Question 1

Data protection at a glance

Accepted Answer

General guidance The following information summarizes how the Swiss Red Cross (SRC) gathers and processes your personal data (point 2). Personal data are any information relating to natural persons who are identified or identifiable by the information in question. This privacy statement gives you information on how we collect and otherwise process personal data. This is not an exhaustive description; other privacy policies or information texts may govern specific circumstances. Who is responsible for data processing, and who is my point of contact? The following is the Data Controller, responsible for data processing: Swiss Red Cross
Rainmattstrasse 10
P.O. box
3001 Bern
Email: info@redcross.ch
Telephone: +41 58 400 41 11
 Data Protection Officer contact details Swiss Red Cross Data Protection Officer
Rainmattstrasse 10
P.O. Box
3001 Bern
E-mail: info@redcross.ch
Telephone: +41 58 400 41 11 If you have any questions on the subject of data protection at the SRC, please contact the Data Protection Officer.

Question 2

Data processing in the context of our activities, services and business relations

Accepted Answer

Which data do we process, and where do they come from? The SRC generally processes personal data from the following sources: Data you supply to us yourself in conjunction with requests, use of our services, receipt of material assistance, contributions, donations or volunteer work. These include the data generated when you sign up for our newsletter or make a purchase at our online shop. Data disclosed to us by third parties who have your consent, for the purpose of order processing or performance of contracts, e.g. health and insurance data or payment details; Data which government departments and authorities supply to us from their own activities, e.g. personal data from cantonal institutions, social services, courts and tribunals, child and adult protection authorities and public prosecutors’ offices. Data which we have obtained from publicly accessible sources, directly or through specialist providers. These include sociodemographic data (e.g. occupation. age group), regional data (e.g. language region), household data, data on conduct and attitude, which we may obtain from the media, public registers such as the commercial register or suppliers of addresses, such as Swiss Post or Swisscom. Data which we receive from other SRC organizations. Depending on the context within which we process personal data, these data may include information concerning your health, social assistance measures, religious, world or political views or activities, or your ethnicity. For what purpose and on what basis are my data used? Our main reason for processing personal data is to provide our services. In this context, we fulfil our obligations under our Charter, treaties and contracts, and obligations which we have taken over on behalf of governmental organizations. The primary purpose of data processing depends on the specific product or service you buy from us, or the order that we carry out for you. In addition to the data processing activities described in this privacy statement which we carry out in conjunction with our websites, apps and other digital communication channels, we also process personal data relating to you and further persons such as applicants, clients, donors, volunteers, partners, suppliers, service providers, patrons and interested parties insofar as we are permitted and believe it is appropriate to do so. This applies in particular to the following purposes for processing data, where we (and sometimes also third parties) have a legitimate interest related to the purpose, where you have given consent, or where the SRC is under obligation due to various legal and regulatory stipulations: Receipt and processing of requests for support, for example financial assistance requests, missing person searches or humanitarian visa applications Provision of advice by the SRC, for example via the SRC Outpatient Clinic for Victims of Torture and War or on being joined by family members Drafting of living wills via the SRC Operation of the Red Cross emergency response centre Recognition and registration of health professions and registration certificates for practising health professions abroad Services provided by the SRC as part of asylum and refugee services, medical and psychotherapeutic treatment, or social counselling for survivors of flight, torture and war as well as undocumented migrants.  Organization and execution of training Organization and execution of events Execution of surveys Processing of donations and contributions Registration of volunteers Communication with us, e.g. verbal, by telephone/video conference (see also below), via e-mail, contact forms or collaboration tools Marketing and fundraising, e.g. via postal mailshots, e-mail newsletters, social media or online adverts (see also below) Organization and execution of competitions or prize draws Ordering of brochures about our activities and offers, or of articles from our online shop Applications for jobs with us Safeguarding of IT security Prevention of criminal offences Pursuit of legal claims and defence in legal disputes Evaluation of data on donation behaviour and use of services Updating of address data Communication about the organization (e.g. via the patrons’ magazine or in the media) Further development of products and services Administration of our association including memberships In certain cases we assume that you will be interested in periodically receiving information about our activities and missions by e-mail, post, SMS, instant messaging or other communication channels. You can unsubscribe from the electronic or postal information we send you at any time. Revoking your consent does not affect the legality of data processing carried out before revocation. Who gets to see my data? Access is allowed to the people at the SRC who need your data to prepare our products and services. In addition to our own staff, they include service providers commissioned by us. These individuals have signed an undertaking to preserve confidentiality and protect your data.  The following are our main categories of recipient: Service providers involved in processing your orders: partner organizations, service providers appointed by us to execute orders, e.g. suppliers, IT providers, mailshot production firms and suppliers of products which improve our ability to raise donations, providers who handle address management, banks and payment service providers. Other Red Cross organizations, authorities, insurers including in particular social security and health insurance providers, health organizations, hospitals, doctors, welfare institutions, foundations and disaster relief organizations. Releases of personal data to state institutions or authorities occur very rarely at the SRC. These might include courts and tribunals, public prosecutors, child and adult protection authorities, tax authorities and auditing companies. When using our website and other digital services, your data may be transmitted to third parties such as Facebook, Google and PayPal, which process personal data under their own responsibility. Are my data sent abroad or forwarded to an international organization? The SRC processes your personal data primarily in Switzerland. This applies, for example, to the data we hold about our donors. However, some processing operations relating to personal data require the data to be sent to other countries both inside and outside Europe, where some of the IT service providers we use are located (e.g. providers of digital services and tools). To facilitate the distribution of our digital newsletter, personal data may be sent to the USA. We also send your data abroad if necessary, or if required by law, to fulfil our duties under the charter, carry out your orders or provide you with support in disasters or emergencies (e.g. requests to foreign authorities for mutual assistance in legal or administrative matters) or with your consent (e.g. information requests from the tracing service, co-operation with aid organizations in the field in the event of a disaster or emergency, and respite services for relatives). Please refer to the Tracing Service website and the relevant data protection rules of the ICRC regarding the processing of personal data by the SRC Tracing Service and by the International Committee of the Red Cross (ICRC). With regard to the forwarding of data by the Contact Point for the Recognition of Foreign Qualifications, please see the data protection information provided by the State Secretariat for Education, Research and Innovation SERI. When we send data to a country that does not have appropriate statutory data protection measures in place, we require the recipient to put in place appropriate measures to protect personal data (e.g. by agreeing to EU standard contractual clauses, current version available here, implementing other measures or providing proof of justificatory or exculpatory conditions). Do profiling or automated decision-making take place? In principle, the SRC does not operate fully automated, legally binding decision-making at the start of relations with new customers or when providing services to you personally. If we do follow such a process in an individual case, we will inform you about it separately. Some of the processing by the SRC of your data is automated, and serves to evaluate certain individual aspects. This analysis takes place anonymously and helps us target our communications and fundraising activities and fundraising activities and improve our products and services. Do I have to supply data? If we carry out services for you, e.g. respite services, educational courses or recognition of foreign vocational qualifications, you do have to supply us with the personal data we need in order to set up and maintain our relations with you, to act on and fulfil the obligations we accept towards you, or where the law requires us to gather such data. Without such data we will, in some circumstances, be bound to decline an order or contract. How do we go about public fundraising? We are reliant on your donations so that we can continue to be there for those who are most in need. If you do not wish to receive any mailings or other information concerning fundraising campaigns from us, you can unsubscribe from these easily in writing or by email. For how long will my data be stored or kept? We process and store your personal data for as long as we need in order to fulfil our contractual and statutory obligations. As a rule, the statutory obligations for keeping contractual documents remain in force for 10 years after the end of our order or business relations. If we no longer need your personal data, or our service has come to an end, your data are regularly deleted, as far as technically possible, except when we need to continue processing them for the following purposes: to comply with the periods of accounting and safekeeping in accordance with commercial and fiscal laws and regulations; to preserve evidence during the periods of prescription (e.g. health data or in the event of legal dispute); to keep records if we provide specific services such as family tracing or to comply with statutory safekeeping periods; to deactivate rather than erase data, for example donor data, to ensure that your data do not re-enter our database via other channels. Should the conditions for doing so be met, we will delete your personal data irrevocably at your express wish. If we do delete your data from our files of donors and patrons, we cannot guarantee that your data will not find their way back into our donation database via external mailing list companies. Audio and video conferences We use audio and video conference services to communicate with our customers and other people. This enables us in particular to hold audio and video conferences, virtual meetings, training sessions and webinars. We only use services that ensure adequate data protection. In addition to this Privacy Statement, any conditions of the services used such as terms of use and privacy statements also apply. We mainly use Microsoft Teams, a service of Microsoft Operations Ireland Limited. Further information on the type, scope and purpose of data processing can be found in the Microsoft Privacy Statement and Services Agreement. We also, very occasionally, use other audio and video conference services such as Zoom, a service provided by the US company Zoom Video Communications Inc. Further information on the type, scope and purpose of data processing can be found in the Zoom privacy statement and on their privacy and legal page. The webinar hosts are experienced users of the solutions concerned. Participation in these events is at the participant's own risk. The SRC does not accept any liability in this regard (e.g. data protection breaches).

Question 3

Data recording via our website

Accepted Answer

Data protection As a website operator, we take the protection of your personal data very seriously. If you use our website, various personal particulars are gathered. Personal data means information from which you can be personally identified. Below we explain what data we collect, for what purposes, and with which tools. Please note that there may be gaps in security during data transfer via the Internet (e.g. in email communications). Seamless protection of data from access by third parties is not possible. However, we endeavour to protect all websites by secure socket layer (SSL). How do you record my data? We record your data if you disclose them to us. You may supply such data on a contact form, when placing an order, booking for an event, or when making an online donation. Other data are automatically recorded by our IT systems when you visit our website. This mainly involves technical data (e.g. your internet browser, operating system or time of retrieval of page), selection of cookies, device data (HTTP agent, HTTP referrer), IP address, geolocation. Such data are recorded automatically on landing at our website. More information on how we evaluate website usage and on web analysis services is available in the relevant sections. What do you use my data for? Some of your data are gathered to ensure error-free operation of the website and enable us to target potential donors with online advertising. Other data may be used to analyse your usage patterns. We can never identify anyone personally via the analytics tools at all our websites, even via their IP address. SSL and TLS encryption Our websites use SSL or TLS encryption for security reasons, and to protect the transfer of confidential content such as the orders or inquiries which you send to us.  Encrypted payment transactions If you give us money, or enter into a paid contract with an obligation to let us know your payment details (e.g. account number for a direct debit mandate), we need these data to process your payment. However, we hold no credit card information. Credit card data pass exclusively via the providers we use for our payment services and are therefore not stored at the SRC. Cookies, tools and other services The websites use cookies and tools including analysis tools, third-party tools and other services. A cookie is a small block of information which is saved onto your user device. Cookies serve to make our offers more user-friendly, effective and secure, for example by recognizing return website visitors and evaluating their behaviour and preferences.  The use of websites also generates other data, in particular technical data, which are saved in logs. The tools we use for technical purposes process data such as: your website behaviour including demographic data, data about the device used, search and click behaviour, log data, form data and contact data such as your email address, your last name, first name, date of birth, and information on queries, contact data, payment information and similar. Their sole purpose is technical support of programs and anonymous statistical evaluation of their functions.  Cookies, tools and other services usually contain no personal data, but they can be linked to data, such as a user account, stored by third-party providers, which may enable a link to you.  ﻿Overview of cookies, tools and other services 
 Google Ads Enhanced Conversions We use the «Enhanced conversions» function of Google Ads. This means that additional customer information, such as e-mail addresses in forms, can be entered and transmitted in hash form (SHA-256) to Google. The hash function ensures that no plain-text data is forwarded. This data is used solely to improve conversion measurement and to increase the accuracy of our campaign evaluations.  Frontify We use the platform from Frontify for the SRC brand portal and to incorporate images on our websites. Further information on the type, scope and purpose of data processing can be found in the Cookie Policy | Frontify. Cookie settings  We have installed a consent management tool from Usercentrics on our websites, which enables users of our websites to select settings for cookies, tools and other services. The setting options can be found when calling up our websites or directly at the cookie settings link. You can also configure your browser to inform you about setting cookies and only permit cookies in individual cases. You can also usually block cookies in specific cases or activate automatic cookie deletion when you close your browser. If cookies are blocked, the website concerned may not be fully functional. Cookies are stored if needed to execute the electronic communication process or prepare certain functions you want, such as clicking to close a window you opened. We have a legitimate interest in the storage of cookies for the smooth technical operation and optimum provision of our services.  By using our websites, apps and other digital channels, and by consenting to receive newsletters and other marketing e-mails, you are agreeing to the use of this technology. If you do not wish to have this technology used, you will need to change the settings in your browser and/or email program, within the scope of the technical possibilities, or uninstall the app, if you are unable to change the settings. Cashless payment transactions If you donate via digital channels (online and mobile), the company RaiseNow AG, with head office at Hardturmstrasse 101, 8005 Zurich, transmits your personal information in encrypted form to the SRC. If you give via digital channels by SMS, the FairGive Association, of Hardturmstrasse 101, 8005 Zurich, receives your donation in trust and passes it on to the SRC. The Swiss charitable association FairGive promotes transparent and sustainable giving via digital channels (mobile and online). FairGive acts as an independent financial intermediary in this context. FairGive is a non-profitmaking association and uses the payment data exclusively for payment settlement. Please see the data protection guidelines of RaiseNow and FairGive Credit card companies We offer payment by credit card on our websites. The company SIX, with head office at Pfingstweidstrasse 110, 8005 Zurich, guarantees secure payment settlement. SIX operates the infrastructure for the Swiss financial market. Read the privacy statement of SIX. Below we list our providers’ privacy statements: Mastercard American Express Visa PostFinance PostFinance is one of Switzerland's leading financial institutions. It is a reliable partner for over three million personal and business customers who wish to manage their finances independently. With regard to data protection during the settlement of online payments, please see the data protection policy of PostFinance AG with headquarters in Bern. PayPal One of the payment methods offered at our website is PayPal. The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., of 2224 Boulevard Royal, L-2449 Luxembourg (below: “PayPal”). If you select payment by PayPal, the payment data you enter are forwarded to PayPal. Please also see PayPal’s Privacy Policy. Masterpass Masterpass is the digital cashless solution from Mastercard, which makes card payments via the Internet even more convenient and secure. Mastercard Incorporated, in turn, is one of the two largest international payment card companies (credit, debit and prepaid cards). Mastercard licenses banks worldwide to issue its cards (issuing licences). For payment settlement via Mastercard, please see the Privacy Policy of Mastercard Inc., with headquarters in Purchase, New York. Twint One of the payment methods offered at our website is Twint. Twint is provided jointly by a number of Swiss owner and partner banks: Banque Cantonale Vaudoise (BCV), PostFinance, Raiffeisen, UBS and Zürcher Kantonalbank (ZKB). The Twint website can be visited without having to leave behind personal data. The site only stores access data in your server log files, which do not enable individuals to be traced. The data include the names of the pages retrieved, with date and time of retrieval, the data volume transferred in each case and the Internet service provider via which the retrieval took place. Twint uses these data exclusively to ensure smooth availability and to make improvement to its website. See the Privacy Policy of Twint AG, with head office at Stauffacherstrasse 31, 8004 Zurich. SIX operates the infrastructure for the Swiss financial market. SIX, with head office at Pfingstweidstrasse 110, 8005 Zurich, guarantees secure payment settlement via Twint. Read the privacy statement of SIX. Coinify We offer the option of donating in cryptocurrency via Coinify on our website. Coinify is a global virtual currency platform enabling individuals and companies to trade and make payments in cryptocurrencies such as Bitcoin. Please see the Privacy Policy of Coinify ApS, headquartered in Copenhagen, Denmark, regarding data protection when processing online payments with Coinify. Your encrypted data will be transferred securely to Coinify, where they will be processed using the highest security standards. However, please note that transactions using cryptocurrencies may harbour specific risks, such as security problems associated with cyber criminality and regulatory aspects, which may vary significantly between countries. In addition, cryptocurrency transactions generally cannot be reversed. We recommend that you inform yourself of these risks before making this type of transaction.

Question 4

Posts on social media

Accepted Answer

SRC websites contain links to posts on external social media pages such as Facebook, Instagram, LinkedIn, YouTube, Twitter and others. The SRC uses such social media platforms as publication and communication media for its content. Clicking on links, which may feature the logo of the platform, will take you to the platform of the respective provider. The SRC has neither access to nor influence on the handling of personal data entered by or left on social media platforms by users. Personal data are processed under the responsibility of the relevant platform operator. This may also affect people who are not registered as users, and the data may be processed in other countries, potentially including countries outside Europe. Detailed information on data processing in connection with these platforms, opt-out options and exercising information rights can be obtained from the privacy policy of the relevant platform operator. Facebook Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Privacy policy of the provider Instagram Meta Platforms Ireland, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Privacy policy of the provider LinkedIn LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
Privacy policy of the provider YouTube Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Privacy policy of the provider Twitter Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland
Privacy policy of the provider

Question 5

SRC apps

Accepted Answer

In addition to our online services, we also offer mobile apps such as the SRC Babysitting app and the SRC First Aid app, which you can install on your mobile device. When these mobile apps are downloaded, the necessary information is transferred to the relevant app store, in particular your user name, the customer number for your account, the time of the download, and, where applicable, your e-mail address and the individual ID of your device. We only process the data to the extent required to download the app onto your mobile device. The app store collects various data independently. Further information may be collected and processed by the device or software manufacturers. We have no influence on the processing of these data, nor on apps not published by the SRC, and take no responsibility for these. The SRC Babysitting app The SRC uses the Babysitting app to provide important information and knowledge for future babysitters on its babysitting courses. The interactive app helps babysitters to record their childminding experience and make notes on individual assignments. It should be understood that this is an interactive learning app. Babysitters set up their own profiles on the app. This app is used without gathering or processing personal data. The data of the children looked after are recorded in anonymized form. The data remain exclusively on the device on which they were entered and are not linked to the babysitter’s profile. The SRC does not produce personalized child profiles or pass data to third parties. ﻿The user account (profile) is automatically deleted if, after two years of inactivity in the application, the babysitter does not open the application within 30 days of the e-mail request. The SRC uses functions of the Google Analytics web analysis service for the use of this app. These data serve purely for statistical purposes and are not personalized. Further information about Google Analytics is available in the relevant section. The SRC First Aid app As part of an international project, the rescue organizations of the Swiss Red Cross use the SRC First Aid app to make life-saving information and knowledge available in emergencies. This app is used without gathering or processing your personal data. The SRC does not generate personal or preference profiles, and does not release data to third parties. The SRC uses functions of the Google Analytics web analysis service for the use of this app. These data serve purely for statistical purposes and are not personalized. Further information about Google Analytics is available in the relevant section. SUI app ‘Sui’ stands for support (S), unaided self-help (U) and information (I). The app is intended for people who have recently moved to Switzerland, e.g. refugees or other newcomers. Sui contains information about life in Switzerland, on topics such as the asylum procedure, residential status, work and education, social integration or the healthcare system. It also contains exercises and tips for how to cope with stress, insomnia and pain, and teaches users how they can help themselves. Users can also receive support in their native language from a counsellor (a ‘peer’).

The app can be used without creating a user account on the user’s chosen device; however, during this time usage data and technical information, such as log files, are stored. This information will be used to improve technical aspects of the app, make anonymous evaluations, for statistical purposes and to analyse user behaviour in order to improve our service. Sui users’ IP addresses are anonymized. If they so choose, users may create an account to synchronise the data they enter when using the app on different devices and restore it if the device is lost. An email address can also optionally be stored so that the password can be reset. Swiss Red Cross Community app The Swiss Red Cross Community app provides SRC service providers (employees and volunteers) with information about its services and voluntary work. It enables service providers to view and report on ongoing assignments, accept new assignments in a marketplace and update their own contact details. Access to the app is provided exclusively on clearance by the relevant SRC organization. App users’ personal data is collected and processed. The data is stored on the Salesforce Nonprofit Cloud with data location Switzerland. A user’s account can be deactivated or deleted by contacting the relevant SRC organization. If service providers leave the organization, access to the app is blocked. Whenever the app is used, Salesforce uses certain technical identifiers but does not analyse any personal data. The data collected is used for the purposes of technical development, to ensure the correct functioning of the app, analyse user behaviour and continuously improve our services.

Question 6

Recognition chatbot

Accepted Answer

The SRC chatbot (the ‘recognition chatbot’) provides information about the recognition process for foreign qualifications in the healthcare sector under SRC responsibility. The information is provided as a dialogue between the user and the recognition chatbot, an AI tool. The recognition chatbot is designed to respond only to generic requests. Please do not enter any personal or confidential information in the chatbot. The recognition chatbot relies on OpenAI's GPT-4 language model for its communicative functions and operates using cloud services. The SRC only processes personal data that is necessary for the provision of the recognition chatbot service, such as technical data and usage data. The data collected is transmitted to OpenAI, the provider of the service, and to other digital providers, which in particular ensure the hosting and database management service as well as the monitoring and analysis services for the requests.

Question 7

What are my rights in relation to my data?

Accepted Answer

Within the context of the data protection law applicable to you and insofar as provided therein, you have the right of access, correction and deletion and the right to limit processing with regard to your personal data. You have the right to object to our data processing and to request the release of certain personal data for the purpose of transfer to another body ("data portability"). Please note, however, that we reserve the right to assert the restrictions provided for by law, for example if we are obliged to store or process certain data, if we have an overriding interest in doing so (insofar as we are entitled to refer to this) or if we need these data in order to assert claims. Please also note that exercising your rights may conflict with contractual agreements and this may have consequences such as the early termination of a contract or the incurrence of costs. If this is the case and is not contractually regulated elsewhere, we will inform you in advance.  The exercise of such rights usually requires that you clearly prove your identity (e.g. by producing a copy of your identity card where your identity is otherwise not clear or cannot be verified). To exercise your rights you can contact us at the address given in section 1. Every data subject also has the right to enforce his or her rights in court or to lodge a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (https://www.edoeb.admin.ch)

Question 8

Final provisions

Accepted Answer

Disclaimer The SRC is responsible for this policy on Data Protection at the Swiss Red Cross. The information at this website has been compiled with great care. However, it cannot be warranted up to date, accurate and complete. Therefore all liability for possible losses connected with the use of information in this data protection statement is declined. Simple use of this website gives rise to no contractual relations with the SRC. Current validity and amendment of this data protection policy We may amend or adapt this data protection policy at any time as required. The current data protection policy can be accessed at www.redcross.ch.

Data protection at the Swiss Red Cross

Share this page

Header

Meta navigation