Privacy Policy

1. Controller and Content of this Privacy Policy

We, Dr. Hans Wuttke Stiftung, Grafenaustrasse 5, c/o Domanda Verwaltungs GmbH, 6302 Zug, Switzerland (Company) are the operator of the website https://www.wuttkefoundation.ch/ (Website) and are, unless otherwise stated in this Privacy Policy, responsible for the data processing described in this Privacy Policy.

Please take note of the information below to know what personal data we collect from you and for what purposes we use it. When it comes to data protection, we are guided primarily by the legal requirements of Swiss data protection law, in particular the Federal Act on Data Protection (FADP), as well as the EU General Data Protection Regulation (GDPR), which may be applicable in individual cases.

Please note that the following information may be reviewed and amended from time to time. Therefore, we recommend regularly checking this Privacy Policy for any updates. Furthermore, for individual data processing listed below, other companies are responsible under data protection law or jointly responsible with us, so that in these cases, the information provided by those companies is also relevant.

2. Contact Person for Data Protection

If you have any questions regarding data protection or wish to exercise your rights, please contact our data protection contact person by sending an email to the following address: administration@wuttkefoundation.ch.

3. Data Processing when Contacting Us

If you contact us through our contact addresses and channels (e.g., by e-mail or contact form on the Website), your personal data is processed. We process the data you provide us with, such as your name, email address, phone number, and your message. Additionally, the time of receipt of the message will be documented. Mandatory fields are marked in the contact form with an asterisk (*). We process this data to address your request or message (e.g. providing information about our foundation and potential cooperation, assisting with contract processing, incorporating your feedback into the improvement of our services etc.).

The legal basis for this data processing is our legitimate interest under Article 6(1)(f) of the GDPR in addressing your request or, if your request is aimed at the conclusion or performance of a contract, in the implementation of the necessary measures within the meaning of Article 6(1)(b) of the GDPR.

4. Central Data Storage and Analysis in the CRM System

If a clear identification of your person is possible, we will store and link the data described in this Privacy Policy, i.e. your personal information, contact details, contract data, and your browsing behaviour on our Website in a central database. This allows for efficient management of contact data, enables us to adequately process your requests, and facilitates the efficient provision of the services you requested, as well as the performance of the related contracts.

The legal basis for this data processing is our legitimate interest within the meaning of Article 6(1)(f) of the GDPR in the efficient management of user data.

We also analyse this data to further develop our foundation goals based on your needs and to provide you with the most relevant information and offers. We also use methods that predict possible interests and future requests based on your use of our Website.

The legal basis for this data processing is our legitimate interest within the meaning of Article 6(1)(f) of the GDPR in carrying out marketing activities.

5. Background Data Processing on Our Website

5.1 Data Processing when Visiting Our Website (Log File Data)

When you visit our Website, the web servers temporarily store every access in a log file. The following data is collected without your intervention and stored by us until automatically deleted:

IP address of the requesting computer;
date and time of access;
name and URL of the accessed file;
website from which the access was made, if applicable, with the search word used;
operating system of your computer and the browser you are using (including type, version, and language setting);
device type in case of access from mobile phones;
city or region from which the access was made; and
name of your internet service provider.

The collection and processing of this data is carried out for the purpose of enabling the use of our Website (establishing a connection), ensuring the long-term security and stability of the system, and enabling error and performance analysis and optimisation of our Website (see also Section 5.4 regarding the latter points).

In case of an attack on the network infrastructure of the Website or suspicion of other unauthorised or improper use of the Website, the IP address and other data will be analysed for clarification and defence purposes; if necessary, they may be used in civil or criminal proceedings for the identification of the respective user.

The legal basis for this data processing is our legitimate interest within the meaning of Article 6(1)(f) of the GDPR in the purposes described above.

Finally, when you visit our Website, we use cookies, as well as other applications and tools that rely on the use of cookies. In this context, the data described here may also be processed. For more information, please refer to the subsequent sections of this Privacy Policy, in particular to Section 5.2.

5.2 Cookies

Cookies are information files that your web browser stores on the hard drive or in the memory of your computer when you visit our Website. Cookies are assigned identification numbers that enable your browser to be identified, and allow the information contained in the cookie to be read.

Cookies are used to make your visit to our website easier, more enjoyable, and more meaningful. We use cookies for various purposes that are necessary for the desired use of the website, i.e., “technically necessary.” For example, we use cookies to identify you as a registered user after logging in, so you don’t have to log in again when navigating to different subpages. The provision of ordering functions also relies on the use of cookies. Furthermore, cookies perform other technical functions necessary for the operation of the website, such as load balancing, which distributes the workload of the site across various web servers to relieve the servers. Cookies are also used for security purposes, such as preventing the unauthorized posting of content. Finally, we use cookies in the design and programming of our website, for example, to enable the uploading of scripts or codes.

The legal basis for this data processing is our legitimate interest within the meaning of Article 6(1)(f) of the GDPR in providing a user-friendly and up-to-date website.

Most internet browsers accept cookies automatically. However, when accessing our website, we ask for your consent to the use of non-essential cookies, especially for the use of cookies from third parties for marketing purposes. You can adjust your preferences for cookies by using the corresponding buttons in the cookie banner. Details regarding the services and data processing associated with each cookie can be found within the cookie banner and in the following sections of this Privacy Policy.

You may also be able to configure your browser to prevent cookies from being stored on your computer or receive a notification whenever a new cookie is being sent. On the following pages, you will find instructions on how to configure cookie settings for selected browsers.

Disabling cookies may prevent you from using all the features of our Website.

5.3 Tracking and Web Analytics Tools

5.3.1 General Information about Tracking

For the purpose of customising and continuously optimising our Website, we use the web analytics services listed below. In this context, pseudonymised usage profiles are created, and cookies are used (please also see Section 5.2). The information generated by the cookie regarding your use of our Website is usually transmitted to a server of the service provider, where it is stored and processed, together with the Log File Data mentioned in Section 5.1. This may also result in a transfer to servers abroad, e.g., the USA (for information on the absence of an adequate level of data protection and the proposed safeguards, see Sections 6.2 and 6.3).

Through the data processing, we obtain, among others, the following information:

navigation path followed by a visitor on the site (including content viewed, information requested);
time spent on the Website or specific page;
the specific page from which the Website is left;
the country, region, or city from where an access is made;
end device (type, version, colour depth, resolution, width, and height of the browser window); and
returning or new visitor.

The provider, on our behalf, will use this information to evaluate the use of the Website, in particular to compile Website activity reports and provide further services related to Website usage and internet usage for the purposes of market research and the customisation of the Website. For these processing activities, we and the providers may be considered joint controllers in terms of data protection to a certain extent.

The legal basis for this data processing with the following services is your consent within the meaning of Article 6(1)(a)of the GDPR. Part of the data processing may also be assessed as profiling (with or without high risk), to which your consent is also extended. You can withdraw your consent or oppose to processing at any time by rejecting or deactivating the relevant cookies in the settings of your web browser (see Section 5.2) or by using the service-specific options described below.

Regarding the further processing of the data by the respective provider as the (sole) controller, including any potential disclosure of this information to third parties, such as authorities due to national legal regulations, please refer to the respective privacy policy of the provider.

5.3.2 Google Analytics

We use the web analytics service Google Analytics provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, or Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (Google).

Contrary to the description in Section 5.4.1, IP addresses are not logged or stored in Google Analytics (in the version used here, “Google Analytics 4”). For accesses originating from the EU, IP address data is only used to derive location data and is immediately deleted thereafter. When collecting measurement data in Google Analytics, all IP searches take place on EU-based servers before the traffic is forwarded to Analytics servers for processing. Google Analytics utilises regional data centres. When connecting to the nearest available Google data centre in Google Analytics, the measurement data is sent to Analytics via an encrypted HTTPS connection. In these centres, the data is further encrypted before being forwarded to Analytics’ processing servers and made available on the platform. The most suitable local data centre is determined based on the IP addresses. This may also result in a transfer of data to servers abroad, eg., the USA (for information on the absence of an adequate level of data protection and the proposed safeguards, see Sections 6.2 and 6.3).

We also use the technical extension called “Google Signals”, which enables cross-device tracking. This makes it possible to associate a single website visitor with different devices. However, this only happens if the visitor is logged into a Google service during the website visits and has activated the “personalized advertising” option in their Google account settings. Even in such cases, we do not have access to any personal data or user profiles. If you do not wish to use “Google Signals,” you can deactivate the “personalized advertising” option in your Google account settings.

Users can prevent the data generated by the cookie relating to the use of the Website by the user concerned (including the IP address) from being collected and processed by Google and revoke their consent by refusing or deactivating the cookies concerned on the cookie banner or in the settings of their web browser or by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en-GB.

5.4 Online Advertising and Targeting

5.4.1 In General

We use services of various companies to provide you with interesting offers online. In the process of doing this, your user behaviour on our website and websites of other providers is analysed in order to subsequently be able to show you online advertising that is individually tailored to you.

Most technologies for tracking your user behaviour (Tracking) and displaying targeted advertising (Targeting) utilise cookies (see also Section 5.2) or similar technologies and unique identifiers (for example, advertising IDs), which allow your browser to be recognised across different websites. Depending on the service provider, it may also be possible for you to be recognised online even when using different end devices (e.g., laptop and smartphone). This may be the case, for example, if you have registered for a service that you use with several devices.

In addition to the data already mentioned, which is collected when visiting websites (Log File Data, see Section 5.1) and through the use of cookies (Section 5.2) and which may be transmitted to and processed by companies participating in advertising networks, the following data, in particular, is used to select the advertisements that are potentially most relevant to you:

information about you that you provided when registering or using a service from advertising partners (e.g., your gender, age group); and
user behaviour (e.g., search queries, interactions with advertisements, types of websites visited, products or services viewed and purchased, newsletters subscribed to).

We and our service providers use this data to determine whether you belong to the target audience we address and take this into account when selecting advertisements. For example, after visiting our Website, you may see advertisements for the products or services you have viewed when you visit other sites (Re-targeting). Depending on the amount of data, a user profile may also be created, which is automatically analysed; the advertisements are then selected based on the information stored in the profile, such as belonging to certain demographic segments or potential interests or behaviours. These advertisements may be displayed to you on various channels, including our website or app (as part of on- and in-app marketing), as well as advertising placements provided through the online advertising networks we use, such as Google.

The data may then be analysed for the purpose of settlement with the service provider, as well as for evaluating the effectiveness of advertising measures in order to better understand the needs of our users and to improve future campaigns. This may also include information that the performance of an action (e.g., visiting certain sections of our Website or submitting information) can be attributed to a specific advertising. We also receive from service providers aggregated reports of advertisement activity and information on how users interact with our Website and advertisements.

The legal basis for this data processing is your consent within the meaning of Article 6(1)(a) of the GDPR. Part of the data processing may also be assessed as profiling (with or without high risk), to which your consent is also extended. You can withdraw your consent at any time by rejecting or deactivating the relevant cookies in the settings of your web browser (see Section 5.2). Further options for blocking advertising can also be found in the information provided by the respective service provider, such as Google.

5.4.2 Google Ads

As explained in Section 5.5.1, this website uses the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (Google) for online advertising. Google uses cookies (see the list here), which allow your browser to be recognised when you visit other websites. The information generated by the cookies about your visit to the Websites (including your IP address) will be transmitted to and stored by Google on servers in the United States (for information on the absence of an adequate level of data protection and the proposed safeguards, see Sections 6.2 and 6.3). Further information on data protection at Google can be found here.

The legal basis for this data processing is your consent within the meaning of Article 6(1)(a) of the GDPR. You can withdraw your consent at any time by rejecting or deactivating the relevant

6. Disclosure and Cross-Border Transfer

6.1 Disclosure to Third Parties and Third-Party Access

Without the support of other companies, we would not be able to provide you with the requested information in the desired form. To use the services of these companies, it is necessary to share your personal data with these companies to a certain extent. A disclosure of data is limited to selected third-party service providers and only to the extent necessary for the optimal provision of the information or services requested.

Various third-party service providers are explicitly mentioned in this Privacy Policy.

Your data may be disclosed to third parties to the extent necessary for the fulfilment of the contractual relationship, e.g., to transportation companies or providers of other services. The legal basis for these disclosures is the necessity for the performance of a contract within the meaning of Article 6(1)(b) of the GDPR. For these data processing activities, the third-party service providers are considered data controllers under the data protection laws, and not us. It is the responsibility of these third-party service providers to inform you about their own data processing, which may extend beyond the mere sharing of data for the provision of requested information or services, and to comply with data protection laws.

Furthermore, your data may be disclosed, especially to authorities, legal advisors, or debt collection agencies, if we are legally obliged to do so or if it is necessary to protect our rights, in particular to enforce claims arising from our relationship with you. Data may also be disclosed if another company intends to acquire our company or parts thereof, and such disclosure is necessary to conduct a due diligence or to complete the transaction.

The legal basis for this data processing is our legitimate interest within the meaning of Article 6(1)(f) of the GDPR in protecting our rights and fulfilling our obligations, as well as in the sale of our company or parts thereof.

6.2 Transfer of Personal Data to Third Countries

We have the right to transfer your personal data to third parties located abroad if it is necessary to carry out the data processing described in this Privacy Policy. Specific data transfers have been mentioned in Section 3. When making such transfers, we will ensure compliance with the applicable legal requirements for disclosing personal data to third parties. The legal provisions governing the disclosure of personal data to third parties are duly observed. The countries to which data is transmitted include those that, according to the decision of the Federal Council and the European Commission, have an adequate level of data protection (such as the member states of the EEA or, from the EU’s perspective, Switzerland), as well as those countries (such as the USA) whose level of data protection may not be considered adequate (see Annex 1 of the Data Protection Ordinance (DPO)) and the website of the European Commission). If the country in question does not provide an adequate level of data protection, we ensure that your data is adequately protected by these companies by means of appropriate safeguards, unless an exception is specified on a case-by-case basis for the individual data processing (see Article 49 of the GDPR). Unless otherwise specified, these are companies certified under the Privacy Framework Agreement or standard contractual clauses as referred to in Article 46(2)(c) of the GDPR, which can be found on the websites of the Federal Data Protection and Information Commissioner (FDPIC) and the EU Commission. If you have any questions regarding the implemented measures, please reach out to our data protection contact person (see Section 2).

6.3 Information on Data Transfers to the USA

For the sake of completeness, we would like to inform users residing or based in Switzerland or the EU that certain third-party service providers mentioned in this privacy statement are located in the USA. It is important to note that there are surveillance measures by US authorities in place that generally allow for the storage of all personal data of individuals whose data has been transmitted from Switzerland or the EU to the United States. This occurs without differentiation, limitation, or exception based on the purpose for which the data is being collected and without an objective criterion that would restrict US authorities’ access to the data and its subsequent use to specific, strictly limited purposes that can justify the interference associated with accessing and using the data. Furthermore, we would like to point out that affected individuals from Switzerland or the EU do not have legal remedies or effective judicial protection against general access rights of US authorities, which would allow them to access the data concerning them and to rectify or delete it. We explicitly highlight this legal and factual situation to enable you to make an informed decision regarding your consent to the use of your data.

For users residing in Switzerland or a member state of the EU, we also want to inform you that, from the perspective of the European Union and Switzerland, the United States does not provide an adequate level of data protection, among other reasons, as explained in this paragraph. In cases where we have mentioned in this privacy statement that data recipients (such as Google) are located in the United States, we will ensure by choosing companies that are certified under the Privacy Framework Agreement, or through contractual arrangements with these companies and, if necessary, additional appropriate safeguards, that your data is adequately protected at our third-party service providers.

7. Retention Periods

We only store personal data for as long as it is necessary to carry out the processing described in this Privacy Policy within the scope of our legitimate interests. For contractual data, the storage is stipulated by statutory retention obligations. Requirements that oblige us to retain data arise from the accounting and tax law regulations. According to these regulations, business communication, concluded contracts, and accounting documents must be retained for up to 10 years. If we no longer need this data to provide information or services for you, the data will be blocked. This means that the data may then only be used if this is necessary to fulfil the retention obligations or to defend and enforce our legal interests. The data will be deleted as soon as there is no longer any legal obligation to retain it and no legitimate interest in its retention exists.

8. Data Security

We use appropriate technical and organisational security measures to protect your personal data stored with us against loss and unlawful processing, in particular unauthorised access by third parties. Our employees and the service companies mandated by us are obliged to maintain confidentiality and uphold data protection. Furthermore, these persons are only granted access to personal data to the extent necessary for the performance of their tasks.

Our security measures are continuously adapted in line with technological developments. However, the transmission of information via the Internet and electronic means of communication always involves certain security risks and we cannot, therefore, provide any absolute guarantee for the security of information transmitted in this way.

9. Your Rights

If the legal requirements are met, as a data subject, you have the following rights with respect to data processing:

Right of access: You have the right to request access to your personal data stored by us at any time and free of charge if we process such data. This gives you the opportunity to check what personal data concerning you we process and whether we process it in accordance with applicable data protection regulations.

Right to rectification: You have the right to have inaccurate or incomplete personal data rectified and to be informed about the rectification. In this case, we will also inform the recipients of the data concerned about the adaptations we have made, unless this is impossible or involves disproportionate effort.

Right to erasure: You have the right to obtain the erasure of your personal data under certain circumstances. In individual cases, particularly in the case of statutory retention obligations, the right to erasure may be excluded. In this case, the erasure may be replaced by a blocking of the data if the requirements are met.

Right to restriction of processing: You have the right to request that the processing of your personal data be restricted.

Right to data portability: You have the right to receive from us, free of charge, the personal data you have provided to us in a readable format.

Right to object: You have the right to object at any time to data processing, especially with regard to data processing related to direct marketing (e.g., marketing emails).

Right to withdraw consent: You have the right to withdraw your consent at any time. However, processing activities based on your consent in the past will not become unlawful due to your withdrawal.

To exercise these rights, please send us an e-mail to the following address: administration@wuttkefoundation.ch.

Right of complaint: You have the right to lodge a complaint with a competent supervisory authority, e.g., against the manner in which your personal data is processed.