The purpose of this privacy statement is to explain to you what information Save the Children collects during your visit to this website and how this information will be used. Personal data is considered to be all data that refers to an identified or identifiable person. This includes, for example, your name, address, date of birth, email address and your user behaviour (hereinafter “data”).

  1. Controller
    Save the Children
    Sihlquai 253
    8005 Zurich
    +41 44 267 74 70
    info@savethechildren.ch

2. Data processing by the savethechildren.ch website

2.1. Visiting our website 

Our server temporarily records every visit to our website in a log file. Until the log file is automatically deleted, it records, among other things, the IP address from which you visited our site, the date and time of your visit, the name and URL of the file you viewed, the website from which you came (referrer URL), your computer’s operating system, the type and version of your browser as well as the country from which you visited our website.

These data are generally collected and processed in anonymised form and without personal reference for the purpose of enabling you to visit our website (connection establishment), ensuring sustained security and stability of the system and optimising our online service as well as for internal statistical purposes. The above-mentioned information is neither linked nor stored together with personal data.

It is only in the event of an attack on our network’s infrastructure or if we suspect any other prohibited or improper use of our website that a users’ IP addresses may be  analysed for intelligence and defence purposes and, if necessary, used in criminal proceedings for identification as well as for civil and criminal actions against the users in question.

Our legitimate interest lies in the above-mentioned purposes according to Art. 6 Para. 1 lit. f) GDPR.

2.2. Contact 
If you contact us (e.g. via the contact form, email or social media), your user data are used to process your contact request according to Art. 6 Para. 1 lit. b) (contractual or precontractual relationships) and Art. 6 Para. 1 lit. f) (other requests) GDPR. User data may be stored in a customer relationship management system (CRM system) or a comparable request management system. We delete all requests once they have ceased to be required. We check whether requests are still required every other year. Furthermore, the statutory storage obligations apply.

2.3. Donations and sponsorships 
You can make donations to various projects or become a sponsor directly on our website. We collect data to process your request.
We use these data to process your donation or the sponsorship you have chosen. Our legal basis for this is the performance of a contract you wished to enter or the provision of a service you requested according to Art. 6 Para. 1 lit. b) GDPR.

2.4. Buying from our shop 
You can buy products online in the online shop on our website. We collect data to process your request. So that we may process your orders in our online shop and/or provide the services you have requested, we collect, store and process the following additional data:
• Information on the products you ordered
• Information on the services you ordered
• Data on your ordering, shopping and payment behaviour

Unless otherwise stated in this privacy statement, or unless you have given your separate consent, we will only use the above-mentioned data to process the contract, that is, to deliver the services you requested, to process and deliver your orders and to ensure correct payment. Our legal basis for this is the performance of a contract you wished to enter and/or the provision of a service you requested, according to Art. 6 Para. 1 lit. b) GDPR.

2.5 Cookies 
We use cookies. Cookies are small files stored on your computer by your browser. Several types of information can be recorded in a cookie. Cookies are primarily employed to record user data (or data on the device on which the cookie is stored) during or after your visit to an online service.
If you do not wish to have cookies stored on your device, you can deactivate the corresponding setting options in your browser’s system settings. Stored cookies can also be deleted in your browser’s system settings. If you prevent or restrict the installation of cookies, not all of the functions on our site may be fully usable.

2.6 Newsletter
2.6.1. Newsletter dispatch
The information below refers to the content of our newsletter, the procedures for subscription, dispatch and statistical analysis as well as your right to object. By subscribing to our newsletter, you agree to receiving the newsletter and to the procedure described below. We dispatch newsletters, emails and other electronic messages containing advertisement information (hereinafter “newsletter”) only with your explicit consent or with legal permission. If the content of the newsletter is explicitly described in the subscription process, it is relevant for your consent. Furthermore, our newsletters contain information about our services and about us. Subscribing to our newsletter requires a so-called double opt-in procedure. This means that upon subscription, you will receive an email in which you are asked to confirm your subscription. This confirmation is necessary to avoid people subscribing with other people’s email addresses. Subscriptions to our newsletter are logged so that we can prove that the subscription process was carried out according to the legal provisions. This includes storage of the subscription and confirmation emails as well as your IP address. Furthermore, changes to your data stored with the shipping provider are logged. To subscribe to our newsletter, you only need to provide your email address. You also have the option to provide a name so that we can address you personally in our newsletter. Dispatch of our newsletter and the corresponding performance measurement are executed on the basis of your consent according to Art. 6 Para. 1 lit. a) and Art. 7 GDPR. The subscription procedure is logged on the basis of our legitimate interest according to Art. 6 Para. 1 lit. f) GDPR. Our interest is focused on employing a user-friendly and secure newsletter system which serves our business interest whilst also complying with your expectations and allowing us to prove your consent. You can unsubscribe from our newsletter, that is, revoke your consent, at any time. There is a link for unsubscribing from the newsletter at the end of every newsletter. On the basis of our legitimate interest, we may store unsubscribed email addresses for up to three years before deleting them, in order to be able to prove a formerly given consent. Processing of these data is restricted to potential defence against claims. It is possible to make an individual deletion request if you confirm that consent had previously been given.

2.6.2 Newsletter dispatch provider
The newsletter is sent with the help of email marketing provider Inxmail via Getunik Ag, Hardturmstrasse 101, 8005 Zurich. You can find the provider’s data protection regulations here: https://www.inxmail.de/datenschutz. The email marketing provider is employed on the basis of our legitimate interest according to. Art. 6 Para. 1 lit. f) GDPR and a processing contract according to Art. 28 Para. 3 (1) GDPR. The email marketing provider may use your data in pseudonymised form, i.e. without allocation to a user, in order to optimise or improve its own service, e.g. for technical improvements to the dispatch process and the newsletter’s display or for statistical purposes. The email marketing provider does not, however, use the data of our newsletter recipients to contact them itself or to pass the data on to third parties.

2.6.3 Newsletter performance measurement
Our newsletters contain a so-called web beacon, which is a file the size of one pixel that is retrieved by our server, or by our email marketing provider’s server if we use an email marketing provider, once you open the newsletter. By retrieving this file, technical information is obtained, such as information on your browser and system as well as your IP address and the time you opened the newsletter. This information is used for technical improvement of the services, that is, for adjusting the services to the technical data or to the target groups and their reading behaviour in terms of the place of access (which can be retrieved with the help of the IP address) or the time at which the newsletter is accessed. The statistical surveys also include determining whether the newsletter is opened at all, at what time it is opened, and which links are accessed. This information can be attributed to the individual newsletter recipients for technical reasons. However, neither we nor our email marketing provider, if employed, intend to monitor individual users. These analyses solely help us to identify our users’ reading habits and to adjust our content accordingly or to distribute different content according to their interests. It is, unfortunately, not possible to revoke the performance measurement separately; you can only revoke performance measurement if you cancel your entire newsletter subscription.

2.7 Hosting and email dispatch: Getunik / RaiseNow
The hosting services we use provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, email dispatch, security services as well as technical maintenance services, which we use to operate this online service. We and/or our hosting service provider process inventory data, contact data, content data, contractual data, usage data, meta and communication data of clients, interested parties and visitors to this online service on the basis of our legitimate interest in efficient and safe provision of this online service, according to Art. 6 Para 1 lit. f) GDPR, in conjunction with Art. 28 GDPR (conclusion of processing contract).

2.8 Collection of access data and log files
On the basis of our legitimate interest according to Art. 6 Para.1 lit. f) GDPR, we  and/or our hosting service provider collect data on every access to the server on which this service is hosted (so-called server log files). The access data include the name of the accessed website, the file, the date and time at which you accessed the site, the data volume transmitted, a notification about successful access, the type and version of your browser, your computer’s operating system, the referrer URL (the website from which you came), your IP address and the provider from which you visited our site. Log file information is stored for a maximum of 7 days for security reasons (e.g. to investigate misuse or fraud) and is deleted afterwards. Data which need to be stored for a longer period of time for evidence purposes are exempt from deletion until the incident has been conclusively clarified.

2.9 Integration of third-party services and contents
On the basis of our legitimate interest (i.e. interest in the analysis, optimisation and economical operation of our online service according to Art. 6 Para. 1 lit. f) GDPR), we access third-party content or service offers within our online service to integrate their content and services, e.g. videos or fonts (hereinafter collectively referred to as “content”). This requires that the third-party providers of such content read your IP address, since they cannot send content to your browser without the IP address. Your IP address is thus required to display such content. We endeavour only to use content of providers which use your IP address merely to deliver said content. Third-party providers may also use so-called pixel tags (invisible graphics, also called web beacons) for statistical or marketing purposes. By using pixel tags, the providers can analyse information such as visitor traffic on the pages of this website. This pseudonymised information may also be recorded in cookies on your device and may contain, inter alia, technical information on your browser and operating system, referring websites, time of access as well as further information on your use of our online service, and may also be linked to information of this sort from other sources.

2.9.1 Google Tag Manager
Google Tag Manager is a solution which provides us with an interface to manage so-called website tags (and thus to integrate, for instance, Google Analytics and other Google marketing services in our online service). The Tag Manager itself (which implements the tags) does not process any personal data of the users. With regard to processing personal data, we refer to the following information about services by Google. Usage guidelines: https://www.google.com/intl/de/tagmanager/use-policy.html.

2.9.2 Google Analytics
On the basis of our legitimate interest (i.e. interest in the analysis, optimisation and economical operation of our online service according to Art. 6 Para. 1 lit. f) GDPR), we use Google Analytics, a web analysis service by Google LLC (“Google”). Google uses cookies. The information that the cookie records about your use of our online service is usually transmitted to and stored on a Google server in the USA. Google is certified under the Privacy Shield Framework and thus guarantees compliance with the European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). Google will use the above-mentioned information on our behalf to analyse visitors’ use of our online service, to compile reports on the activities within our online service, and to provide us with further services related to the use of this online service and the internet. This may include the creation of pseudonymised usage profiles on the basis of the processed data. We only use Google Analytics with active IP anonymisation. This means that Google truncates your IP address within EU member states or in other contracting member states of the European Economic Area. Only in exceptional cases will your complete IP address be transmitted to a Google server in the USA and be truncated there. Google does not merge the IP address transmitted by your browser with any other data. You can prevent storage of cookies by setting the corresponding preferences in your browser software. You can also refuse transmission of the data relating to your use of our online service, which are collected by the cookie, to Google as well as processing of these data by Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de. You can find further information on data use by Google, as well as settings and opt-out options, in Google’s privacy policy (https://policies.google.com/technologies/ads) and in Google’s ads settings (https://adssettings.google.com/authenticated). Your personal data are deleted or anonymised after 14 months.

2.9.3 Google Universal Analytics
We use Google Analytics in the Universal Analytics version. Universal Analytics is a version of Google Analytics which conducts user analysis on the basis of pseudonymised user IDs and thus creates a pseudonymised user profile with information from your use of different devices (so-called cross-device tracking).

2.9.4 Audience targeting with Google Analytics
We use Google Analytics to display the ads we place through web services provided by Google and its partners only to those users who have shown interest in our online services or whose profiles have certain characteristics (e.g. interest in certain topics or products, which is deduced from the websites they visited), which we transmit to Google (so-called Remarketing Audiences or  Google Analytics Audiences). With the help of Remarketing Audiences, we would also like to ensure that our ads correspond to your potential interests.

2.9.5 Google Ads and Conversion Tracking
On the basis of our legitimate interest (i.e. interest in the analysis, optimisation and economical operation of our online service according to Art. 6 Para. 1 lit. f) GDPR), we use the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”). Google is certified under the Privacy Shield Framework and thus guarantees compliance with the European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). We use the online marketing tool Google AdWords to place ads in Google’s ad network (e.g. in search results and videos, on websites etc.), so that they are displayed to those users who have a potential interest in these ads. This allows us to display ads for and within our online service in a more targeted fashion and to show you only those ads that potentially correspond to your interests. If you are shown ads for products which you have been looking at on other online services, for instance, this is called Remarketing. For this purpose, Google runs a code when you access our website and other websites on which the Google ad network is active and integrates so-called (re)marketing tags (invisible graphics or code, also called web beacons) in the website. With the help of these tags, a cookie (a small file) is installed on your device (comparable technologies may be used instead of cookies). This file records which websites you visited, which content you were interested in and on which offers you clicked, as well as technical information on your browser and operating system, referring websites, time of access and further information on your use of our online service. Moreover, we receive an individual conversion cookie. This cookie provides Google with information to compile conversion statistics for us. However, we only receive the anonymous total number of users who clicked our ad and were referred to a site with a conversion tracking tag. We do not receive any information that would allow us to identify individual users personally. User data are processed in pseudonymised form within the Google ad network. This means that Google does not record or process information such as your name or email address but processes relevant data from cookies within pseudonymised user profiles. This furthermore means that from Google’s viewpoint, ads are not managed and displayed for an identified, concrete person but for a cookie owner, irrespective of who this cookie owner is. This does not apply if you expressly allow Google to process your data without this pseudonymisation. The collected user data are transmitted to Google and are stored on Google’s servers in the USA. You can find further information on data use by Google, as well as settings and opt-out options, in Google’s privacy policy (https://policies.google.com/technologies/ads) and in Google’s ads settings (https://adssettings.google.com/authenticated).

2.9.6 Facebook Pixel, Custom Audiences and Facebook Conversion
Based on our legitimate interest in and for the purpose of analysis, optimisation and economical operation of our online service, we employ within our online service the so-called Facebook pixel of the social network Facebook, operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are resident in the EU, by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter “Facebook”). Facebook is certified under the Privacy Shield Framework and thus guarantees compliance with the European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active). With the help of the Facebook pixel, Facebook can add the visitors of our online service to certain target groups for ad display (so-called Facebook Ads). Accordingly, we use the Facebook pixel to display our Facebook ads only to those Facebook users who have shown interest in our online service or whose profiles have certain characteristics (e.g. interest in certain topics or products, as deduced from the websites they visited), which we transmit to Facebook (so-called Custom Audiences). With the help of the Facebook pixel, we would also like to ensure that our Facebook ads correspond to your potential interests and do not annoy you. The Facebook pixel furthermore helps us to trace the effect of Facebook ads for statistical and market analysis purposes by telling us whether you were referred to our website after clicking on a Facebook ad (so-called Conversion). Data processing by Facebook is based on Facebook’s data policy. You can find the corresponding general information about the display of Facebook ads in Facebook’s data policy: https://www.facebook.com/policy.php. Detailed information on the Facebook pixel and its function is available in Facebook’s help section: https://www.facebook.com/business/help/651294705016616. You can refuse data collection by the Facebook pixel and use of your data for the display of Facebook ads. To set your preferences regarding the types of ads displayed within Facebook, you can go to the Facebook settings site and follow the instructions on setting your preferences for usage-based ads: https://www.facebook.com/settings?tab=ads. These preferences are set independently of the platform used, i.e. they are adopted for all your devices such as desktop computers and mobile devices.

2.9.7 YouTube
We integrate videos from the platform YouTube by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, into our online service. Privacy policy: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.

2.9.8 Facebook social plugins
On the basis of our legitimate interest (i.e. interest in the analysis, optimisation and economical operation of our online service according to Art. 6 Para. 1 lit. f) GDPR), we use social plugins (“plugins”) from the social network facebook.com, operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). These plugins can display interaction elements or content (e.g. videos, graphics or texts), and you can recognise them by one of the Facebook logos (a white “f” in a blue square, the expression “like” or the “thumbs up” sign) or by the labelling “Facebook Social Plugin”. You can find a list of the Facebook social plugins including their appearance here: https://developers.facebook.com/docs/plugins/. Facebook is certified under the Privacy Shield Framework and thus guarantees compliance with the European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active). If you access a function of this online service that contains such a plugin, your device establishes a direct connection to the Facebook servers. The content of the plugin is directly transmitted to your device, and your device integrates it in the online service. This may include the creation of a pseudonymised usage profile on the basis of the processed data. We do not have any influence over the amount of data that Facebook collects with the help of this plugin and thus inform you in accordance with our level of knowledge. By integrating the plugins, Facebook receives the information that you accessed the corresponding site of our online service. If you are logged into Facebook, Facebook can link your visit of our website to your Facebook account. If you interact with plugins, for example by clicking the like button or leaving a comment, the corresponding information is transmitted directly to Facebook by your device and is recorded there. Even if you are not a Facebook member, Facebook may find out your IP address and record it. According to Facebook, Facebook only records anonymised IP addresses in Germany. You can read more about the purpose and extent of data collection as well as further processing and usage of data by Facebook and about the corresponding rights and settings options regarding protection of your privacy in Facebook’s privacy policy: https://www.facebook.com/about/privacy/. If you are a member of Facebook and do not want Facebook to collect data about you via this online service and to link it to your account data recorded with Facebook, you need to log out of Facebook before you access our online service and delete your cookies. You can set further preferences and opt out of data usage for advertising purposes in your Facebook account settings: https://www.facebook.com/settings?tab=ads or via the US site http://www.aboutads.info/choices/, or on the EU site http://www.youronlinechoices.com/. These preferences are set independently of the platform used, i.e. they are adopted for all your devices such as desktop computers and mobile devices.

2.9.9 Twitter
Functions and content of the service Twitter, operated by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, may be integrated in our online service. This may include, for example, content such as images, videos, texts and buttons with which users can share content from this online service on Twitter. If you are a member of the Twitter platform, Twitter can link your use of the above-mentioned content and functions to your Twitter profile. Twitter is certified under the Privacy Shield Framework and thus guarantees compliance with with the European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active). Privacy policy: https://twitter.com/de/privacy, opt-out: https://twitter.com/de/privacy.

2.9.9 Instagram
Functions and content of the service Instagram, operated by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA, may be integrated in our online service. This may include, for example, content such as images, videos, texts and buttons with which users can share content from this online service on Instagram. If you are a member of the Instagram platform, Instagram can link your use of the above-mentioned content and functions to your Instagram profile. Instagram’s privacy policy: http://instagram.com/about/legal/privacy/.

2.9.11 LinkedIn
Functions and content of the service LinkedIn, operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, may be integrated in our online service. This may include, for example, content such as images, videos, texts and buttons with which users can share content from this online service on LinkedIn. If you are a member of the LinkedIn platform, LinkedIn can link your use of the above-mentioned content and functions to your LinkedIn profile. LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy. LinkedIn is certified under the Privacy Shield Framework and thus guarantees compliance with the European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active). Privacy policy: https://www.linkedin.com/legal/privacy-policy, opt-out: https://twitter.com/de/privacy.

3. Business-related data processing outside our website
In addition, we process:
– Contractual data (e.g. contractual object, term, client category),
– payment data (e.g. bank details, payment history)

of our clients, interested parties and business partners, for the purpose of performing contractual services, service and customer care, marketing, advertising and market analysis.

3.1 External payment service providers
We employ external payment service providers via whose platforms we and our users can make payment transactions. These include, for example, the following (links to each platform’s privacy policy provided in brackets): Paypal (https://www.paypal.com/de/webapps/mpp/ua/privacy-full),

Klarna (https://www.klarna.com/de/datenschutz/),

Skrill (https://www.skrill.com/de/fusszeile/datenschutzrichtlinie/),

Giropay (https://www.giropay.de/rechtliches/datenschutz-agb/),

Visa (https://www.visa.de/datenschutz),
Mastercard (https://www.mastercard.de/de-de/datenschutz.html),

American Express (https://www.americanexpress.com/de/content/privacy-policy-statement.html).

We employ the payment service providers on the basis of Art. 6 Para. 1 lit. b) GDPR as part of the performance of contracts. We furthermore use external payment service providers based on our legitimate interest according to Art. 6 Para. 1 lit. f) GDPR to offer our users effective and secure payment options.
The data processed by the payment service providers include inventory data, e.g. your name and address, bank data, e.g. your account number or credit card number, passwords, TANs and verifications codes, as well as information relating to the contract, amount and recipient. This information is required to carry out the transactions. The data you enter are, however, processed and recorded only by the payment service provider. This means that we do not receive any information relating to your bank account or credit card; we only receive a confirmation or disconfirmation of your payment. It is possible that your data are transmitted to credit agencies by the payment service provider. This is done for identity and credit checking purposes. For more information on this procedure, we refer you to the terms and conditions of the respective payment service provider. The payment transactions are subject to the respective payment service provider’s terms and conditions available on the corresponding websites or transaction applications. We also refer you to said terms and conditions for further information and for asserting your right of revocation, right to information and other data subject rights.

3.2 Administration, accounting, office organisation, contact management
Accounting and compliance with statutory duties such as archiving. Here we process the same data as for the performance of our contractual duties. Data processing is based on Art. 6 Para. 1 lit. c) and Art. 6 Para. 1 lit. f) GDPR. Data processing relates to our clients, interested parties, business partners and visitors to our website. The purpose of and interest in processing these data lie in administration, accounting, office organisation, data storage, i.e. processes that contribute to maintaining our business activities, performing our duties and providing our services. We delete the data relating to contractual services and contractual communication as per the information given for these processing activities. We disclose or transmit data to fiscal authorities, consultants such as accountants or auditors as well as further payment authorities and payment service providers. We furthermore store information on suppliers, event organisers and other business partners on the basis of business interests, for example, in order to contact them later on. We generally store these predominantly company-related data on a permanent basis.

3.3 Business and market analyses
In order to operate our business economically and to comprehend market tendencies as well as our contractual partners’ and users’ wishes, we analyse the data available to us relating to business transactions, contracts, inquiries etc. We process inventory data, communication data, contractual data, payment data, usage data and meta data for this, on the basis of Art. 6 Para. 1 lit. f) GDPR; the persons affected include contractual partners, interested parties, clients, visitors and users of our online service. The purpose of these analyses is business assessment, marketing and market analysis. We can use recorded user profiles for this, extracting information on the services obtained, for instance. These analyses help us to improve the user-friendliness of our service, and to optimise our service and its economic efficiency. These analyses are only used by us and are not disclosed to third parties unless the analyses are anonymous and merely contain condensed values. If these analyses or profiles are person-related, they are deleted or anonymised upon the user’s cancellation or else two years after conclusion of the contract. In general, overall business assessments and analyses of general trends are carried out on an anonymous basis if possible.

3.4 Performance of our statutory and commercial services
We process the data of our members, supporters, interested parties, clients or other persons according to Art. 6 Para. 1 lit. b) GDPR if we offer contractual services to these persons or if we take action within established business relationships, e.g. towards members, or if we receive services and contributions ourselves. Furthermore, we process data subjects’ data according to Art. 6 Para 1. lit f) GDPR on the basis of our legitimate interest, for example, where administrative work or public relations are concerned. The data processed in this way as well as their nature, scope, purpose and the necessity to process said data depend on the underlying contractual relationship. This generally includes inventory and master data of the persons concerned (e.g. name, address, etc.), contact details (e.g. email address, phone number etc.), contractual data (e.g. services obtained, content and information communicated, names of contact persons) and payment data (e.g. bank details, payment history etc.) where we offer paid services or products. We delete data that are no longer required for the performance of our statutory and commercial services. This is determined by the corresponding process as well as by the contractual relationship. In the case of commercial processing, we keep the data as long as they may be relevant for business processing and in view of potential guarantee or liability obligations. The necessity to store these data is checked every three years; otherwise, the statutory storage obligations apply.

4. Online presence in social media

We maintain online presences within social networks and on platforms to communicate with our clients, interested parties and users who are active there and to inform them about our services. If you access the networks and platforms, the terms and conditions as well as the data handling policies of the respective providers apply. Unless stated otherwise in our privacy policy, we process your user data if you communicate with us within social networks and on platforms, e.g. if you post on our online presences or send us messages.

5. Collaboration with processors and third parties

If we disclose or transmit your data to third persons and companies (processors or third parties) within our processing procedures or grant them access to your data otherwise, this is carried out solely on the basis of legal authorisation (e.g. if the transfer of data to third parties such as payment service providers is necessary for the performance of a contract according to Art. 6 Para. 1 lit b) GDPR), if you have given your consent, if a legal provision stipulates this, or on the basis of our legitimate interest (e.g. if we employ representatives, web hosts etc.). If we contract third parties to process data based on a so-called processing contract, this is based on Art. 28 GDPR.

5.1Third-party cookies and integration of tracking: Capture Media AG Tracking
The tracking script of Capture Media AG (hereinafter “Capture”) is integrated in this website. The tracking script by Capture measures and analyses user interactions on our website in anonymous form. These user interactions include sessions, time spent on our website, clicks, hovers, scroll depth, element visibility and other engagements. The integration of the tracking script fulfils our economic interest in the optimisation of our website and media purchasing for advertisement campaigns. Capture records all interaction data in anonymous form. This means that Capture cannot link the data collected to specific persons. Privacy policy and cancellation policy: http://capturemedia.ch/data-protection/20180509_savethechildren_de/

5.1.1 Tracking with fusedeck
This Website uses “fusedeck”, a tracking solution provided by Capture Media AG (hereinafter referred to as “Capture Media”). Capture Media is a Swiss company having its registered office in Zurich which, on behalf of its customers, measures website usage in the context of engagements and events. Tracking is anonymous so that it is impossible to attribute any information gained to any identified or identifiable persons. For more information on data protection and the rights which data subjects have in connection with “fusedeck”, including their right to “opt out” (right to object), please refer to the Privacy Policy and the Information on the Right to Object. https://privacy.fusedeck.net/en/i0mbf7sSBV

6. Transfer to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs due to our employment of third-party services or disclosure and/or transmission of data to third parties, this only happens if it is carried out for the performance of our (pre)contractual obligations, based on your consent, due to a legal requirement or based on our legitimate interest. Subject to legal or contractual permissions, we only process data, or have them processed, in third countries if special conditions according to Art. 44 et seq. GDPR apply. This means that the data are processed, for example, on the basis of special guarantees such as the officially recognised establishment of an EU-appropriate level of data protection (e.g. for the USA by the Privacy Shield) or considering officially recognised special contractual obligations (so-called standard contractual clauses).

7. Security measures
In accordance with Art. 32 GDPR and taking into account the state of the art, the cost of implementation, the nature, scope, context and purposes of processing as well as the risks of varying likelihoods and severity for the rights and freedoms of natural persons, we implement appropriate technical and organisational measures to provide a level of protection that is appropriate for the risk. These measures include, in particular, safeguarding confidentiality, integrity and availability of data by controlling physical access to the data as well as controlling access, input, and transfer of said data, securing data availability, and the separation of data. Moreover, we have established procedures to guarantee that data subjects can exercise their rights, that data are deleted and that we can react if data are at risk. We furthermore consider the protection of personal data already when developing or choosing hardware, software and procedures, according to the principle of data protection by technical design and by privacy-friendly default settings (Art. 25 GDPR).

8. Deletion of data
The data we process are deleted or their processing is limited in accordance with Art. 17 and Art. 18 GDPR. Unless explicitly stated otherwise in this data protection policy, we delete the data recorded once they cease to be required for their intended purpose and if no statutory storage obligations apply which contradict their deletion. If the data are not deleted because they are required for other, legally permissible purposes, their processing is restricted. This means that the data are locked and are not processed for other purposes. This applies, for instance, to data which need to be stored for commercial or fiscal reasons.

9. Rights of the data subjects
You have the right to obtain confirmation as to whether your personal data are being processed and to obtain information on these data as well as further information and a copy of the data according to Art. 15 GDPR. According to Art. 16 GDPR, you have the right to demand completion of incomplete personal data or rectification of inaccurate personal data. In accordance with Art. 17 GDPR, you have the right to obtain immediate erasure of your personal data, or alternatively, in accordance with Art. 18 GDPR, to obtain restriction of processing. You have the right to receive your personal data which you have made available to us according to Art. 20 GDPR and to demand transmission of these data to other controllers. You furthermore have the right to lodge a complaint with a supervising authority according to Art. 77 GDPR.

9.1 Withdrawal of consent
You have the right to withdraw your given consent according to Art. 7 Para. 3 GDPR, taking effect for future processing.

9.2 Right to object
You can object future processing of your personal data at any time, according to Art. 21 GDPR. In particular, you have the right to object to processing for direct marketing purposes.

Last update: December 2019