Protecting your personal data is very important to us and the responsibility of all Helvetas staff; this applies to employees as well as volunteers. Helvetas does not trade in addresses, nor does it rent, sell or exchange any personal data. Helvetas observes the applicable data protection provisions, in particular the Federal Data Protection Act and the General Data Protection Regulation. Moreover, Helvetas complies with the ZEWO Standards and the Ethical Guidelines for Fundraising as defined by Swissfundraising, the Swiss association of fundraisers.
1. When do we collect personal data?
We collect personal data as part of our commitment to development cooperation in order to conclude contracts with our customers, donors, sponsors and business partners, and comply with the resulting obligations. If you work for a customer or business partner of Helvetas, your personal data may be collected in connection with your role.
We collect your personal data when we are in contact with you or you visit our website. There are many situations in which we have contact with you. This includes the following circumstances in particular:
- You support Helvetas with a donation;
- You sign up for a newsletter;
- You take part in a Helvetas event or contact Helvetas at third-party events;
- You commission Helvetas or use a service;
- You take part in a competition or prize draw;
- You use or communicate with us or third parties via our websites, apps for mobile devices or offerings on Internet platforms, multimedia portals or social networks;
- You communicate with us by telephone, fax, email, voice messaging, text messaging (SMS), image messaging (MMS), video messaging or instant messaging;
- You take part in one of our market research events or opinion surveys.
2. What personal data do we collect?
We collect personal data which you provide to us or which are automatically generated or manually recorded when you contact Helvetas.
- First name and last name;
- Residential address, postcode; city;
- Date of birth and age;
- Household size or other household members;
- Purchasing habits;
- Information on purchasing power or creditworthiness;
- Customer and purchase preferences;
- Delivery address;
- Billing address;
- Credit card, debit card and account information;
- Language preferences;
- Telephone number(s);
- Email address(es);
- Information on subscribed newsletters or other advertising;
- Consent for receiving advertising;
- Online customer/donation account information (including opening date, user names, profile images);
- Memberships, sponsorships, pledges for regular donations;
- Photo and video recordings when participating in events.
- Contract data (such as contract date, contract type, contract content; contract partners, contract term, contract value; payment method, asserted claims from the contract);
- Donation information (including donation date, place and time; type, quantity and value of donation made; payment methods used; paying agent; donation history);
- Customer service information (including complaints);
- Data related to visiting our websites, apps for mobile devices or offerings on Internet platforms, multimedia portals or social media (including the length and frequency of visits, language and country settings, information on browser and computer operating system, Internet protocol addresses, search terms and search results; ratings submitted);
- Communication by telephone, fax, email, voice messaging, text messaging (SMS), image messaging (MMS), video messaging or instant messaging.
3. Why do we process personal data?
We process personal data for the purpose stated when collecting the data (see chapter 1). Furthermore, we process personal data for fundraising, to the extent this is permissible and we consider appropriate, and when fundraising relates to the following reasons in which we have a legitimate interest or where we have acquired your prior consent:
Processing purposes in connection with communication
- Provision, administration and execution of donation and customer communication by post and via electronic means of communication;
- Commercial communication by post and telephone, fax, email, voice messaging, text messaging (SMS), image messaging (MMS), video messaging or instant messaging;
- Analysis of the use of our offers via telephone, fax, email, voice messaging, text messaging (SMS), image messaging (MMS) or instant messaging, including: type of use, frequency and duration of use, exact location of use.
Processing purposes in connection with special activities and events
- Organisation and execution of competitions or prize draws, including notification and publication of winners via our websites, apps for mobile devices or our offerings on Internet platforms, multimedia portals or social networks;
- Organisation and execution of events.
Processing purposes in connection with behavior analysis
- We optimize the product range by recording and analyzing the historical and current donation in an individualized and personal, but also anonymous and group-related (i) manner. When you use the offers on our websites, on apps for mobile devices or on Internet platforms, multimedia portals or social networks, we also record these data and analyze them in order to improve our communication. (ii) We identify, classify and analyse current and potential donation needs as well as donation interests, and (iii) we categorize donation behaviour as well as donation potential and analyze these data for the purpose of optimizing our offers;
- We statistically analyze donation behavior;
- We combine the newly collected personal data about your identity with the data we already collected in the past;
- We combine personal data that we have collected with publicly accessible data, such that we are able to more effectively align our data basis and the analysis of donation behavior to you. The enrichment of profiles with third-party data includes: missing address and contact data (such as telephone numbers), data from the Federal Statistical Office, calendar data or geodata.
- Where you have given your consent, we process your personal data partially automatically, such that we can analyze individual personal aspects (profiling). We use profiling in particular to inform and advise you about products in a targeted manner. In this connection, we use analysis instruments which enable us to engage in needs-based communication and advertising including market and opinion research.
- As a rule, we do not use any fully automatic decision-making systems, neither to establish nor execute commercial relations. In the event that we use such procedures in individual cases, we will specifically inform you accordingly and request your prior consent, insofar as this is prescribed by law, and we will explain the associated rights to you.
Processing purposes in connection with direct marketing
- Processes – such as for donations or bookings – are simplified. We can use insights from analysing donation and customer behaviour in order to continually improve all donation and service offers;
- Insights obtained from analysing customer behavior enable individualized and personalised contact and help to prevent unnecessary advertising;
- Sending of individualized and personalized advertising by post and telephone, fax, email, voice messaging, text messaging (SMS), image messaging (MMS), video messaging or instant messaging;
- Individualized and personalized adjustment of offers as well as advertising on our websites, apps for mobile devices or for our channels on Internet platforms, multimedia portals or social networks.
4. How do we protect personal data?
We have technical and organizational security procedures to maintain the security of personal data and protect personal data from unauthorized or unlawful processing and/or against unintentional loss, alteration, disclosure or access. These comply with the security standards laid out in the appropriate legislation such as the GDPR or Swiss Federal Data Protection Act.
5. How long do we retain data?
We process and store personal data for as long as necessary for the fulfilment of our contractual and statutory duties or as required for processing in accordance with the pursued purposes; for example, for as long as the entire commercial relationship lasts (from initiation and processing to the completion of a contract); or additionally, if this is required by statutory retention and documentation obligations. In this connection, it is possible that personal data are retained for the period in which claims may be asserted against our organisation and for as long as we are otherwise legally obliged or such retention is necessitated by legitimate commercial interests (such as for verification and documentation purposes). Data collected for performance analysis purposes is anonymized and kept in aggregate for as long as required to perform longitudinal analysis. Data collected with your consent for marketing purposes is kept for as long as is required to perform the marketing activities for which we have received your consent. As soon as we no longer need personal data for the above-mentioned purposes, they will generally be deleted or anonymized, where possible.
6. What rights do you have in connection with your personal data?
In connection with data protection law applicable to you and, to the extent prescribed therein, you have the right to information, correction, deletion, restriction of data processing and to object against our data processing. Insofar as the European General Data Protection Regulation applies, you also have the right to have your personal data transferred to another organization (data portability). However, please note that we reserve the right on our part to assert the legally prescribed limitations, such as if we are obliged to retain or process certain data, we have a prevailing interest in the data (to the extent we may invoke this provision) or we require these data to assert claims. In the event that costs are incurred to you, we will inform you in advance. Please also note that the exercise of these rights may be opposed by contractual agreements and may result in consequences such as premature termination of contract. In such cases, we will inform you in advance unless this is already contractually regulated.
In order that you can exercise such rights, you are generally required to unequivocally verify your identity (such as by presenting a copy of your identification if your identity is unclear or cannot be verified).
Each data subject also has the right to assert their claims in court or to lodge a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (https://www.edoeb.admin.ch/edoeb/en/home.html).
Insofar as you have provided your consent for us to process your personal data for certain purposes (for example, if you signed up for a newsletter or consented to personalized advertising), we will process your personal data in accordance with, and based on, this consent, provided that we have no other legal basis for processing and require such consent. Granted consent may be revoked at any time. However, this will have no effect on any previous data processing.
7. How can you contact us?
If you would like to assert your rights related to your personal data or have questions or concerns with respect to the processing of your personal data, you can contact us as follows: firstname.lastname@example.org. We will respond to your questions or concerns within a reasonable period upon receipt.
8. What personal data do we share with third parties?
In connection with our commercial activities and purposes, we also pass on personal data to third parties, to the extent this is permitted and we deem appropriate. This is either because they process these data on our behalf or they require these data for their own purposes. This concerns the following organizations in particular:
- Service providers commissioned by us to process your data (such as banks, insurers, collection agencies, printers, distribution partners, logistics companies or payment platforms including RaiseNow);
- Public authorities, administrations or courts;
For the most part, these organizations are based in Switzerland or in the Member States of the European Union (EU) or the European Economic Area (EEA). Data may be transferred outside of Switzerland and the EU. When this happens it may be sent to a country with equivalent data protections as judged in an adequacy decision made by the appropriate data authority.
When we wish to transmit data to a country which does not have an appropriate statutory level of data protection, we ensure a suitable level of protection as legally prescribed with corresponding contracts or apply legal exemptions, or request your consent prior to transmission.
9. Email campaigns and e-news
Helvetas provides information by email on current issues, fundraising campaigns and invites for events. We will only send you our Helvetas e-news if you have given us your consent (such as on the website or by participating in a competition). You have the option to unsubscribe from Helvetas e-news at any time, either using the unsubscribe link contained in each e-news dispatch or sending an email to email@example.com.
To the extent permitted, we sometimes integrate in our newsletters and other marketing emails visible and invisible image elements which, when accessed from our servers, enables us to tell whether and when the email was opened. This allows us to analyze whether our communication is read and is relevant to you. You can block this function in your email program.
10. Cookies/tracking and other technologies in connection with your use of our website
10.1. About Cookies
A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
Cookies may be either "persistent" cookies or "session" cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
10.2. Cookies that we use
For details on the individual cookies we use please see our Cookie Notice.
10.3. Cookies used by our service providers
For details on the individual cookies we use please see our Cookie Notice.
10.4. Managing Cookies
Cookies are broken down into several types based on the reason they are being set. Unless a cookie is “strictly necessary” for the operation of our website it will not be set without your consent. You can manage your consent via the Cookie Preference Centre on our site. This can be opened be clicking here:
Additionally, most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:
(a) https://support.google.com/chrome/answer/95647?hl=en (Chrome);
(d) https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies (Internet Explorer);
(e) https://support.apple.com/kb/PH21411 (Safari); and
Blocking all cookies will have a negative impact upon the usability of many websites.
If you block cookies, you will not be able to use all the features on our website.
10.5. Facebook fan page
On our Facebook fan page, we process the personal data of users such that we are able to offer them and other visitors an up-to-date information and interaction platform. You do not have to be a member of Facebook in order to view the content.
The European Court of Justice (ECJ) decided in its ruling dated 5 June 2018 that the operator of a Facebook page is responsible together with Facebook for the processing of personal data. We have therefore entered into the agreement Page Controller Addendum with Facebook. You can find this here.
As the operator of the website and the Facebook fan page, we are unable to rule out the transmission and further processing of personal user data in third countries, such as the USA, as well as the associated potential risks for the users.
Facebook Inc., the US parent company of Facebook Ireland Ltd., is certified under the EU-US Privacy Shield and thus commits to adhere to European data protection standards. Further information on the Privacy Shield status of Facebook is available here.
We can use these data to make our posts and activities on our Facebook page more attractive to users. For instance, we use the distributions by age and gender to adjust our language accordingly and the preferred visiting times of users to optimise when we publish our posts. Information about the type of end devices used by visitors helps us to adapt the posts visually.
Since only Facebook has full access to the user data, we recommend contacting Facebook directly if you would like further information or have other questions about your rights as a user (for example, right to deletion). Should you require assistance or have any other questions, please contact us via the address provided.
HELVETAS Swiss Intercooperation
8021 Zurich, Switzerland