Swiss Philanthropy Foundation (“SPF”) collects, processes, and stores personal data to fulfill its obligations arising from its legal or contractual relationship with you, for other justified interests, to fulfill a legal obligation imposed on it in connection with the relevant applicable law, or where you have given us your consent (for example when registering for one of our events or our newsletter).
Scope of application
This Statement governs the obligations of Swiss Philanthropy Foundation, 2 Place de Cornavin, P.O. Box 2097, CH-1211 Geneva 1, when we process your personal data as data controller, in accordance with the Federal Act on Data Protection (FADP) of September 25, 2020 and the European Data Protection Regulation (EU) 2016/679 (RGPD) of April 27, 2016.
Data protection legislation defines “personal data” as any information relating to an identified or identifiable natural person. This Privacy Statement sets out the procedures followed by SPF when processing personal data.
We only collect personal data in connection with our professional and contractual relationship with you, if you have given us your consent, if we have a legitimate interest in doing so, or if we are obliged to do so by virtue of a legal obligation.
In particular, we collect your contact details, such as your name, telephone number, address or e-mail address, as well as other data, notably in connection with the establishment of Hosted Funds (transaction or payment data for donation payments) or the granting of donations to charitable organizations (contact details of the heads of these charitable organizations in order to carry out our due diligence on them and manage their activity reports), or to issue a tax certificate for a donation, or to subscribe to our newsletter (e-mail address) or to use our website (see point 5 below).
We also collect and manage personal data from donors located in Switzerland in order to offer them the services of our “Transnational Giving Europe” (TGE) network. For this TGE network, we also process the contact details of representatives of charitable organizations located in the European Union to which donors located in Switzerland make donations, in order to carry out our due diligence on these organizations.
Information that cannot be associated with your identity (e.g. statistical data on the number of users of our online offering) does not constitute personal data.
The processing of personal data of our employees is the subject of a separate Declaration / Staff Regulations.
In general, we collect personal data in the following cases:
The reasons justifying the processing of your personal data in the cases indicated above are as follows:
We will only pass on your personal data to third parties if we are legally entitled to do so, if you have given us your consent or if we have a legitimate interest in doing so.
Generally speaking, we process your personal data in the cases mentioned below, for the justified reasons indicated below.
This is particularly the case when we make donations from a Hosted Fund that you have created at SPF to charitable organizations in agreement with you. In this case, we transmit your donor details to these organizations so that they know the identity of their donor(s). The lawfulness of this processing arises from the execution of the contract we have concluded with you.
If you are a non-profit organization to which donations are made from one of the SPF Hosted Funds, the contact details of your representatives may be communicated to the donors and founders of SPF Hosted Funds. The lawfulness of this processing arises from our legitimate interest in ensuring that our donors and founders know the identity of the non-profit organizations they decide to support. This processing is also necessary in order to conclude a donation contract.
We may also transmit your personal data to third parties duly appointed by SPF in order to manage our business and offer you our services. This may include third parties managing our contact database, our website, our IT equipment and e-mail services, or our business software, or even the companies we appoint to maintain the security of the personal data we collect, manage and store, or the trustee in charge of our accounts. The lawfulness of this processing arises from our legitimate interest in having recourse to these service providers in order to carry out our business and to execute the mandate you have entrusted to us.
Most of these subcontractors are based in Switzerland. For example, our Website is hosted by Net’Oxygen Sàrl, which is headquartered in Switzerland. In the case of subcontractors located outside Switzerland, mainly in Europe or the United States, we have ensured that they offer all guarantees in terms of data protection and security in accordance with applicable legislation, and that they may only act on our instructions and solely for the purposes of performing their services.
We may disclose your personal data (including your communications) if we consider this necessary for security reasons, to investigate a potential breach or other violation of this privacy statement and/or to prevent harm to other donors. Accordingly, we may need to disclose your personal data to investigate, respond to or resolve complaints or disputes relating to our services.
We may be required to disclose your personal data where we are required to do so by law or where we believe in good faith that such disclosure is necessary in order to:
We endeavor to notify you of third-party requests for your personal data where this seems appropriate from our point of view and where it seems technically feasible, except where we are prohibited from doing so by law or by a decision of an authority, or where the request suffers from an emergency. We may contest such requests where, in our sole discretion, we consider that they are formulated too broadly, are too vague or are unfounded, but we do not guarantee to contest any request.
The purpose of sharing your personal data with the authorities is to meet our legal obligations.
Insofar as data is disclosed abroad, in particular to a state that does not offer a level of personal data protection comparable to that prevailing in Switzerland or the European Economic Area, we ensure that we comply with the legal requirements in this respect (guarantee of adequate protection), in particular by putting in place standard data protection clauses previously approved by the Federal Data Protection and Transparency Commissioner with our subcontractors located in the USA.
External service providers who process data on our behalf are bound by an obligation of confidentiality. We have ensured that external service providers are able to guarantee data security. They may only transfer the processing of personal data to a third party with our prior consent.
In principle, we only keep your data for as long as is necessary for our business relationship with you, or as long as we have a legitimate interest in doing so. In all other cases, we delete your personal data, with the exception of that which we must retain in accordance with our legal obligations (e.g. if we are bound by a legal retention period, we retain documents such as contracts and invoices for a period of 10 years).
We collect personal data from you on a voluntary basis when, through our Website, you fill in the contact form or subscribe to a newsletter (see Points 2 and 6 for further information).
However, you can visit our Website without actively providing any personal data.
In addition, when you visit our website, we may place cookies on your browser. You will find further information on this subject in art. 5.1 below.
We would also like to point out that this privacy statement does not cover how your personal data is handled by third parties when our Website refers you to their websites. We encourage you to read the privacy policies of the other websites you visit.
Cookies are small text files stored on your device (computer or mobile device) when you visit our Website or one of our pages available on social networks (i.e. LinkedIn and YouTube). By means of cookies, we may collect personal data when you visit our Website or one of our pages available on the aforementioned social networks.
You can configure your browser to block certain types of cookies or alternative technologies, or to delete existing cookies. You can also add software to your browser to block certain third-party tracking. Further information can be found on your browser’s help pages (usually with the keyword “data protection”) or on the websites of the third parties listed below.
(i) Cookies used on our Website
The following cookies are currently used on our website:
These cookies are provided by Automatic Inc. based in the United States. They are necessary for the operation of the Website or for certain functionalities. These cookies exist only temporarily (“session cookies”). If you block them, the Website may not function properly. Other cookies are required by the server to store options or information (which you have entered) beyond one session (i.e. one visit to the Website) if you use this function (e.g. language settings). These cookies have an expiry date of up to 24 months.
Google Ireland Ltd (located in Ireland) is the provider of the “Google Analytics” service. Google Ireland uses Google LLC (located in the United States) as a subcontractor (both referred to as “Google”). Google collects information on the behaviour of visitors to our website (duration, pages viewed, geographical region of access, etc.) by means of performance cookies (see above) and, on this basis, creates reports for us on the use of our website, so that we can optimize it.
(ii) Information collected through cookies
The following information and personal data are collected using cookies:
(iii) Supporting reasons
When you visit our Website, we use essential cookies in order to operate and maintain our Website as described above. The grounds on which we justify the processing of your personal data is our overriding private interest. We only use traffic analysis cookies for statistical purposes if you consent to such use via the cookie banner displayed on our website.
Our website contains links or plug-ins to various social networks such as LinkedIn and YouTube. You will recognize them by the logo of the provider concerned. By clicking on the links, you open the corresponding social media sites, for which this privacy statement does not apply.
When you establish a connection with a social network or other website from our Website, your browser connects directly to the server of the relevant service provider. Through this connection, the website receives the information accessed by your browser on the corresponding page of our Website or on our pages available on social networks. This information (including your IP address) is transmitted from your browser directly to the service provider’s server and stored there. If you interact with our pages available on social networks, i.e. on LinkedIn and/or YouTube, for example by clicking on the “Like” or “Share” icon, this information will also be transmitted directly to the server of the relevant social network provider and stored there.
No personal information is transmitted to the relevant provider prior to accessing the corresponding link or plug-in.
As part of our online offer, you can subscribe to our newsletter. We use a so-called double opt-in procedure, whereby we will only send you the newsletter by e-mail when you have expressly confirmed your subscription by clicking on a link contained in the service activation notification.
If you subsequently wish to stop receiving newsletters, you can terminate the subscription at any time with future effect by revoking your consent. Subscriptions to electronic newsletters can be revoked by clicking on the link contained in the newsletter. You can also contact us by following the instructions in the Contact section.
You have the following rights with regard to your personal data:
To exert your rights, simply send us a letter by post or an e-mail. See the “Contact” section. We may ask you to prove your identity before responding to a request based on the aforementioned rights or linked in any other way to your personal data.
We employ appropriate technical and organizational security measures to protect the personal data we hold about you from manipulation, partial or total loss or unauthorized access by third parties. Our security measures are constantly being improved in line with technological developments.
In the event of an actual or suspected breach of personal data, we undertake to (i) use our best efforts to notify you without delay, where technically feasible, and (ii) cooperate with you in investigating and resolving the breach, including, but not limited to, providing reasonable assistance in notifying affected third parties. We undertake to give you access, without delay and within the limits of a reasonable request, to our files relating to the violation of your Personal Data, provided however that this does not give you access to files which belong to other users or which could compromise their security.
In the event of an actual or suspected breach of personal data, we undertake to notify the competent authority under the applicable law.
We reserve the right to amend and supplement this privacy statement at any time, at our discretion and in accordance with data protection legislation. Please check our website regularly for such changes.
If you have any questions about your rights in relation to your personal data or other matters, please contact :
Swiss Philanthropy Foundation
PO Box 2097
CH-1211 Genève 1
Phone +41 22 732 55 54
SPF’s representative in the European Union pursuant to art. 27 RGPD is the following entity.
SCRL Thales Brussels
Place Poelaert 6
Phone +32 2 533 04 50
June 23, 2023