, totals and recipient-related details. The details are required to carry out the transactions. However, the data entered is only processed by the payment service providers and stored with them. I.e., we do not receive any account or credit card-related information, but only information with confirmation or negative information of the payment. Under certain circumstances, the data may be transmitted by the payment service providers to credit agencies. The purpose of this transmission is to check identity and creditworthiness. Please refer to the terms and conditions and data protection information of the payment service providers. The terms and conditions and data protection information of the respective payment service providers apply to the payment transactions and can be accessed on the respective websites or transaction applications. We also refer to these for further information and the assertion of revocation, information and other data subject rights.

4.2 Administration, financial accounting, office organisation, contact management
Financial accounting and compliance with legal obligations, such as archiving. In doing so, we process the same data that we process in the course of providing our contractual services. Customers, prospective customers, business partners and website visitors are affected by the processing. The purpose and our interest in the processing lies in the administration, financial accounting, office organisation, archiving of data, i.e., tasks that serve the maintenance of our business activities, performance of our tasks and provision of our services. The deletion of data with regard to contractual services and contractual communication corresponds to the information mentioned in these processing activities. In this context, we disclose or transmit data to the tax authorities, consultants such as tax advisors or auditors as well as other fee offices and payment service providers. Furthermore, we store information on suppliers, organisers and other business partners on the basis of our business interests, e.g., for the purpose of contacting them at a later date. We store this data, most of which is company-related, for as long as legally required.

4.3 Business analyses and market research
In order to run our business economically and to be able to recognise market trends, wishes of contractual partners and users, we analyse the data we have on business transactions, contracts, enquiries, etc. In doing so, we process inventory data, communication data, contract data, payment data, usage data, metadata, whereby the persons concerned include contractual partners, interested parties, customers, visitors and users of our online offer. The analyses are carried out for the purpose of business evaluations, marketing and market research. In doing so, we may take into account the profiles of registered users with details, for example, of the services they have used. The analyses serve us to increase user-friendliness, to optimise our offer and to improve business management. The analyses serve us alone and are not disclosed externally, unless they are anonymous analyses with summarised values. If these analyses or profiles are personal, they are deleted or anonymised when the user terminates the contract, otherwise after two years from the conclusion of the contract. In all other respects, the overall business analyses and general trend analyses are prepared anonymously wherever possible.

4.4 Provision of our statutory and business services
We process the data of our members, supporters, interested parties, customers or other persons insofar as we offer them contractual services or act within the framework of existing business relationships, e.g., towards members, or are ourselves recipients of services and benefits. In addition, we process the data of data subjects on the basis of our legitimate interests, e.g., when administrative tasks or public relations work are involved. The data processed in this context, the type, scope and purpose and the necessity of their processing are determined by the underlying contractual relationship. In principle, this includes inventory and master data of the persons (e.g., name, address, etc.), as well as contact data (e.g., email address, telephone, etc.), contract data (e.g., services used, contents and information provided, names of contact persons) and, if we offer services or products subject to payment, payment data (e.g., bank details, payment history, etc.). We delete data that is no longer required to fulfil our statutory and business purposes. This is determined according to the respective tasks and contractual relationships. In the case of business processing, we retain the data for as long as they may be relevant for the processing of the business as well as with regard to any warranty or liability obligations; otherwise, the statutory retention obligations apply.

5. Online presences in social media
We maintain online presences within social networks and platforms in order to be able to communicate with the customers, interested parties and users active there and to inform them about our services there. When accessing the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply. Unless otherwise stated in our privacy policy, we process the data of users if they communicate with us within the social networks and platforms, e.g., write posts on our online presences or send us messages.

6. Cooperation with processors and third parties
If, in the course of our processing, we disclose data to other persons and companies (order processors or third parties), transmit it to them or otherwise grant them access to the data, this will only be done on the basis of a legal permission (e.g., if transmission of the data to third parties, such as to payment service providers, is necessary for the performance of the contract), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g., when using agents, web hosts, etc.). If we commission third parties to process data, this is always done on the basis of a so-called “order processing contract”.

7. Transfer to third countries
Where we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or where we do so in the context of using third-party services or disclosing, or transferring, data to third parties, this will only be done if it is for the purposes of fulfilling our (pre-)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we will only process or allow the processing of data in a third country if, for example, the processing is based on special safeguards, such as the officially recognised establishment of a data protection authority corresponding to the Swiss data protection level or compliance with officially recognised special contractual obligations (so-called “standard contractual clauses”).

8. Security measures
We take appropriate technical and organisational measures in accordance with Art. 3 of the revised Data Protection Regulation, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk. Furthermore, we take the protection of personal data into account when selecting hardware, software as well as procedures, in accordance with the principle of data protection through technology design and through data protection-friendly default settings.

9. Deletion of data
The data processed by us will be deleted or its processing restricted in accordance with the Data Protection Act. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. I.e., the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law.

10. rights of the data subjects
You have the right to revoke consent given with effect for the future (right of revocation), as well as to object to the future processing of data relating to you (right of objection).
You have the right to obtain information about the personal data we process about you free of charge upon written request (right to information). In addition, you have the right to request the correction of incorrect or incomplete personal data stored by us (right to rectification). You also have the right to either directly receive back the data you have provided to us or to transfer it to a third party of your choice (right to data portability).
You may request the erasure or blocking of your personal data stored or retained by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims (right to erasure).

For further questions, please contact us by email at dataprivacy@savethechildren.ch.

In the event of a breach of data protection law, you have the right to lodge a complaint with the competent supervisory authority. In Switzerland, this is the Federal Data Protection and Information Commissioner https://www.edoeb.admin.ch/edoeb/de/home.html.

Last updated: August 2023