Privacy policy

For individual or additional activities and operations, further privacy policies and other legal documents such as the General Terms and Conditions (GTC), Terms of Use or Terms and Conditions may also apply.

1. Contact addresses

Responsibility for processing personal data:

Swiss Refugee Council SRC, Weyermannsstrasse 10, P.O. Box, 3001 Bern, info@osar.ch

We point out where, in individual cases, other controllers are responsible for processing personal data.

Data Protection Officer

We have the following Data Protection Officer as a point of contact for data subjects and person for supervisory authorities to get in touch with in the event of enquiries relating to data protection:

Thomas Rudin, Swiss Refugee Council SRC, Weyermannsstrasse 10, P.O. Box, 3001 Bern, dataprotection@fluechtlingshilfe.ch

2. Definitions and legal bases

2.1 Definitions

Personal data is any information relating to an identified or identifiable person. A datasubject is a person about whom personal data are processed.

Processing includes any handling of personal data, regardless of the means and procedures used, in particular the retention, disclosure, procurement, collection, deletion, storage, modification, destruction and use of personal data.

2.2 Legal basis

We process personal data in accordance with Swiss data protection law, in particular the Data Protection Act (DPA) and the Ordinance to the Data Protection Act (ODPA).

3. Type, scope and purpose

We process the personal data that is necessary to be able to carry out our activities and operations consistently and in a user-friendly, secure and reliable way. Such personal data may fall into the categories of inventory and contact data, browser and device data, content data, metadata, peripheral data and usage data, location data, sales data and contract and payment data.

We process personal data for as long as required for the respective purpose(s) or by law. Personal data which no longer need to be processed are anonymised or deleted.

We may have personal data processed by thirdparties. We may process personal data together with third parties or transfer it to third parties. Such third parties are specialised providers whose services we make use of. We also guarantee data protection at such third parties.

We process personal data only with consent of the data subject, unless the processing is permitted for other legal reasons. Processing without consent may, for example, be permissible for the performance of a contract with the data subject and for corresponding pre-contractual measures to protect our overriding legitimate interests, because the processing is evident from the circumstances or following prior notification.

In this context, we process information that a data subject provides to us on a voluntary basis when contacting us – for example by post, email, instant messaging, contact form, social media or telephone – or when registering for a user account. We may store such information in an address book or with similar tools. If we receive data transmitted to us about other persons, the persons transmitting the data are obliged to guarantee data protection vis-à-vis these persons and to ensure the accuracy of such personal data.

We also process personal data that we receive from third parties, obtain from publicly accessible sources or collect in the course of carrying out our activities and activities, if and insofar as such processing is permissible for legal reasons.

4. Personal data abroad

As a rule, we process personal data in Switzerland. However, we may also disclose or export personal data to other countries, in particular in order to process it or have it processed there.

We may disclose personal data to all countries and territories on earth and elsewhere in the universe, provided that in the assessment of the Federal Data Protection and Information Commissioner (FDPIC) or according to a decision of the Swiss Federal Council the law in such places guarantees adequate protection.

We may disclose personal data to countries whose laws do not guarantee adequate data protection if appropriate data protection is ensured for other reasons, such as by corresponding contractual agreements, on the basis of standard data protection clauses or other appropriate safeguards. In exceptional cases, we may export personal data to countries without adequate or suitable data protection if the special data protection requirements are fulfilled, for example the express consent of the data subjects or a direct connection with entering into or performing a contract. On request, we will be happy to provide data subjects with information about any guarantees or provide a copy of the guarantees.

5. Rights of data subjects

Data subjects about whom we process personal data have the rights under Swiss data protection law. These include the right to information and the right to rectification, erasure or blocking of personal data processed.

Data subjects about whom we process personal data have the right to lodge a complaint with a competent supervisory authority. The supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

6. Data security

We take appropriate technical and organisational measures to ensure data security appropriate to the respective risk. However, we cannot guarantee absolute data security.

Our website is accessed using transport encryption (SSL/TLS, in particular with the Hypertext Transfer Protocol Secure, abbreviated to HTTPS). Most browsers indicate transport encryption by showing a padlock in the address bar.

Our digital communications – like all digital communications – are subject to mass surveillance without cause or suspicion as well as other surveillance by security agencies in Switzerland, the rest of Europe, the United States of America (USA) and other countries. We cannot exert any direct influence on the corresponding processing of personal data by secret services, police forces or other security agencies.

7. Use of the website

7. 1. Cookies

We may use cookies. Cookies – both our own (first-party cookies) and those from third parties whose services we use (third-party cookies) – are files stored in the browser. These stored files need not be limited to traditional cookies in text form.

Cookies can be stored in the browser temporarily as “session cookies” or for a set period of time as persistent cookies. Session cookies are automatically deleted when the browser is closed. Persistent cookies are saved for a set period. In particular, cookies enable us to recognise a browser the next time you visit our website and hence measure the reach of our website, for example. However, persistent cookies can also be used, for example, for online marketing.

Cookies can be partially or completely deactivated and deleted at any time in your browser settings. Without cookies, our website may no longer be fully available. We actively request – at least if and to the extent necessary – your express consent to the use of cookies.

For cookies used to measure performance and reach or for advertising, a general opt-out is possible for many services via Ad choices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) or Your online choices (European Interactive Digital Advertising Alliance, EDAA).

7.2 Server log files

For each access to our website, we may collect the following information, provided that it is transmitted from your browser to our server infrastructure or can be determined by our web server: date and time including time zone, Internet Protocol (IP) address, access status (HTTP status code), operating system including user interface and version, browser including language and version, individual subpage of our website accessed including the amount of data transferred, website last accessed in the same browser window (referer/referrer).

We store such information, which may also constitute personal data, in server log files. The information is necessary in order to provide our website consistently and in a user-friendly, secure and reliable way as well as to ensure data security and thus in particular to protect personal data – including by or with the help of third parties.

7.3 Tracking pixels

We may use tracking pixels on our website. These are also known as web beacons. Tracking pixels – including those of third parties whose services we use – are small, usually invisible images that are automatically retrieved when you visit our website. Tracking pixels can be used to record the same information as in server log files.

8. Notifications and communications

We send alerts and communications via email and other communication channels such as instant messaging or SMS.

8.1 Measuring success and reach

Notifications and communications may contain web links or tracking pixels that track whether an individual message has been opened and which web links have been clicked. Such web links and tracking pixels may also record the use of notifications and communications on a personal basis. We need this statistical recording of usage to measure success and reach so we can send notifications and communications effectively and in a user-friendly manner as well as consistently, securely and reliably based on the needs and reading habits of the recipients.

8.2 Consent and objection

As a rule, you must expressly consent to the use of your email address and other contact addresses, unless such use is permitted for other legal reasons. Wherever possible, we use the “double opt-in” procedure for consent, i.e. you will receive an email with a web link which you must click to confirm so as to prevent misuse by unauthorised third parties. We may log such consents, including the Internet Protocol (IP) address as well as the date and time for evidentiary and security reasons.

As a rule, you can object to receiving notifications and communications such as newsletters at any time. When making such an objection, you can also object to the statistical recording of usage to measure success and reach. We reserve the right to send notifications and communications required in connection with our activities and operations.

8.3 Service providers for notifications and communications

We send notifications and communications with the help of specialised service providers.

Above all, we use:

• Campaign Monitor: email marketing platform; provider: Campaign Monitor Pty Ltd. (Australia); data protection information: Privacy Policy.
• Mailchimp: communication platform; provider: The Rocket Science Group LLC DBA Mailchimp (USA) as a subsidiary of Intuit Inc. (USA); data protection information: Privacy Statement (Intuit) including region and state-specific terms, Mailchimp Privacy FAQs, Mailchimp and European Data Transfers, Security, Cookie Statement, Privacy Rights Requests, Legal.

9. Social media

We are present on social media platforms and other online platforms to communicate with interested parties and inform them about our activities and operations. Personal data may also be processed outside Switzerland in connection with such platforms.

The General Terms and Conditions (GTC) and Terms of Use as well as the privacy policies and other provisions of the individual operators of such platforms also apply. These provisions provide details on the rights of data subjects directly vis-à-vis the respective platform, such as the right to information.

10. Third-party services

We use services from specialised third parties to be able to carry out our activities and operations consistently and in a user-friendly, secure and reliable way. Such services allow us to embed features and content on our website, among other things. In the case of such embedding, the services used record the Internet Protocol (IP) addresses of the users at least temporarily for technical reasons.

For necessary security-related, statistical and technical purposes, third parties whose services we use may process aggregated, anonymised or pseudonymised data in connection with our activities and operations. This includes, for example, performance or usage data in order to be able to offer the respective service.

In particular, we use:

• Google services: providers: Google LLC (USA)/Google Ireland Limited (Ireland) for users in the European economic area (EEA) and Switzerland; general information on data protection: Privacy and security principles, Privacy Policy, We are committed to complying with applicable data protection laws, Google Product Privacy Guide, How Google uses information from sites or apps that use our services (details provided by Google), Types of cookies and other technologies used by Google, Settings for personalized ads (activate/deactivate).

• Microsoft services: providers: Microsoft Corporation (USA)/Microsoft Ireland Operations Limited (Ireland) for users in the European economic area (EEA), the United Kingdom and Switzerland; general information on data protection: Privacy at Microsoft, Trust Center, Privacy Statement.

10.1 Digital infrastructure

We use services from specialist third parties to allow us to make use of the digital infrastructure required in connection with our activities and operations. These include hosting and storage services from selected providers.

In particular, we use:

• Cyon: hosting; provider: Cyon GmbH (Switzerland); data protection information: Data protection, Privacy Policy .
• Nine Internet Solutions: managed cloud and container solutions; provider: Nine Internet Solutions AG (Switzerland); data protection information: Data Privacy Policy, Data Protection and the Cloud:Can They Work Together?

10.2 Automation and integration of apps and services

We use specialised platforms to integrate and connect existing third-party apps and services. Such “no-code” platforms also allow us to automate processes and activities with third-party apps and services.

In particular, we use:

• Microsoft Power Automate including Microsoft Power Platform: integrated application platform; provider: Microsoft; Microsoft Power Platform-specific data protection information: Compliance and data privacy, Data storage and governance, Security.

10.3 Audio and video conferences

We use specialised services for audio and video conferencing to communicate online. These allow us, for example, to hold virtual meetings or conduct online training and webinars. When participating in audio and video conferences the legal texts of the individual services, such as privacy policies and terms of use, also apply.

Depending on your personal situation, we recommend muting the microphone as standard and blurring the background or showing a virtual background when participating in audio or video conferences.

In particular, we use:

• Microsoft Teams: platform for audio and video conferences, among other things; provider: Microsoft; Teams-specific details: Privacy and Microsoft Teams.
• Zoom: video conferences; provider: Zoom Video Communications Inc. (USA); data protection information: Privacy Statement, Privacy at Zoom, Compliance.

10.4 Online collaboration

We use third-party services to enable online collaboration. In addition to this Privacy Policy, any directly visible conditions of the services used, such as terms of use or privacy policies, also apply.

In particular, we use:

• Asana: platform for collaboration in companies; provider: Asana Inc. (USA); data protection information: Trust at Asana, Privacy Statement, Bug bounty program.
• Miro: whiteboard platform; provider: RealtimeBoard Inc. (USA); data protection information: Privacy Policy, Miro Trust Center.
• Padlet: platform for productive collaboration; provider: Wallwisher Inc. DBA Padlet; data protection information: Privacy Policy.

10.5 Social media features and social media content

We use third-party services and plug-ins to allow us to embed features and content from social media platforms and enable content to be shared on social media platforms and by other means.

In particular, we use:

• Facebook (social plug-ins): embedding Facebook features and content, such as “Like” and “Share”; providers: Meta Platforms Ireland Limited (Ireland) and other Meta companies (including in the USA); data protection details: Privacy Policy.
• Instagram platform: embedding Instagram content; providers: Meta Platforms Ireland Limited (Ireland) and other Meta companies (including in the USA); data protection details: Privacy Policy (Instagram), Privacy Policy (Facebook).
• ShareThis: sharing content on social media and other online platforms and use of social media features; provider: ShareThis Inc. (USA); data protection information: Privacy Policy, Opt out of data collection .
• X for websites: embedding features and content of X, e.g. to display posts; providers: X Corp. (USA) for users worldwide; data protection information: Privacy Policy, X for Websites – Ads Info and Privacy, How cookies are used on X, About personalization based on your inferred identity, Your privacy controls for personalized ads.

10.6. Digital audio and video content

We use specialised third-party services to enable direct playback of digital audio and video content such as music and podcasts.

Above all, we use:

• YouTube: video platform; provider: Google; YouTube-specific information: Privacy and safety center, Your Data in YouTube.

10. 7 Documents

We use third-party services to embed documents on our website. Such documents may include forms, PDF files, presentations, spreadsheets and text documents. This enables us not only to view, but also to edit or comment on such documents.

In particular, we use:

• Google Docs: text documents, forms, presentations and spreadsheets; provider: Google; Google Docs-specific information: Understanding the basics of privacy in Google Docs, Sheets & Slides.

10.8 Payments

We use specialised service providers to process our clients’ payments securely and reliably. For the processing of payments, the legal texts of the individual service providers such as their general terms and conditions (GTC) and privacy policies also apply.

In particular, we use:

• RaiseNow: fundraising platform; providers: RaiseNow AG (Switzerland)/Raise-Now GmbH (Germany); data protection information: Privacy Policy, Cooperation Guidelines:Ethical and sustainable action, certification to Payment Card Industry Data Security Standard (PCI DSS).

10.9 Advertising

We use the opportunity to display targeted advertising for our activities and operations on third parties such as social media platforms and search engines.

With such advertising, we particularly want to reach people who are already interested or could be interested in our activities (remarketing and targeting). For this purpose, we may disclose corresponding information – which may include personal information – to third parties that enable such advertising. We can also determine whether our advertising is successful, i.e. whether it leads to visits to our website (conversion tracking).

Third parties with whom we advertise and where you are registered as a user may associate the use of our online offering with their profile of the user.

In particular, we use:

• Facebook Ads: social media advertising; provider: Meta Platforms Ireland Limited (Ireland) and other Meta companies (including in the USA); data protection information: remarketing and targeting, in particular with the Facebook pixel, as well as custom audiences including lookalike audiences, Privacy Policy, Ad preferences (user registration required).
• Google Ads: search engine advertising; provider: Google; Google Ads-specific information: Advertising based amongst other things on searches; various domain names are used, especially doubleclick.net, googleadservices.com and googlesyndication.com, Google advertising, Why am I seeing this ad?.
• Instagram Ads: social media advertising; providers: Meta Platforms Ireland Limited (Ireland) and other Meta companies (including in the USA); data protection details: remarketing and targeting, in particular with Facebook pixel and custom audiences including lookalike audiences, Privacy Policy (Instagram), Privacy Policy (Facebook), Ad topic preferences (Instagram) (user registration required), Ad preferences (Facebook) (user registration required).

11. Extensions for the website

We use extensions for our website to be able to use additional features.

In particular, we use:

• Google reCAPTCHA: spam protection (distinguishes between desirable comments from people and unwanted comments from bots and spam); provider: Google; Google reCAPTCHA-specific information: What is reCAPTCHA?.

12. Measuring success and reach

We use services and programs to determine how our online offering is being used. In doing so, we may measure, for example, the success and reach of our activities and operations and the impact third-party links have on our website.

We may also try out and compare how different versions of our online offering or parts of our online offering are used (“A/B testing”). Based on the results of measuring success and reach we can correct errors, strengthen popular content or make improvements to our online offering.

When using services and programs to measure success and reach, the Internet Protocol (IP) addresses of individual users must be stored. As arule, IP addresses are truncated (“IP masking”) in order to comply with the principle of data minimisation by means of pseudonymisation and thus improve user data protection.

When using services and programs to measure success and reach, cookies may be used and user profiles created. User profiles include, for example, the pages visited or content viewed on our website, information about the size of the screen or browser window and the location, at least approximately. As a rule, user profiles are only created in pseudonymised form. We do not use user profiles to identify individual users. Individual third-party services to which users are logged in may associate the use of our online offering with the user account or user profile of the service in question.

In particular, we use:

• Google Analytics: success and reach measurement; provider: Google; Google Analytics-specific information: cross-device tracking with pseudonymised Internet Protocol (IP) addresses that are transmitted in full to Google in the USA only in exceptional cases, Safeguarding your data, Google Analytics Opt-out Browser Add-on.
• Google Tag Manager: integration and management of other services to measure performance and reach as well as other services from Google and third parties; provider: Google; Google Tag Manager-specific information: Data collected by Google Tag Manager; further information on data protection can be obtained from the individual services connected and managed.

13. Final provisions

We generated this Privacy Policy using the Privacy Policy Generator of datenschutzpartner.ch.

We may amend and supplement this Privacy Policy at any time. We will provide information about adjustments and additions in an appropriate manner, in particular by publishing the latest Privacy Policy on our website.