Privacy Policy

Privacy Policy of the Natural Health Swiss Foundation

The protection of your privacy when processing personal data and the security of all personal data are important concerns for us. With this data protection declaration, we inform you about which data we process from you, what we need this data for and how you can object to data processing.

This is not an exhaustive description; other data protection declarations may regulate specific issues. Personal data is understood to mean all information that relates to a specific or identifiable person.

This data protection declaration is designed to meet the requirements of the EU General Data Protection Regulation (« GDPR ») and the Swiss Data Protection Act (« DSG »). However, whether and to what extent these laws are applicable depends on the individual case.

We only collect, process and store personal data in accordance with the statutory provisions.

What personal data do we collect and process?
We primarily process the personal data that we receive from our customers and other business partners as part of our business relationship with them and other people involved in it, or that we collect from users when operating our websites, apps and other applications.

To the extent permitted, we also obtain certain data from publicly accessible sources (e.g. debt collection registers, land registers, commercial registers, press, Internet) or receive such data from authorities and other third parties (such as address dealers). In addition to the data you provide to us directly, the categories of personal data that we receive about you from third parties include, in particular, information from public registers, information that we learn in connection with official and judicial proceedings, information in connection with your professional functions and activities (so that we can, for example, conclude and process business with your employer with your help), information about you in correspondence and meetings with third parties, credit reports (if we conduct business with you personally), information about you that people from your environment (family, advisors, legal representatives, etc.) give us so that we can conclude or process contracts with you or with your involvement (e.g. references, your address for deliveries, powers of attorney, information on compliance with legal requirements such as anti-money laundering and export restrictions, information from banks, insurance companies, sales and other contractual partners of ours regarding the use or provision of services by you (e.g. payments made, purchases made)), information from the media and the Internet about you (if this is appropriate in the specific case, e.g. as part of an application, press review, marketing/sales, etc.), your addresses and, if applicable, interests and other socio-demographic data (for marketing), data in connection with the use of the website (e.g. IP address, MAC address of the smartphone or computer, information about your device and settings, cookies, date and time of visit, pages and content accessed, functions used, referring website, location information).

Purposes of data processing and legal bases
We use the personal data we collect primarily to conclude and process our contracts with our customers and business partners, in particular in the context of our funding projects and services from our suppliers and subcontractors, as well as to comply with our legal obligations at home and abroad. If you work for such a customer or business partner, you and your personal data may of course also be affected in this capacity.

In addition, we process personal data from you and other people, as far as permitted and we deem it appropriate, for the following purposes in which we (and sometimes third parties) have a legitimate interest corresponding to the purpose:

  • Offering and further developing our offers, services and websites, apps and other platforms on which we are present;
  • Communication with third parties and processing their enquiries (e.g. applications, media enquiries);
  • Testing and optimizing procedures for needs analysis for the purpose of directly addressing customers and collecting personal data from publicly accessible sources for the purpose of customer acquisition;
  • Advertising and marketing (including holding events), provided you have not objected to the use of your data (if we send you advertising as an existing customer, you can object to this at any time; we will then put you on a block list against further advertising mailings);
  • Market and opinion research, media monitoring;
  • Asserting legal claims and defending in connection with legal disputes and regulatory proceedings;
  • Prevention and investigation of criminal offenses and other misconduct (e.g. conducting internal investigations, data analyses to combat fraud);
  • Ensuring our operations, in particular IT, our websites, apps and other platforms;
  • Measures for IT, building and facility security and protection of our employees and other persons and assets belonging to us or entrusted to us (such as access controls, visitor lists, network and email scanners, telephone recordings).

If you have given us your consent to process your personal data for certain purposes (for example, when you register to receive newsletters or conduct a background check), we will process your personal data within the scope of and based on this consent, unless we have another legal basis and we require one. Consent given can be revoked at any time, but this will not affect data processing that has already taken place.

Do we pass on your personal data?
We will only pass on your personal data to other third parties if we are legally entitled to do so or if you have given us your consent. This is the case, for example, if we have mail sent by third parties, e.g. printing companies. If data is disclosed abroad, we ensure that we comply with the relevant legal requirements (ensuring appropriate protection).

External service providers who process data on our behalf are strictly bound by contract in accordance with the Federal Data Protection Act. We have ensured that the external service ­providers are able to guarantee data security. They may only transfer the processing of personal data to a third party with our prior approval.

If a recipient is located in a country without adequate legal data protection, we will contractually oblige the recipient to comply with the applicable data protection (for this purpose we use the revised standard contractual clauses of the European Commission, which can be accessed here: https://eur-lex.europa.eu ), unless the recipient is already subject to a legally recognized set of rules to ensure data protection and we cannot rely on an exception. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interests or if the execution of a contract requires such disclosure, if you have consented or if the data concerned has been made generally accessible by you and you have not objected to its processing.

How long do we store your personal data?
We process and store your personal data as long as it is necessary to fulfill our contractual and legal obligations or for the purposes pursued with the processing, i.e. for example for the duration of the entire business relationship (from initiation and processing to termination of a contract) and beyond that in accordance with the statutory retention and documentation obligations. It is possible that personal data will be stored for the period in which claims can be asserted against our company and insofar as we are otherwise legally obliged to do so or legitimate business interests require it (e.g. for evidence and documentation purposes). As soon as your personal data is no longer required for the purposes stated above, it will generally be deleted or anonymized as far as possible. For operational data (e.g. system protocols, logs), shorter retention periods of twelve months or less generally apply.

What data is processed when you use our website?
In principle, you can visit our website without having to provide any personal information. When you visit our website, our servers temporarily save each access in a log ­file. The following technical data is recorded and stored by us until it is automatically deleted after seven months at the latest:

  • Date and time of access
  • Internet site from which access was made, possibly with search term used
  • Name and URL of the retrieved file
  • carried out Search queries
  • the operating system of your computer (provided by the user agent)
  • Browser you use (provided by the user agent)
  • Device type in case of access via mobile phones
  • used Transmission protocol

The collection and processing of this data serves to ensure system security and stability, for error and performance analysis and for internal statistical purposes, and enables us to optimize our Internet offering. The IP address is also used to preset the language of the website. Finally, when you visit our website, we use cookies as well as applications and tools that are based on the use of cookies. You can find more information about this in the following chapter.

What are cookies and when are they used?
Cookies are small text files that are stored on your computer when you visit our website. When you visit the page again, your browser sends the content of the cookies back to us, enabling us to recognize your device. Reading cookies enables us to optimize our website for you and make it easier for you to use. If you decide not to accept cookies, you can deactivate and delete all cookies in your browser at any time. Please refer to ­your browser’s help functions for more information. However, deactivating cookies can mean that certain functions on our website are no longer available to you. If you use a different browser or device, you must deactivate or delete them again.

You can also manage and deactivate the use of cookies by third parties via the following website: http://www.youronlinechoices.com/de/praferenzmanagement . This website is not operated by us, so we are not responsible and have no influence on its content and availability.

How are tracking tools used?
We need statistical information about the use of our online offering (especially the website) in order to make it more user-friendly, to measure reach ­and to conduct market research. For this purpose, we use web analysis tools, in particular Google Analytics. The usage profiles created by these tools using analysis cookies are not merged with personal data. The tools either do not use users’ IP addresses at all or shorten them immediately after they are collected.

In addition to the data listed above (see “What data is processed when you use our website?”), we receive the following information:

  • Navigation path that a visitor takes on the website
  • Length of stay on the website or subpage
  • Subpage on which the website is left
  • Country, region or city from which access is made
  • Device (type, version, color depth, resolution, width and height of the browser window)
  • recurring or newer Visitors

The information is used to evaluate the use of the website. If you want to deactivate Google Analytics, you can find the appropriate browser add-on at http://tools.google.com/dlpage/gaoptout?hl=de . As explained in the previous chapter, you can prevent the creation of usage profiles altogether by generally deactivating the use of cookies.

Use of social media
On our website you will find links or plug-ins to various social networks (such as Facebook, Twitter, LinkedIn, Google+, Xing, etc.). Clicking on the links opens the corresponding social media pages, for which this data protection declaration does not apply. For details on the provisions applicable there, please refer to the corresponding data protection declarations on the websites of the individual providers.

Before calling up the corresponding link or plug-in, no personal information is transmitted to the respective providers. Your access to the linked page also forms the basis for data processing by the respective providers. We have no influence on the data processing procedures, nor are we aware of the full extent of the data collection, the purposes of the processing and the storage periods. We also have no information on the deletion of data by the plug-in providers.

What rights do you have in relation to your personal data?
Within the scope of the data protection law applicable to you and to the extent provided for therein (such as in the case of the GDPR), you have the right to information, rectification, erasure, the right to restrict data processing and otherwise to object to our data processing, in particular that for the purposes of direct marketing, profiling for direct advertising and other legitimate interests in processing as well as to the release of certain personal data for the purpose of transferring it to another location (so-called data portability). Please note, however, that we reserve the right to assert the restrictions provided for by law, for example if we are obliged to store or process certain data, have an overriding interest in doing so (insofar as we are entitled to rely on it) or need it to assert claims. If you incur costs, we will inform you in advance. If you have given us your consent to process your data, you can revoke this at any time with effect for the future.

Please note that exercising these rights may conflict with contractual agreements and may result in consequences such as early termination of the contract or cost implications. We will inform you in advance of this, unless this has already been agreed in the contract.

Exercising such rights generally requires that you clearly prove your identity (e.g. by providing a copy of your ID card if your identity is otherwise not clear or cannot be verified). To assert your rights, you can contact us at the address provided under “Contact”.

Every person affected also has the right to enforce their claims in court or to lodge a complaint with the relevant data protection authority. The relevant data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).

Obligation to provide personal data
As part of our business relationship, you must provide the personal data that is required to establish and conduct a business relationship and to fulfil the associated contractual obligations (you generally have no legal obligation to provide us with data). Without this data, we will generally not be able to conclude or process a contract with you (or the body or person you represent). The website cannot be used if certain information to ensure data traffic (such as IP address) is not disclosed.

Data security
We use suitable technical and organizational security measures to ­protect your personal data stored with us against manipulation, partial or complete loss and against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

Changes to this privacy statement
We reserve the right to change and supplement this statement at any time at our sole discretion and in accordance with data protection legislation. Please consult this statement regularly.

Data protection responsibility / Contact
If you have any questions about your rights with regard to your personal data or any other related concerns, please contact the following address:

Natural Health Swiss Foundation
Foundation board
contact@nhsf.ch

May 2024