1. information on the collection of personal data
In the following we inform about the collection of personal data when using our website. Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behaviour.
The ERNA Foundation, c/o abona TREUHAND AG Zugerstrasse 46, 6341 Unterägeri, Switzerland, Tel: +41 41 541 67 59, E-mail: firstname.lastname@example.org, is responsible pursuant to Art. 4 Para. 7 of the EU Basic Data Protection Regulation (DSGVO) and national data protection regulations.
When you contact us by e-mail or via our contact form, the data you provide us with (your e-mail address, your name if applicable and your telephone number) will be stored by us to answer your questions. The data collected in this context will be deleted after storage is no longer required, or the processing will be restricted if there are legal storage obligations. Data processing for the purpose of contacting us is carried out in accordance with Art. 6 Para. 1 lit. a DSGVO on the basis of your voluntary consent.
2. Your Rights
You have the following rights against us with regard to the personal data concerning you:
– Right of access,
– Right to rectification and/or completion or deletion,
– Right to limit the processing,
– Right to object to the processing,
– Right to data transferability,
– Right to revoke the declaration of consent under data protection law.
You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.
If you have any questions, comments or inquiries regarding the collection, processing and use of your personal data by us, please also contact us using the contact details given above.
3. collection of personal data when you visit our website
If you only use the website for information purposes, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to guarantee stability and security (legal basis is Art. 6 Para. 1 lit. f DSGVO):
– IP address of the requesting computer,
– Date and time of the request,
– Time zone difference to Greenwich Mean Time (GMT),
– Content of the request (concrete page),
– Access status/HTTP status code,
– the amount of data transferred in each case,
– Web page from which the request comes,
– operating system and its interface,
– Language and version of the browser software.
4. Disclosure of personal data to third parties
We only use your personal information to provide the services you have requested. Insofar as external service providers (e.g. newsletter services, IT providers, etc.) are used by us within the scope of the provision of services, their access to the data also takes place exclusively for the purpose of the provision of services. Through technical and organisational measures, we ensure compliance with data protection regulations and also oblige our external service providers to do so.
Furthermore, we do not pass on the data to third parties without your express consent, in particular not for advertising purposes. Your personal data will only be passed on if you yourself have consented to the data being passed on or if we are entitled or obliged to do so on the basis of statutory provisions and/or official or court orders. In particular, this may involve providing information for the purposes of criminal prosecution, averting danger or enforcing intellectual property rights.
This website uses so-called “cookies” for the use of Google Analytics. Cookies are small text files that are stored on your hard drive assigned to the browser you are using and through which certain information flows to the location that sets the cookie (here by us). Cookies cannot execute programs or transmit viruses to your computer. They serve to make the website more user-friendly and effective. The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f DSGVO.
The provider is Google Inc.,1600 Amphitheatre Parkway Mountain View, CA 94043, USA. The information generated by the cookies about your use of this website (including your IP address) will be transmitted to and stored by Google on servers in the United States.
However, if IP anonymisation is activated on this website, your IP address will be truncated by Google in advance within Member States of the European Union or in other Contracting Parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
Google will use this information on our behalf to evaluate your use of the website, to compile reports on website activity and to provide us with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google.
You can also use a browser plug-in to prevent the information collected by cookies (including your IP address) from being sent to Google Inc. and used by Google Inc. The following link leads you to the corresponding plugin: https://tools.google.com/dlpage/gaoptout?hl=en. Here you will find further information on the use of data by Google Inc.: https://support.google.com/analytics/answer/6004245?hl=en.
For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework
Our website is self hosted, but based on WordPress. We use the Anti Spam PlugIn CleanTalk from WordPress to prevent possible spam during registration and within the comments. Parameters such as certain words, IP addresses, email addresses or domain names are sent to a server in the USA and synchronized there. If CleanTalk identifies any of the transmitted content as spam, it will be returned to us as a message and the information will be stored in the USA.
According to CleanTalk, the maximum storage period is 45 days. More information about CleanTalk can be found at https://cleantalk.org/help/CleanTalk-GDPR-Compliance.
7. Google Fonts
We use Google Fonts of the company Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA) on our website. Google Fonts is used without authentication and no cookies are sent to the Google Fonts API. If you have an account with Google, none of your Google Account information will be transmitted to Google while using Google Fonts. Google only records the use of CSS and the fonts used and stores this information securely.
You can find out more about these and other questions at https://developers.google.com/fonts/faq?tid=231543930195.
You can find out which data is collected by Google and what this data is used for at https://www.google.com/intl/de/policies/privacy/ .
8. Social plugins from Facebook, YouTube and Instagram
Our website uses so-called social plugins (“plugins”) from Facebook, YouTube and Instagram. These services are provided by Facebook Inc., YouTube LLC. and Instagram LLC. (“Providers”).
We use the providers so that we can tell you more about us and our “Swiss Ice Challenge” project; this is also the legitimate interest within the meaning of Art. 6 para. 1 lit. f) DSGVO.
No personal information will be transmitted to the respective providers before the corresponding links or plug-ins are called up. Your access to the linked page is also the basis for data processing by the respective provider (pursuant to Art. 6 para. 1 lit. a DSGVO).
Facebook is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). An overview of the Facebook plugins and their appearance can be found here: https://developers.facebook.com/docs/plugins.
YouTube is operated by YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA (“YouTube”). You can find an overview of the plugins of YouTube and their appearance here: https://developers.google.com/youtube/youtube_subscribe_button
Instagram is operated by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”). An overview of the Instagram buttons and their appearance can be found here: http://blog.instagram.com/post/36222022872/introducing-instagram-badges
When you access a page of our website that contains such a plugin, your browser establishes a direct connection to the Facebook, YouTube or Instagram servers. The content of the plugin is transmitted directly to your browser by the respective provider and integrated into the page. By integrating the plugins, the providers receive the information that your browser has called up the corresponding page of our website, even if you do not have a profile or are not logged in at the moment. This information (including your IP address) is transmitted by your browser directly to a server of the respective provider in the USA and stored there.
If you are logged in to one of the services, the providers can assign your visit to our website directly to your profile on Facebook, YouTube or Instagram. If you interact with the plugins, for example by clicking the “Like” button or the “Instagram” button, the corresponding information is also transmitted directly to a server of the provider and stored there. The information is also published in the social network or on your Instagram account and displayed there to your contacts.
The purpose and scope of the data collection and the further processing and use of the data by the providers as well as your rights and settings to protect your privacy, please refer to the privacy notices of the providers.
Data protection information from Facebook: http://www.facebook.com/policy.php
Instagram Privacy Notice: https://help.instagram.com/155833707900388/
If you do not want Facebook, YouTube or Instagram to directly associate the information collected through our website with your profile on that service, you must log out of that service before visiting our website. You can also completely prevent the plugins from loading with add-ons for your browser, e.g. with the script blocker “NoScript” (http://noscript.net/).
9. Donations / Fundraisingbox
If you would like to donate online, you can do so via our donation form. We use the Fundraisingbox for our donation forms. The provider of the Fundraisingbox is Wikando GmbH, Schiessgrabenstr. 32, 86150 Augsburg.
With the Fundraising box we can administer all donation and contact data including the entire communication history clearly, searchably and surely. Fundraisingbox takes over the payment processing for us through a secure and certified environment. The data of the donation transactions (payment data, first names and surnames) are SSL encrypted at any time and stored in European certified computer centres. The payment data is transferred directly to the respective payment service provider via an encrypted connection. Each donation amount goes directly to our respective donation account and not only via an account of the fundraising box.
Current information about the security procedure used can be found at: http://www.fundraisingbox.com/it-sicherheit
Further information on data protection at Fundraisingbox can be found at: http://www.fundraisingbox.com/datenschutz/
In order to ensure the legitimacy of the payment process, we need at least the following information from you:
– Salutation and full name
– email address
– mailing address
Your data entered in the donation form will be processed by our service provider, Wikando GmbH. Depending on the selected payment method, your data will also be forwarded to the corresponding financial service provider:
– For direct debit payments to our house bank
– When paying via PayPal to PayPal
– When paying by credit card to Stripe Payments Europe Ltd.
Please also note the respective data protection regulations of the financial service providers.
a) Newsletter data
You have the possibility to subscribe to our newsletter via our website.
To do this, we require a valid e-mail address from you and information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data will not be collected or will only be collected on a voluntary basis. For legal reasons, a confirmation e-mail will be sent to the e-mail address you entered for the newsletter for the first time. Only by clicking on this link in the confirmation e-mail will you be included in the list of recipients of the newsletter ordered (double opt-in procedure). We only use this data for sending the newsletter and do not pass it on to third parties. The legal basis for the collection and processing of data is Art. 6 para. 1 lit. a DSGVO.
When you register for the newsletter, we also store the IP address assigned by the Internet Service Provider (ISP) to the computer system you are using at the time of registration as well as the date and time of registration. The collection of this data is necessary in order to trace the (possible) misuse of an e-mail address at a later point in time and therefore serves to protect us.
You can revoke your consent to the storage of your data, your e-mail address and their use to send the newsletter at any time, for example via the “unsubscribe newsletter” link in any newsletter. Alternatively, you can inform us of your cancellation at the following e-mail address: email@example.com
The data that you have stored with us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and deleted after unsubscribing from the newsletter.
This website uses CleverReach to send newsletters. The provider is CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede. CleverReach is a service with which the newsletter dispatch can be organized and analyzed. The data you enter for the purpose of receiving the newsletter (e.g. e-mail address) is stored on the CleverReach servers in Germany and Ireland.
Our newsletters sent with CleverReach enable us to analyse the behaviour of newsletter recipients. Among other things, it can be analyzed how many recipients have opened the newsletter message and how often which link was clicked in the newsletter. With the help of so-called conversion tracking, it can also be analysed whether a predefined action has taken place after clicking on the link in the newsletter. Further information on data analysis in the CleverReach newsletter is available at: https://www.cleverreach.com/de/funktionen/reporting-und-tracking/
Data processing is based on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke this consent at any time by unsubscribing the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation.
If you do not want an analysis by CleverReach, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. You can also unsubscribe from the newsletter by e-mail.
The data you provide us with for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and deleted from our servers as well as from CleverReach’s servers after you cancel the newsletter. Data stored by us for other purposes remain unaffected.
11. objection or revocation against the processing of your data
If you have given your consent to the processing of your data, you can revoke it at any time. Such a revocation influences the permissibility of the processing of your personal data after you have given it to us.
If the processing of your personal data is not based on your consent, but on another legal basis (Art. 6 para. 1 lit. e DSGVO (data processing in the public interest) and Art. 6 para. 1 lit. f DSGVO (data processing on the basis of a weighing of interests)), you can object to this data processing at any time. The objection can be made in any form and should be sent to: firstname.lastname@example.org
If you file an objection, we will no longer process your personal data unless we can prove compelling reasons for the processing worthy of protection which outweigh your interests, rights and freedoms, or the processing serves the assertion, exercise or defense of legal claims.
12. data protection and websites of third parties
13. data security
We secure our website and other systems through technical and organizational measures against loss, destruction, access, alteration or distribution of your data by unauthorized persons. In particular, your personal data will be transmitted in encrypted form. We use the SSL coding system (abbreviated for Secure Socket Layer = HTTPS).
14. changes of these data protection regulations