Skip to content

Navigating back in the page structure

Data privacy policy

This privacy statement provides information on what personal data we process in connection with our activities and operations, including our website sagw.ch. In particular, it provides information on the personal data we collect and why, how and where we process it. It also provides information on the rights of persons whose data we process.

Additional privacy statements or other data privacy information may be published for individual or additional activities and operations.

1. Contact addresses

The data controller for the purposes of data protection law is:

Swiss Academy of Humanities and Social Sciences

House of Academies

Laupenstrasse 7

3001 Bern

Switzerland

kommunikation@sagw.ch

Third parties may, in individual cases, be responsible for processing personal data. Alternatively, data control may be shared with third parties. We will be happy to provide data subjects with information about the data controller in their specific case at their request.

2.1 Terminology

Data subject: Any individual whose personal data we process.

Personal data: Any information relating to an identified or identifiable individual.

Sensitive personal data: Data about trade union, political religious or ideological views and activities; data about health, private life or race or ethnicity; genetic data; biometric data that unequivocally identifies a natural person; data on administrative and criminal proceedings or sanctions; and data on social assistance measures.

Processing: Any handling of personal data, regardless of the means or processes used, such as querying, matching, adapting, archiving, filing, reading, disclosing, procuring, recording, collecting, deleting, revealing, sorting, organising, storing, modifying, disseminating, linking, destroying or using personal data.

We process personal data in accordance with Swiss law, particularly the Federal Act on Data Protection (Data Protection Act, FADP) and the Data Protection Ordinance (DPO).

3. Type, scope and purpose of personal data processing

We process the personal data that is necessary in order to be able to carry out our activities and operations sustainably in a sustainable, people-friendly, secure and reliable manner. The personal data we process may fall into the following categories in particular: browser and device data, content data, communication data, metadata, usage data, master data including inventory and contact data, location data, transaction data, contract data and payment data. The personal data may also include sensitive personal data.

We also process personal data that we receive from third parties, obtain from public sources or collect in the course of our activities and operations to the extent that such processing is permissible.

Where required, we process personal data with the consent of the data subject. In many cases, we can process personal data without consent, for example to fulfil legal obligations or safeguard overriding interests. We may also request data subjects’ consent in cases where none is required.

We process personal data for the period required by the purpose in question.

We anonymise or delete personal data, particularly as required by statutory retention and limitation periods.

4. Disclosure of personal data

We may disclose personal data to third parties, have it processed by third parties or process it jointly with third parties. Such third parties may include, for example, specialised providers whose services we use.

We may share personal data in the course of our activities and operations, particularly with banks and other financial services providers; authorities; educational and research institutions; consultants and lawyers; advocacy groups; IT service providers; cooperation partners; credit agencies; logistics and courier services; marketing and advertising agencies; the media; parent, sister and subsidiary companies, organisations and associations; welfare institutions; telecommunications companies; insurance companies; and payment service providers.

5. Communication

We process personal data for the purpose of communicating with individuals, authorities, organisations and companies. In particular, we process data provided by data subjects when they contact us, for example by post or e-mail. We may store such information in an address book or similar resource.

Third parties who provide us with data concerning other people are required to take independent action to safeguard these data subjects’ privacy. In particular, they must guarantee that such data is correct and can be shared.

6. Applications

We process applicants’ personal data where this data is required to assess their suitability for employment or for the subsequent performance of a contract of employment. The required personal data is obtained from information requested, for example in connection with employment vacancies. We may publish employment vacancies with the aid of suitable third parties, for example in electronic or print media and on jobs portals and platforms.

Furthermore, we process the personal data that applicants provide or publish voluntarily, particularly as part of cover letters, CVs and other application documents or as part of online profiles.

7. Data security

We take suitable technical and organisational measures to ensure an appropriate level of data security for the risk in question. The measures we take guarantee in particular the confidentiality, availability, traceability and integrity of the personal data that is processed, but without any guarantee of absolute data safety.

Our website and other digital services are accessed using transport encryption (SSL/TLS, in particular with Hypertext Transfer Protocol Secure, HTTPS for short). Most browsers give a warning when users are visiting a website that does not use transport encryption.

Our digital communication, like all digital communication in general, is subject to mass surveillance without cause or suspicion by security authorities in Switzerland, the rest of Europe, the United States of America (USA) and other countries.

We have no direct influence over the associated processing of personal data by secret services, police agencies or other security authorities. Furthermore, we cannot rule out the possibility of any data subject being subject to systematic surveillance.

8. Personal data abroad

We generally process personal data in Switzerland. However, we may also disclose or transmit personal data to other countries, particularly for the purpose of processing it, or having it processed, there.

We may export personal data to all countries on Earth or elsewhere in the universe, provided that the law there ensures adequate data protection in accordance with the decision of the Swiss Federal Council.

We may disclose personal data to countries whose law does not ensure adequate data protection, provided that data protection is ensured by other means, particularly standard data protection clauses or other appropriate guarantees. By way of exception, we may export personal data to countries without adequate or appropriate data protection if the specific requirements under data protection law are met, for example if the data subjects give express consent or if the data is being exported for the direct purpose of concluding or fulfilling a contract.

We will be happy to give data subjects information about any guarantees, or provide a copy of the guarantees, at their request.

9. Data subjects’ rights

9.1 Entitlements under data protection law

Data subjects retain all entitlements under applicable data protection law. In particular, data subjects have the following rights:

  • Information: Data subjects may request to know whether we are processing their personal data and, if so, what personal data. Data subjects will also be given the information they need to assert their rights under data protection law and to ensure transparency. This includes the processed personal data itself, but also, among other things, information on the purpose of processing, how long the data will be stored, disclosure or export to other countries, and the origins of the personal data.
  • Correction and restriction: Data subjects can have inaccurate personal data corrected and incomplete data completed. They can also restrict the processing of their data.
  • Own viewpoint and human review: Where decisions are based entirely on automated processing of personal data and either have legal consequences for data subjects or impose a substantial restriction on them (automated individual decisions), data subjects will be able to present their own viewpoint and request review by a human.
  • Deletion and withdrawal of consent: Data subjects can have personal data deleted (right to be forgotten) and withdraw their consent to the future processing of their data.
  • Data release and data transfer: Data subjects may request the release of personal data or the transfer of their data to another controller.

We may suspend, restrict or deny data subjects’ ability to exercise their rights to the extent permitted by law. We may draw data subjects’ attention to any conditions that have to be fulfilled in connection with the exercise of their entitlements under data protection law. For example, we may refuse to provide information, either in whole or in part, citing confidentiality obligations, overriding interests or the protection of other persons.

We may also, for example, refuse to delete personal data, either in whole or in part, particularly where statutory retention obligations apply.

We may, by way of exception, impose costs for exercising rights. We will inform data subjects of any costs in advance.

We are obliged to take appropriate measures to identify data subjects who request information or assert other rights. Data subjects are obliged to cooperate.

Data subjects have the right to take legal action to assert their entitlements under data protection law or to file an objection or complaint with a data protection supervisory authority.

The data protection supervisory authority for private controllers and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

10. Use of the website

10.1 Cookies

We may use cookies. Cookies – either our own (first-party cookies) or those of third parties whose services we use (third-party cookies) – are small data files that are stored in your browser. The data stored need not be limited to traditional text cookies.

Cookies can be stored in your browser temporarily as session cookies or for a certain period of time as persistent cookies. Session cookies are automatically deleted when you close your browser. Persistent cookies have a set expiration date. In particular, cookies enable us to recognise a browser the next time it visits our website and thus, for example, to measure our website’s reach. However, persistent cookies can, for example, also be used for online marketing. Users can completely or partially deactivate, restrict or delete cookies in their browser’s settings at any time. Many browsers also provide the option of automatically deleting cookies along with other cookie management settings. Without cookies, certain website features may no longer be available. We actively request explicit consent to the use of cookies, at least where and to the extent that this is necessary under applicable law.

It is possible to refuse to accept (opt out of) the cookies placed by a large number of companies for the purpose of measuring performance and reach or providing advertising. This can be done via AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).

10.2 Logging

We may log at least the following information each time you access our website or other digital presence if such information is normally detected or collected when you access our digital infrastructure: Date and time, including time zone; IP address; access status (HTTP status code); operating system (including user interface and version); browser (including language and version); individual subpage accessed on our website, including volume of transferred data; website last accessed in the same browser window (referer or referrer).

We record such information, which may also constitute personal data, in log files.

We require this information to provide a sustainable, people-friendly and reliable digital presence. The information is also required to ensure data security, including data security on the part of, or provided with the aid of, third parties.

10.3 Tracking pixels

We may include tracking pixels, also known as web beacons, in our digital presence. Tracking pixels, including those from third parties whose services we use, are usually small, invisible images or scripts written in JavaScript that are automatically downloaded when you access our digital presence. Tracking pixels can be used to collect at least the same information as log files.

11. Notifications and messages

11.1 Measuring performance and reach

Notifications and messages may contain web links or tracking pixels that record whether an individual message has been opened and which web links have been clicked within it. Such web links and tracking pixels may also record specific personal use of notifications and messages. We record these use statistics to measure performance and reach so that we can send notifications and messages that reflect recipients’ needs and reading habits in an effective, people-friendly, sustainable, secure and reliable way.

Your consent is generally required for the use of your email address and other contact addresses except in cases where the law provides otherwise.

We may use double opt-in (double confirmation) to obtain this consent. In this case, you will receive a message with instructions on how to provide double confirmation. We may keep a record of consents given, including IP address and time stamp, as evidence and for security reasons.

In general, you can object to receiving notifications and messages, such as newsletters, at any time. With such an objection, you can simultaneously object to the recording of usage statistics for measuring performance and reach.

We reserve the right to send essential notifications and messages in connection with our activities and operations.

11.3 Notifications and messages – service providers

We send notifications and messages with the aid of specialised service providers.

In particular, we use:

Brevo: Establishing and maintaining customer and user relations, particularly by e-mail and instant messaging; provider: Sendinblue GmbH (Germany); data protection information: Data protection and security, Privacy policy, Security and data protection.

12. Social media

We use social media and other online platforms to communicate with people who are interested in our activities and operations and to provide information about these activities and operations. Use of these platforms may involve personal data being processed outside Switzerland.

The General Terms and Conditions (GTCs), terms of use, privacy policies and other provisions of the operator of each platform also apply. In particular, these provide information on data subjects’ direct rights vis-à-vis the respective platform, including, for example, the right to information.

13. Third-party services

We use services provided by specialised third parties for the purpose of delivering our activities and operations in a sustainable, people-friendly, secure and reliable way. Such services enable us to embed functions and content on our website. The services used to provide embedded features log users’ IP addresses at least temporarily out of technical necessity.

Third parties whose services we use may, for essential security-related, statistical and technical purposes, process data connected with our activities and operations in aggregate, anonymised or pseudonymised form. This data may, for example, be the performance or usage data required to provide the service in question.

13.1 Digital infrastructure

We use the services of specialised third-party providers of digital infrastructure for the purpose of delivering our activities and operations. These include, for example, hosting and storage services from certain providers.

In particular, we use:

Vercel: Cloud deployment platform, particularly for static websites; provider: Vercel Inc. (USA); Data protection information: Privacy Policy, Additional Information for Users in the EEA and the UK.

13.2 Advertising

We run advertising for our activities and operations on third-party sites, for example social media platforms and search engines.

The particular aim of this advertising is to reach persons who are already interested in our activities and operations, or who might be interested in them (remarketing and targeting). For this purpose, we may provide corresponding information, possibly including personal information, to third-party facilitators of such advertising. We may also measure the success of our advertising, meaning in particular whether it generates visits to our website (conversion tracking).

Third parties with whom we advertise and with whom you are registered as a user may link your use of our website to the profile they hold for you.

In particular, we use:

LinkedIn Ads: Social media advertising; providers: LinkedIn Corporation (USA) / LinkedIn Ireland Unlimited Company (Ireland); data protection information: Remarketing and targeting, particularly the LinkedIn Insight Tag, Privacy, Privacy Policy, Cookie Policy, Guest Retargeting Opt-Out.

14. Website extensions

We use extensions on our website to provide additional features. We may use certain services from suitable providers or host the extensions on our own digital infrastructure.

15. Measuring performance and reach

We try to measure the performance and reach of our activities and operations. In this context, we may measure the effect of third-party leads or check how different parts or versions of our digital presence are being used (A/B testing). We use the results of performance and reach measurements in particular to rectify bugs and errors, enhance popular content or make improvements.

Individual users’ IP addresses are generally recorded during performance and reach measurement. In this case, IP addresses are shortened (masked), using appropriate pseudonymisation to comply with the principle of data minimisation.

Performance and reach measurement may involve the use of cookies and the creation of user profiles. If user profiles are created, these may include, for example, the pages visited or content viewed on our digital presence, information on screen or browser window size and your (at least approximate) location. Any user profiles that are created will always be pseudonymised and will not be used to identify individual users. Individual services provided by third parties with whom users are registered may be able to link use of our online offering to the associated user account or user profile for the service in question.

In particular, we use:

Fathom Analytics: Performance and reach measurement; provider Conva Ventures Inc. (Canada); data protection information: privacy-first alternative to Google Analytics with  full data anonymisation and no cookies, Privacy policy, Our data journey.

16. Final notes on this privacy statement

This privacy statement was created using the Datenschutz-Generator tool provided by Datenschutzpartner AG.

We reserve the right to amend this privacy statement at any time. We will provide information about amendments in an appropriate form, in particular by publishing the current version of this privacy statement on our website.