Data protection

The responsible body within the meaning of data protection laws, in particular the EU General Data Protection Regulation (GDPR), is:

CHANGING
Fabio Müller
Sackweidhöhe 4
6012 Obernau
Switzerland

Telephone: +41 41 562 03 62
Email: info@changing.ngo
Site: https://www.changing.ngo/

General notice

Based on Article 13 of the Swiss Federal Constitution and federal data protection regulations (Data Protection Act, DSG), every person is entitled to protection of their privacy and to protection against misuse of their personal data. The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with legal data protection regulations and this privacy policy.

In cooperation with our hosting providers, we strive to protect the databases as much as possible from third-party access, loss, misuse or falsification.

We would like to point out that data transmission over the Internet (e.g. when communicating by e-mail) may have security gaps. It is not possible to completely protect data from access by third parties.

By using this website, you agree to the collection, processing and use of data in accordance with the following description. In principle, this website can be visited without registration. Data such as pages accessed or the name of the retrieved file, date and time are stored on the server for statistical purposes without this data being directly related to your person. Personal data, in particular name, address or email address, is collected on a voluntary basis as far as possible. The data will not be passed on to third parties without your consent.

Processing of personal data

Personal data is all information relating to a specific or identifiable person. A data subject is a person about whom personal data is processed. Processing includes any handling of personal data, regardless of the means and procedures used, in particular the storage, disclosure, procurement, deletion, storage, alteration, destruction and use of personal data.

We process personal data in accordance with Swiss data protection law. In addition, we process personal data — to the extent and insofar as the EU GDPR is applicable — in accordance with the following legal bases in connection with Article 6 (1) GDPR:

  • Consent (Article 6 (1) (a) GDPR) - The data subject has given consent to the processing of personal data concerning him or her for a specific purpose or several specific purposes.
  • Contract performance and pre-contractual inquiries (Art. 6 (1) (b) GDPR) - Processing is necessary for the performance of a contract to which the data subject is a party or to carry out pre-contractual measures taken at the request of the data subject.
  • Legal obligation (Art. 6 (1) (c) GDPR) - Processing is necessary to fulfill a legal obligation to which the person responsible is subject.
  • Protection of vital interests (Art. 6 (1) (d) GDPR) - Processing is necessary to protect the vital interests of the data subject or of another natural person.
  • Legitimate interests (Art. 6 (1) (f) GDPR) - Processing is necessary to protect the legitimate interests of the controller or of a third party, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail.
  • Application process as a pre-contractual or contractual relationship (Art. 9 para. 2 lit. b GDPR) - If, as part of the application process, special categories of personal data within the meaning of Article 9 (1) GDPR (e.g. health data, such as disability status or ethnic origin) are requested from applicants so that the person responsible or the data subject can exercise the rights conferred on him or her under employment law and social security and social protection law and fulfill his or her obligations in this regard, their processing is carried out in accordance with Article 9 (2) lit. b. GDPR, in case of protection vital interests of applicants or other persons in accordance with Art. 9 para. 2 lit. c. GDPR or for health care or occupational medicine purposes, for the assessment of the employee's ability to work, for medical diagnostics, care or treatment in the health or social sector or for the administration of systems and services in the health or social sector in accordance with Art. 9 para. 2 lit. h. GDPR. In the case of communication of special categories of data based on voluntary consent, their processing is carried out on the basis of Article 9 (2) lit. a. GDPR.

We process personal data for the period necessary for the respective purpose or purposes. If there are longer storage obligations due to legal and other obligations to which we are subject, we will restrict processing accordingly.

Relevant legal bases

In accordance with Article 13 GDPR, we inform you of the legal basis for our data processing. If the legal basis is not mentioned in the data protection declaration, the following applies: The legal basis for obtaining consent is Art. 6 para. 1 lit. a and Art. 7 GDPR, the legal basis for processing to fulfill our services and carry out contractual measures and answer inquiries is Art. 6 para. 1 lit. b GDPR, the legal basis for processing to fulfill our legal obligations is Art. 6 para. 1 lit. c GDPR, and the legal basis for processing to preserve our The legitimate interest is Art. 6 para. 1 lit. f DSGVO. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.

Safety measures

In accordance with legal requirements, taking into account the state of the art, implementation costs and the nature, scope, circumstances and purposes of processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, we take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk.

The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as the access, input, transfer, availability and separation of data relating to it. We have also set up procedures that ensure the exercise of data subject rights, the deletion of data and responses to the data being compromised. In addition, we take the protection of personal data into account when developing or selecting hardware, software and processes in accordance with the principle of data protection, through technology design and through privacy-friendly default settings.

Transfer of personal data

As part of our processing of personal data, the data may be transferred to other bodies, companies, legally independent organizational units or persons or disclosed to them. Recipients of this data may include, for example, service providers tasked with IT tasks or providers of services and content that are integrated into a website. In such cases, we comply with legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data that serve to protect your data.

Data processing in third countries

If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA)) or processing takes place as part of the use of third-party services or the disclosure or transfer of data to other persons, bodies or companies, this is only done in accordance with legal requirements.

Subject to express consent or contractually or legally required transfer, we only process the data in third countries with a recognized level of data protection, contractual obligation through so-called standard protection clauses issued by the EU Commission, if certifications or binding internal data protection regulations are available (Articles 44 to 49 GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).

Cookie privacy statement

This website uses cookies. Cookies are text files that contain data from visited websites or domains and are stored by a browser on the user's computer. A cookie is primarily used to store information about a user during or after their visit to an online offer. The stored information can include, for example, the language settings on a website, the login status, a shopping cart or the location where a video was watched. The term cookies also includes other technologies that perform the same functions as cookies (e.g. when user information is stored using pseudonymous online identifiers, also known as “user IDs”)

The following types of cookies and functions are differentiated:

  • Temporary cookies (also: session or session cookies): Temporary cookies are deleted at the latest after a user has left an online offer and closed their browser.
  • Persistent cookies: Permanent cookies remain stored even after the browser is closed. For example, the login status can be saved or preferred content can be displayed directly when the user visits a website again. The interests of users, which are used to measure reach or for marketing purposes, can also be stored in such a cookie.
  • First-party cookies: First-party cookies are set by ourselves.
  • Third party cookies (also: third party cookies): Third-party cookies are mainly used by advertisers (so-called third parties) to process user information.
  • Necessary (also: essential or absolutely necessary) cookies: On the one hand, cookies may be absolutely necessary for the operation of a website (e.g. to save logins or other user inputs or for security reasons).
  • Statistics, marketing and personalization cookies: In addition, cookies are usually also used as part of audience measurement and when a user's interests or behavior (e.g. viewing certain content, using functions, etc.) are stored in a user profile on individual websites. Such profiles are used, for example, to show users content that matches their potential interests. This process is also known as “tracking”, i.e. tracking the potential interests of users. If we use cookies or “tracking” technologies, we will inform you separately in our privacy policy or when you obtain consent.

Information on legal bases: The legal basis on which we process your personal data using cookies depends on whether we ask you for consent. If this is the case and you consent to the use of cookies, the legal basis for processing your data is consent. Otherwise, the data processed using cookies will be processed on the basis of our legitimate interests (e.g. in operating our online offering and improving it) or if the use of cookies is necessary to fulfill our contractual obligations.

Storage period: Unless we provide you with explicit information about the storage period of permanent cookies (e.g. as part of a so-called cookie opt-in), please assume that the storage period can be up to two years.

General information on revocation and objection (opt-out): Depending on whether the processing is based on consent or legal permission, you have the option at any time to withdraw your consent or to object to the processing of your data using cookie technologies (collectively referred to as “opt-out”). You can first declare your objection using your browser settings, e.g. by deactivating the use of cookies (which may also restrict the functionality of our online offering). An objection to the use of cookies for online marketing purposes can also be declared using a variety of services, especially in the case of tracking, via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/. In addition, you may receive further objection notices as part of the information on the service providers and cookies used.

Processing of cookie data based on consent: We use a cookie consent management process, within the framework of which users' consent to the use of cookies, or the processing and providers mentioned as part of the cookie consent management process, can be obtained and managed and withdrawn by users. The declaration of consent is saved so that you do not have to repeat the request again and to be able to prove your consent in accordance with the legal obligation. The storage can take place on the server side and/or in a cookie (so-called opt-in cookie, or using comparable technologies) in order to be able to assign consent to a user or their device. Subject to individual information about the providers of cookie management services, the following information applies: The period of storage of consent may be up to two years. A pseudonymous user identifier is created and stored at the time of consent, information on the scope of the consent (e.g. which categories of cookies and/or service providers) and the browser, system and device used.

  • Types of data processed: usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
  • Persons concerned: Users (e.g. website visitors, users of online services).
  • Legal bases: Consent (Art. 6 para. 1 lit. a. GDPR), legitimate interests (Art. 6 para. 1 p. f. GDPR).

SSL/TLS Encryption Privacy Statement

This website uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content, such as inquiries that you send to us as a site operator. You can recognize an encrypted connection when the browser's address line changes from “http://” to “https://” and by the lock icon in your browser line.

If SSL or TLS encryption is activated, the data that you transmit to us cannot be read by third parties.

Privacy statement for contact form

If you send us inquiries via the contact form, we will store your details from the enquiry form, including the contact details you provided there, for the purpose of processing the enquiry and in case of follow-up questions. We will not share this data without your consent.

Privacy policy for newsletter data

If you would like to receive the newsletter offered on this website, we need an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. No further data is collected. We use this data exclusively to send the requested information and do not pass it on to third parties.

You can withdraw your consent to the storage of the data, the e-mail address and their use to send the newsletter at any time, for example via the “unsubscribe link” in the newsletter.

Using Google Maps

This website uses the services of Google Maps. This allows us to display interactive maps directly on the website and enables you to conveniently use the map function. When you visit the website, Google receives the information that you have accessed the corresponding subpage of our website. This is done regardless of whether Google provides a user account through which you are logged in, or whether there is no user account. If you are logged in to Google, your data is directly associated with your account. If you do not want to be associated with your profile on Google, you must log out before activating the button. Google stores your data as user profiles and uses them for advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide appropriate advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, although you must contact Google to exercise this right. For more information on the purpose and scope of data collection and processing by Google, in addition to further information on your rights in this regard and settings options to protect your privacy, please visit: www.google.de/intl/de/policies/privacy.

Google Analytics Privacy Policy

This website uses Google Analytics, a web analysis service provided by Google Ireland Limited. If the person responsible for data processing on this website is located outside the European Economic Area or Switzerland, Google Analytics data processing is carried out by Google LLC. Google LLC and Google Ireland Limited are hereafter referred to as “Google.”

Using the statistics obtained, we can improve our offer and make it more interesting for you as a user. This website also uses Google Analytics for cross-device analysis of visitor flows, which is carried out via a user ID. If you have a Google user account, you can deactivate the cross-device analysis of your usage under “My data”, “personal data” in the settings there.

The legal basis for the use of Google Analytics is Art. 6 (1) (f) GDPR. The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google. Please note that the code “_anonymizeIp ();” has been added to Google Analytics on this website to ensure anonymized collection of IP addresses. As a result, IP addresses are further processed in abbreviated form, so that identification of a person can be ruled out. If the data collected about you is personally identifiable, this will therefore be immediately excluded and the personal data will be deleted immediately.

Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and abbreviated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and Internet usage to the website operator.

Google Analytics uses cookies. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. You can prevent cookies from being saved by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website in full. You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link: Deactivate Google Analytics.

You can also prevent the use of Google Analytics by clicking on this link: Deactivate Google Analytics. This stores a so-called opt-out cookie on your data carrier, which prevents the processing of personal data by Google Analytics. Please note that if you delete all cookies from your device, these opt-out cookies will also be deleted, i.e. you must set the opt-out cookies again if you want to continue to prevent this form of data collection. The opt-out cookies are set per browser and computer/device and must therefore be activated separately for each browser, computer or other device.

Privacy policy for the use of Google Web Fonts

This website uses so-called web fonts, which are provided by Google, to uniformly display fonts. When you call up a page, your browser loads the required web fonts into your browser cache to correctly display texts and fonts. If your browser does not support web fonts, a standard font is used by your computer.

You can find more information about Google Web Fonts at https://developers.google.com/fonts/faq and in Google's privacy policy: https://www.google.com/policies/privacy/

Google Tag Manager

Google Tag Manager is a solution that allows us to manage so-called website tags via an interface and thus integrate Google Analytics and other Google marketing services into our online offering, for example. The tag manager itself, which implements the tags, does not process any personal user data. With regard to the processing of users' personal data, reference is made to the following information about Google services. Usage guidelines: https://www.google.com/intl/de/tagmanager/use-policy.html.

Facebook privacy policy

This website uses features from Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. When you visit our pages with Facebook plug-ins, a connection is established between your browser and the Facebook servers. Data is already being transferred to Facebook. If you have a Facebook account, this data can be linked to it. If you do not want this data to be associated with your Facebook account, please log out of Facebook before visiting our site. Interactions, in particular the use of a comment function or clicking on a “Like” or “Share” button, are also passed on to Facebook. Find out more at https://de-de.facebook.com/about/privacy.

Twitter privacy policy

This website uses features from Twitter, Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA. When you visit our pages with Twitter plug-ins, a connection is established between your browser and Twitter's servers. Data is already being transferred to Twitter. If you have a Twitter account, this data can be linked to it. If you do not want this data to be associated with your Twitter account, please log out of Twitter before visiting our site. Interactions, in particular clicking on a “re-tweet” button, are also shared with Twitter. Find out more at https://twitter.com/privacy.

Instagram privacy policy

Functions of the Instagram service are integrated on our website. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged into your Instagram account, you can link the content of our pages to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate your visit to our pages with your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Instagram.

For more information, please see Instagram's privacy policy: http://instagram.com/about/legal/privacy/

LinkedIn privacy policy

Within our online offering, we use the marketing services of the LinkedIn social network from LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (“LinkedIn”).

These use cookies, i.e. text files that are stored on your computer. This enables us to analyse your use of the website. For example, we can measure the success of our ads and show users products they were previously interested in.

For example, this collects information about the operating system, the browser, the website you have previously visited (referrer URL), which websites the user visited, which offers the user has clicked on, and the date and time of your visit to our website.

The information generated by the cookie about your use of this website is transferred pseudonymized to a LinkedIn server in the USA and stored there. LinkedIn therefore does not store the name or email address of the respective user. Instead, the above data is only assigned to the person who created the cookie. This does not apply if the user has allowed LinkedIn to process without pseudonymization or has a LinkedIn account.

You can prevent cookies from being saved by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to fully use all functions of this website. You can also object to the use of your data directly on LinkedIn: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

We use LinkedIn Analytics to analyse and regularly improve the use of our website. Using the statistics obtained, we can improve our offer and make it more interesting for you as a user. All LinkedIn companies have adopted the standard contractual clauses to ensure that the data traffic to the USA and Singapore necessary to develop, perform and maintain the services takes place lawfully. If we ask users for consent, the legal basis for processing is Art. 6 para. 1 lit. a GDPR. Otherwise, the legal basis for using LinkedIn Analytics is Art. 6 (1) (f) GDPR.

Information from the third party provider: LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2 Ireland; user agreement and Privacy statement.

External payment service providers

This website uses external payment service providers whose platforms users and we can use to make payment transactions. For example via

  • PostFinance (https://www.postfinance.ch/de/detail/rechtliches-barrierefreiheit.html)
  • Visa (https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html)
  • Mastercard (https://www.mastercard.ch/de-ch/datenschutz.html)
  • American Express (https://www.americanexpress.com/de/legal/online-datenschutzerklarung.html)
  • PayPal (https://www.paypal.com/de/webapps/mpp/ua/privacy-full)
  • Bexio AG (https://www.bexio.com/de-CH/datenschutz)
  • Payrexx AG (https://www.payrexx.ch/site/assets/files/2592/datenschutzerklaerung.pdf)
  • Apple Pay (https://support.apple.com/de-ch/ht203027)
  • Stripe (https://stripe.com/ch/privacy)
  • Klarna (https://www.klarna.com/de/datenschutz/)
  • Skrill (https://www.skrill.com/de/fusszeile/datenschutzrichtlinie/)
  • Giropay (https://www.giropay.de/rechtliches/datenschutzerklaerung) etc.

As part of the fulfilment of contracts, we use payment service providers on the basis of the Swiss Data Protection Regulation and, to the extent necessary, Article 6 (1) lit. b. EU GDPR. In addition, we use external payment service providers on the basis of our legitimate interests in accordance with Swiss Data Protection Ordinance and, to the extent necessary, in accordance with Article 6 (1) (f) of the EU GDPR to offer our users effective and secure payment options.

The data processed by payment service providers includes inventory data, such as name and address, bank details, such as account numbers or credit card numbers, passwords, TANs and checksums, as well as contract, sum and recipient-related information. The information is required to carry out the transactions. However, the data entered is only processed by payment service providers and stored by them. As an operator, we do not receive any information about the (bank) account or credit card, but only information to confirm (accept) or reject the payment. Payment service providers may transfer the data to credit agencies. The purpose of this transfer is to verify identity and credit. In this regard, we refer to the terms and conditions and privacy policies of the payment service providers.

Payment transactions are subject to the terms and conditions and data protection notices of the respective payment service providers, which are available within the respective website or transaction applications. We also refer to these for further information and to assert revocation, information and other data subject rights.

Newsletters - Mailchimp

The newsletters are sent using the mailing service provider 'MailChimp', a newsletter delivery platform from the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. You can read the shipping service provider's privacy policy here view. The Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection levels (PrivacyShield). The shipping service provider is used on the basis of our legitimate interests in accordance with Art. 6 para. 1 lit. f DSGVO and an order processing contract in accordance with Art. 28 para. 3 p. 1 GDPR.

The shipping service provider can use the recipients' data in pseudonymous form, i.e. without attribution to a user, to optimize or improve its own services, e.g. to technically optimize the delivery and presentation of newsletters or for statistical purposes. However, the shipping service provider does not use the data of our newsletter recipients to write to them themselves or to pass on the data to third parties.

YouTube privacy policy

Features of the “YouTube” service are integrated on this website. “YouTube” is owned by Google Ireland Limited, a company registered and operated under Irish law based in Gordon House, Barrow Street, Dublin 4, Ireland, which operates services in the European Economic Area and Switzerland.

Your legal agreement with “YouTube” consists of the terms and conditions available at the following link: https://www.youtube.com/static?gl=de&template=terms&hl=de. These terms form a legally binding agreement between you and “YouTube” regarding your use of the Services. Google's privacy policy explains how “YouTube” handles your personal data and protects your data when you use the service.

Provision of our services in accordance with statutes

We process the data of our members, supporters, interested parties, customers or other persons in accordance with federal data protection regulations (Data Protection Act, DSG) and the EU GDPR in accordance with Article 6 (1) lit. b. GDPR, provided that we offer them contractual services or act as part of an existing business relationship, e.g. with members, or are recipients of services and benefits ourselves. In addition, we process the data of data subjects in accordance with Article 6 (1) (f) GDPR on the basis of our legitimate interests, e.g. when it comes to administrative tasks or public relations.

The data processed here, the type, scope and purpose and the necessity of their processing are determined by the underlying contractual relationship. This generally includes inventory and master data of persons (e.g., name, address, etc.), as well as contact details (e.g. email address, telephone, etc.), contract data (e.g., services used, content and information provided, names of contact persons) and, if we offer services or products subject to payment, payment data (e.g., bank details, payment history, etc.).

We delete data that is no longer required to fulfill statutory purposes. This is determined in accordance with the respective tasks and contractual relationships. In the case of business processing, we store the data for as long as it may be relevant for the transaction and with regard to any warranty or liability obligations. The need to store data is checked at irregular intervals. In addition, the legal storage obligations apply.

Note on data transfer to the USA

Our website includes tools from companies based in the USA. When these tools are active, your personal data may be transferred to the US servers of the respective companies. We would like to point out that the USA is not a safe third country within the meaning of EU data protection law. US companies are required to disclose personal data to security authorities without you, as the person concerned, being able to take legal action against this. It cannot therefore be ruled out that US authorities (e.g. secret services) may process, evaluate and permanently store your data on US servers for monitoring purposes. We have no influence on these processing activities.

Changes

We can amend this privacy policy at any time without notice. The current version published on our website applies. To the extent that the privacy policy is part of an agreement with you, we will inform you of the change by email or other appropriate means in the event of an update.

Questions to the data protection officer

If you have any questions about data protection, please send us an email or contact the person responsible for data protection in our organization listed at the beginning of the privacy policy directly.

Source: SwissAttorney