Question 1

Data protection at a glance

Accepted Answer

General guidance The following information summarizes how the Swiss Red Cross (SRC) gathers and processes your personal data (point 2). Personal data means all information from which you can be personally identified. We describe what happens to your personal data when you visit our website, sign up for a newsletter or donate online (point 3); when you read our posts on social media (point 4); or use one of our apps (point 5). In point 6 you can find out about your rights in relation to the handling of your data. The data protection information we provide is in line with the relevant articles of the current and expected future version of the Swiss Federal Act on Data Protection (FADP). It is also guided by the General Data Protection Regulation of the European Union (GDPR), as relevant to our provision of services or monitoring of user behaviour on the EU retail market. Which specific data are processed, and how, depends primarily on which services, support offers and products you use. Who is responsible for data processing, and who is my point of contact? The following is the data controller, responsible for data processing: Swiss Red Cross
Rainmattstrasse 10
P.O. box
3001 Bern
Email: info@redcross.ch
Telephone: +41 58 400 4111

If you have any questions on the subject of data protection at the SRC, please contact the same address.

Question 2

Which data do we process, and where do they come from?

Accepted Answer

Which data do we process, and where do they come from? The SRC processes personal data from the following sources: Data you supply to us yourself when you use our services, donate or volunteer. This includes the data generated when you sign up for our newsletters or make a purchase at our online shop. Data disclosed to us by third parties who have your consent, for the purpose of order processing or performance of contracts, e.g. health and insurance data or payment details. Data which government departments and authorities supply to us from their own activities, e.g. personal data from cantonal institutions, social services, courts and tribunals, child and adult protection authorities and public prosecutors’ offices. Data which we have obtained from publicly accessible sources, directly or through specialist providers, e.g. from the media, public registers such as the commercial register or public suppliers of addresses, such as Swiss Post or Swisscom. For what purpose and on what basis are my data used? Our main reason for processing personal data is to provide our services. In this context, we fulfil our obligations under our charter, treaties and contracts, and obligations which we have taken over on behalf of governmental organizations. The primary purpose of data processing depends on the specific product or service you buy from us, or the order that we carry out for you. The SRC is also bound to process the following personal data under various laws and regulations: health, occupational, pension and insurance data, data relating to bequests and to trade creditors and debtors. Finally, the SRC processes personal data to protect its own legitimate interests, and those of third parties, especially for the following purposes: assurance of IT security; prevention of criminal offences; pursuit of legal claims and defence in legal disputes; customer segmentation, marketing and communication; and product and service development. Who gets to see my data? Access is allowed to the people at the SRC who need your data to prepare our products and services. Such access rights are strictly limited to those persons who are necessary for the processing. In addition to our own staff, they include service providers commissioned by us. These individuals have signed a written undertaking to preserve confidentiality and protect your data. Your personal data are therefore only released to recipients outside the SRC if we are required to do this by law, or if we hold your consent or need to release them to process your order. The following are our main categories of recipient: service providers involved in processing your orders: partner organizations, service providers appointed by us to carry out orders, providers who handle address management (e.g. suppliers, IT providers, mailshot production firms and suppliers of products which improve our data gathering activity). With your consent, the following and other categories of person may be recipients of your data: authorities, social security providers, health organizations, hospitals, welfare institutions, foundations and disaster relief organizations. Releases of personal data to state institutions or authorities occur very rarely at the SRC. These might include government authorities, courts and tribunals, public prosecutors, child and adult protection authorities, tax authorities and auditing companies. Are my data sent abroad or forwarded to an international organization? The SRC processes your personal data primarily in Switzerland. We only send your data abroad if necessary, or if required by law, to fulfil our duties under the charter, carry out your orders or provide you with support in disaster or emergency (e.g. requests to foreign authorities for mutual assistance in legal or administrative matters) or with your consent (e.g. information requests from the tracing service, co-operation with aid organizations in the field in the event of disaster or emergency, and  respite services for relatives). About the processing of personal data by the SRC Tracing Service and by the International Committee of the Red Cross (ICRC), please refer to the Tracing Service website and the relevant data protection rules of the ICRC via the link https://www.icrc.org/en/document/rfl-code-conduct. With regard to the forwarding of data by the Contact Point for the Recognition of Foreign Qualifications, please see the data protection information provided by the State Secretariat for Education, Research and Innovation (SERI). Cross-border disclosure to third states which lack proper levels of data protection We do not, without your consent, send personal data outside Switzerland to third parties in non-EU countries which do not have appropriate data protection. In matters of life or death, where we are unable to obtain the consent of the persons concerned, we make suitable security arrangements in advance (e.g. sending by diplomatic messenger or via the ICRC). Do profiling or automated decision-making take place? In principle, the SRC does not operate fully automated, legally binding decision-making at the start of relations with new customers or when providing services to you personally. If we do follow such a process in an individual case, we will inform you about it separately. Some of the processing by the SRC of your data is automated, and serves to evaluate certain individual aspects. This analysis takes place anonymously and helps us target our communications and fundraising activities and improve our products and services. Do I have to supply data? As a donor, patron or benefactor, you are under no obligation to pass personal data to us. We are grateful for every gift. If we carry out services for you, e.g. respite services, educational courses or recognition of foreign vocational qualifications, you do have to supply us with the personal data we need in order to set up and maintain our relations with you, to act on and fulfil the obligations we accept towards you, or where the law requires us to gather such data. Without such data we will, in some circumstances, be bound to decline an order or contract. How long will my data be stored? We process and store your personal data for as long as we need in order to fulfil our contractual and statutory obligations. As a rule, the statutory obligations of safekeeping remain in force for ten years after the end of our order or business relations. If we no longer need your personal data, or our service has come to an end, your data are regularly deleted, as far as technically possible, except when we need to continue processing them for the following purposes: to comply with the periods of accounting and safekeeping in accordance with commercial and fiscal laws and regulations; to preserve evidence during the periods of prescription (e.g. health data or in the event of legal dispute); to keep records if we provide specific services such as family tracing or to comply with statutory safekeeping periods; and to deactivate rather than erase donor data, to ensure that your data do not re-enter our donor database via other channels. We will delete your personal data irrevocably at your express wish. If we do delete your data from our files of donors and patrons, we cannot guarantee that your data will not find their way back into our donation database via external mailing list companies.

Question 3

Data recording at our website

Accepted Answer

As a website operator, we take the protection of your personal data very seriously. If you use our website, various personal particulars are gathered. Personal data means information from which you can be personally identified. Below we explain what data we collect, for what purposes, and with which tools. Please note that there may be gaps in security during data transfer via the Internet (e.g. in email communications). Seamless protection of data from access by third parties is not possible. However, we endeavour to protect all websites by secure socket layer (SSL). How do you record my data?  We record your data if you disclose them to us. You may supply such data on a contact form, when placing an order, booking for an event, or when making an online donation. Other data are automatically recorded by our IT systems when you visit our website. This mainly involves technical data (e.g. your internet browser, operating system or time of retrieval of page). Such data are recorded automatically on landing at our website. More information on how we evaluate website usage and on web analysis services is available in the following texts. What do you use my data for? Some of your data are gathered to ensure error-free operation of the website and enable us to target potential donors with online advertising. Other data may be used to analyse your usage patterns. We can never identify anyone personally via the analytics tools at all our websites, even via their IP address. SSL and TLS encryption Our websites use SSL or TLS encryption for security reasons, and to protect the transfer of confidential content such as the orders or inquiries which you send to us. You can recognize an encrypted link from the address line in your browser, which changes from ‘http://’ to ‘https://’, and the padlock symbol which appears on the browser line. If SSL or TLS is applied, third parties are unable to read the data you forward to us. Encrypted payment transactions If you give us money, or enter into a paid contract with an obligation to let us know your payment details (e.g. account number for a direct debit mandate), we need these data to process your payment. However, we hold no credit card information. Credit card data pass exclusively via our payment partners and are therefore not stored at the SRC. Cookies Some of our web pages use cookies. Cookies do not harm your computer and contain no viruses. They serve to make our offers more user-friendly, effective and secure. Cookies are small text files which are placed on your computer and stored in your browser. Most of the cookies we use are session cookies, automatically erased at the end of your visit. Other cookies remain permanently on your device until you delete them. These cookies enable us to recognize your browser next time you visit our website. You can set your browser to inform you about cookies being placed on your device. You can opt to block all cookies, or enable them in individual or specified cases. You can also enable automatic cookie deletion at every close of the browser. If cookies are blocked, this website may not be fully functional. Cookies are stored if needed to execute the electronic communication process or prepare certain functions you want, such as clicking to close a window you opened. We have a legitimate interest in the storage of cookies for the smooth technical operation and optimum provision of our services. If other cookies are stored (e.g. to analyse your surfing patterns), they are dealt with separately below. You will find further information in the chapter on tools of analysis and tools of third-party providers here. Data via the contact form If you use the contact form to send us your inquiries, we store the data from your form, including the contact details you have supplied there, in order to process your inquiry and respond to any further questions. Thus the processing of the data entered on the contact form takes place on the basis of your content (GDPR Article 6(1)(a) / FADP Article 13). We do not pass the data to third parties without your express consent. The details you enter on the contact form remain at the SRC until you ask us to delete them, revoke your consent to storage or until the reason for storing the data has lapsed (e.g. on completion of the processing of your inquiry). However, we are bound to comply with compelling provisions of the law, especially safekeeping periods. We assume you are interested in receiving emailed information from us from time to time about our activities and assignments. You can cancel your subscription to our newsletters at any time. Revoking your consent does not affect the legality of data processing carried out before revocation. Volunteers’ personal information When you register as an SRC volunteer, your personal information, including your contact details, are stored for the sole purpose of processing your request and follow-up questions. The information you provide in the contact form are therefore processed with your consent (GDPR Article 6(1)(a) / FADP Article 13). To enable us to organize your voluntary mission in the best possible way, your personal information will be forwarded with your consent to Red Cross organizations and institutions, cantonal authorities and partner organizations that are providing volunteers in relation to the COVID-19 pandemic. The information you provide in the contact form remains with us until you ask us to delete it, until you revoke your permission to store it, or the purpose for which it was supplied no longer applies. However, we must also comply with mandatory legal provisions, such as data storage periods. Forwarding of data when a contract is placed for SRC online shops / despatch of goods by third parties We only pass personal data to third parties if this is necessary in the context of performance of the contract. We may forward such data, for example, to the businesses commissioned to supply the goods or the credit institution instructed to settle the payment. There is no further release of data, or further release only takes place with your express consent. Your data are not forwarded to third parties, for example for advertising purposes, without express consent. Online newsletters If you would like to receive the newsletter offered at our website, we need an email address from you and information which enables us to check that you have agreed to receive the newsletter. Further data (e.g. your forename, surname or specific interests) are not gathered, or are supplied only on a voluntary basis. The same applies if you sign up for our newsletter via a channel other than our website. We use these data exclusively to send the requested information, through the company Mailchimp. Further information about this is available here. The processing of the data entered on the newsletter registration form takes place exclusively on the basis of your consent (GDPR Article 6(1)(a) / FADP Article 13). Consent granted for storage of your data and email address and the use of these to send the newsletter can be revoked at any time, e.g. via the ‘cancel’ link in the newsletter. Revoking your consent does not affect the legality of data processing carried out before revocation. The data we hold from you for the purpose of your newsletter subscription are stored by us until you cancel your subscription, after which they are deleted. This does not affect data stored at the SRC for other purposes (e.g. email addresses for the member area).  SRC patrons’ magazines The SRC publishes magazines on a range of topics. Examples are the young people’s magazine Ready and the patrons’ and benefactors’ magazine Humanité. You receive these magazines as an SRC patron or because you ordered them at one of our events. Of course you can stop receiving the magazines at any time. Just send us an email. Mailchimp The newsletter is emailed via Mailchimp, an American email marketing platform. Mailchimp is certified under the US-EU Privacy Shield Framework for data protection and thus undertakes to comply with the EU data protection requirements. Mailchimp has made a contractual commitment to the SRC to comply with the statutory bases of the current data protection rules in the EU. You can cancel your subscription to our newsletter at any time, i.e. revoke your consent. Click on ‘cancel newsletter’ in the newsletter footer. This simultaneously revokes your consent to despatch of the newsletter via Mailchimp and to analysis of the statistics. Mailchimp is an e-mail marketing platform of the US provider Rocket Science Group, LLC, of 675 Ponce de Leon Ave NE Suite 5000, Atlanta, GA 30308, USA. Your email address and any data described in these notes are stored on Mailchimp’s servers in the USA. Mailchimp uses this information to distribute and evaluate the newsletters on our behalf. Furthermore, Mailchimp itself informs us that it may use these data to optimize its own services. Mailchimp does not use the data of our newsletter subscribers to write to them itself, and does not disclose them to third parties. Mailchimp is certified according to the US-EU Privacy Shield data protection agreement and undertakes to comply with the EU data protection requirements. We have also entered into a Data Processing Agreement with Mailchimp. This is a contract in which Mailchimp undertakes to protect our users’ data, process them on our behalf in accordance with its data protection conditions and, especially, not to pass them on to third parties. The newsletters contain a web beacon, i.e. a pixel tag which the Mailchimp server retrieves when the newsletter is opened. When this retrieval takes place, technical information is initially gathered about the browser or email client, as well as your IP address and the time of retrieval. This information is used to improve the services to specific target groups and to measure the results of our email shots. The statistics gathered include verification whether the newsletters have been opened, when they were opened, and which onward links were clicked. For technical reasons, this information may be traced to individual newsletter subscribers. However, neither we nor Mailchimp seek to monitor individual users. The overriding purpose of these evaluations is to recognize our users’ reading habits and interests, in order to optimize and adapt our email distributions and/or content accordingly. There are occasions on which we direct our newsletter subscribers to the Mailchimp web pages. For example, our newsletters contain a link via which subscribers can retrieve the newsletters online (e.g. if there are display problems in the email programme). Furthermore, newsletter subscribers may subsequently correct their data, e.g. their email address. The same applies to Mailchimp’s privacy statement, which is only available at their website. Please note in this regard that cookies are also used at the Mailchimp web pages. Mailchimp, its partners and the service providers they use (e.g. Google Analytics) use them to process personal data. We have no influence over this data gathering. Further information is available from Mailchimp’s privacy statement. It is also worth noting that choices are open to you to opt out of the gathering of your data for advertising purposes at the website of the Digital Advertising Alliance and Your Online Choices (for the European area). Tools of analysis and of third-party providers As stated, your surfing patterns may be statistically evaluated when you visit our websites. This evaluation mainly uses the cookies declared here, as well as analysis programmes. As a rule, the analysis of your surfing pattern is anonymous; surfing behaviour cannot be traced back to you. The analysis tools, used by us from third-party providers, are listed below. You can opt out of the use of these tools simply by emailing to us.  Google Analytics This website uses the functions of the Google Analytics web analysis service. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses cookies. Cookies are text files which are stored on your computer and which facilitate analysis of your use of this website. As a rule, the information generated by the cookie about your use of this website is transferred to and stored on a Google server in the USA. Google Analytics cookies are stored on the basis of GDPR Article 6(1)(f). The website operator has a legitimate interest in analysing user behaviour, in order to optimize the content of both the website and its advertising. IP anonymization We have switched on the IP anonymization function at the Google Analytics website. This means Google shortens your IP address within member states of the European Union, or in other states which have ratified the Agreement on the European Economic Area, before transmitting your IP address to the USA. The full IP address is only exceptionally transferred to a Google server in the USA and shortened there. Google will use this information, on behalf of the operator of this website, to evaluate your use of the website to compile reports about website activities and provide the website operator with further services associated with website and internet usage. The IP address forwarded from your browser in the context of Google Analytics is not combined with other data by Google. Browser plug-in You can block cookie storage by setting your browser software accordingly. However, if you do this, please note that, in some circumstances, you cannot make full use of all the functions of this website. Furthermore, you can block the recording of the data obtained by the cookie on your website usage (including your IP address) for Google, and the processing of these data by Google. To do this, download and install the browser plug-in. Data recording opt-out You can opt out of the recording of your data by Google Analytics by sending us an email. For more information on the handling of user data in Google Analytics, see Google’s data protection policy. Processing of order data We have entered into a contract with Google for the processing of order data. Google Analytics agreed to fully implement the strict requirements of the European GDPR. Demographic features of Google Analytics This website uses the ‘demographics’ function of Google Analytics. This enables reports to be compiled which contain information on age, sex and interests of website visitors. These data derive from interest-related advertising by Google and visitor data from third-party providers. They cannot be attributed to a specific person. You can disable this function at any time via the advertisement settings in your Google account, or block the recording of your data by Google Analytics in general, as described in the point ‘Data recording opt-out’. Google Analytics remarketing Our website uses the functions of Google Analytics remarketing in combination with the cross-device functions of Google AdWords and Google DoubleClick. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. This function makes it possible to link the advertising target groups created with Google Analytics remarketing to the functions of Google AdWords and Google DoubleClick across multiple devices. This enables personalized advertising messages, tailored to your interests, which have been adapted according to your past usage and surfing patterns on one device (e.g. your mobile phone) to be displayed on another device (e.g. your tablet or PC). If you have granted the appropriate consent, Google links your web and app browsing to your Google account for this purpose. This means the same customized advertising messages can be switched on to any device on which you log in to your Google account. In support of this function, Google Analytics records Google-authenticated user IDs, which are temporarily linked to our Google Analytics data to define and establish target groups for cross-device advertising displays. You can permanently bloc cross-device remarketing targeting by disabling personalized advertising in your Google account. To do so, follow this link: https://www.google.com/settings/ads/onweb/. The combining of the recorded data in your Google account takes place solely on the basis of your consent, which you can grant to Google or revoke under GDPR Article 6(1)(a). In data recording processes which are not combined in your Google account (e.g. because you do not have a Google account or have opted out of combination), the data recording is based on GDPR Article 6(1)(f). The interest consists of the website operator’s interest in anonymized analysis of its website visitors for advertising purposes. You can find further information and the privacy conditions in the Google privacy policy. Google AdWords and Google Conversion Tracking This website uses Google AdWords. AdWords is an online advertising programme of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (‘Google’). In the context of Google AdWords, we use conversion tracking. When you click on an advertisement displayed by Google, a cookie is placed on your device for conversion tracking. Cookies are small text files which the internet browser deposits on the user’s computer. These cookies expire after 30 days and do not identify users personally. If the user visits certain pages of this website and the cookie has not yet expired, we and Google can identify that the user has clicked on the advertisement and has been redirected to this page. Every Google AdWords client receives a different cookie. The cookies cannot be traced via the websites of AdWords customers. The information gathered using the conversion cookies serves to compile conversion statistics for AdWords clients who have opted for conversion tracking. The customers find out the total numbers of users who have clicked on their advertisement and been redirected to a page on which a conversion tracking tag has been placed. However, they receive no information which might identify users in person. If you do not wish to participate in tracking, you can opt out of this by disabling the Google conversion tracking cookie via your internet browser, under user settings. Then you are not included in the conversion tracking statistics. Conversion cookies are stored on the basis of  GDPR Article 6(1)(f). Accordingly, the website operator’s interest in analysing user behaviour for the purpose of optimizing its web facility is legitimate.  For more information on Google AdWords and Google Conversion Tracking, see the Google privacy conditions. You can set your browser to inform you about cookies being placed on your device. You can opt to block all cookies, or enable them in individual or specified cases. You can also enable automatic cookie deletion at every close of the browser. If cookies are blocked, this website may not be fully functional. Facebook pixel Our website measures conversion using Facebook’s visitor actions pixel: Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (‘Facebook’). Visitors who click on a Facebook ad displayed at the provider’s website are redirected, and their behaviour can then be tracked. This allows evaluation of the effectiveness of the Facebook ad displays for statistical and market research purposes and enables future advertising campaigns to be optimized. The data gathered are anonymous to us, as the operator of this website. We can find out nothing about the users’ identities. However, Facebook stores and processes the data, so a connection is possible with the relevant user profile and Facebook can use the data for its own advertising purposes, according to the Facebook Data Policy. Thus Facebook is able to place ad displays on Facebook pages and outside Facebook. As the website operator, we have no influence over this use of data. In the Facebook Data Policy, you will find further guidance about the protection of your privacy. You can also switch off the Custom Audiences remarketing function on the advertising settings screen. You have to be registered with Facebook to do this. If you do not have a Facebook account, you can disable usage-based Facebook advertising at the website of the European Interactive Digital Advertising Alliance. Other tools of third-party providers The SRC uses other tools for technical applications such as Pingdom.com, Console Landbot, Storyshaker, SurveyMonkey etc. However, these do not record personal data. Their sole purpose is technical support of programmes and anonymous statistical evaluation of their functions. Cashless payment transactions If you donate via digital channels (online and mobile), the company Raisenow AG, with head office at Hardturmstrasse 101, 8005 Zurich, transmits your personal information in encrypted form to the Swiss Red Cross. If you give via digital channels by SMS, the FairGive Association, of Hardturmstrasse 101, 8005 Zurich, receives your donation in trust and passes it on to the Swiss Red Cross. The Swiss charitable association FairGive promotes transparent and sustainable giving via digital channels (mobile and online). FairGive acts as an independent financial intermediary in this context. FairGive is a non-profit-making association and uses the payment data exclusively for payment settlement. Please see the data protection guidelines of RaiseNow and FairGive. The transfer of your data to the payment providers listed below takes place at your request, based on your consent for the processing and performance of a contract (GDPR Article 6(1)(a)(b) / FADP Article 13). You have the option of revoking your data processing consent at any time. Revocation does not impair the effectiveness of past data processing. You will find further information about your rights in the chapter ‘What are my rights in relation to my data?’. Here we list the third-party providers who may be involved in the payment handling process:  Credit card companies At our websites we offer payment by credit card. The company SIX, with head office at Pfingstweidstrasse 110, 8005 Zurich, guarantees secure payment settlement. SIX operates the infrastructure for the Swiss financial market. Read the privacy statement of SIX. Below we list our providers’ privacy statements: Mastercard American Express Visa PostFinance PostFinance is one of Switzerland’s leading financial institutions. It is a reliable partner for over three million personal and business customers who wish to manage their finances independently. With regard to data protection during the settlement of online payments, please see the data protection policy of PostFinance AG with headquarters in Bern. PayPal One of the payment methods offered at our website is PayPal. The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., of 22–24 Boulevard Royal, L-2449 Luxembourg (‘PayPal’). If you select payment by PayPal, the payment data you enter are forwarded to PayPal. Please also see PayPal’s privacy policy. Masterpass Masterpass is the digital cashless solution from Mastercard, which makes card payments via the internet even more convenient and secure. Mastercard Incorporated, in turn, is one of the two largest international payment card companies (credit, debit and prepaid cards). Mastercard licenses banks worldwide to issue its cards (issuing licences). For payment settlement via Mastercard, please see the privacy policy of Mastercard Inc., with headquarters in Purchase. Twint One of the payment methods offered at our website is Twint. Twint is provided jointly by a number of Swiss owner and partner banks: Banque Cantonale Vaudoise (BCV), Credit Suisse, PostFinance, Raiffeisen, UBS and Zürcher Kantonalbank (ZKB). The Twint website can be visited without having to leave behind personal data. The site only stores access data in your server log files, which do not enable individuals to be traced. The data include the names of the pages retrieved, with date and time of retrieval, the data volume transferred in each case and the internet service provider via which the retrieval took place. Twint uses these data exclusively to ensure smooth availability and to make improvement to its website. See the privacy policy of Twint AG, with head office at Stauffacherstrasse 31, 8004 Zurich. SIX operates the infrastructure for the Swiss financial market. SIX, with head office at Pfingstweidstrasse 110, 8005 Zurich, guarantees secure payment settlement via Twint. Read the privacy statement of SIX.

Question 4

Posts on social media

Accepted Answer

SRC websites contain links to posts on external social media pages such as Bit.ly, Facebook, LinkedIn, Twitter, YouTube and others. The SRC uses such social media websites as publication and communication media for its content. Posts on these platforms may contain quotations with names and links to web offers. As a rule, it is possible to amend and delete content on these platforms, as long as the SRC holds moderation rights. The SRC has neither access to, nor influence over, the handling of other personal data which users of the respective offers enter on these social media platforms themselves, or leave behind through their usage. The data protection policies of the social media provider apply here. Communication links cleared for use in the social media systems always relate to links between people, and are only used on these platforms according to the data clearance settings of the relevant recipient. There is no evaluation of personal data on and off the social media platforms. Any tools which the moderators of such platforms provide for evaluation are not used. The data of social media users remain on the platforms. Social media sharing options We make the following social media sharing options available at our website, as a source of information about the SRC, its missions and services. The underlying advertising purpose is eligible as a legitimate interest in terms of GDPR Article 6(1)(f) / draft FADP Article 24(2). The relevant provider must warrant and accept responsibility for operation compatible with data protection. If you use sharing or other options, you consent to these providers’ involvement in the data processing. Further information is available below. Facebook When you retrieve a page from our web presence, you can press the ‘Share’ or ‘Send’ button to share our contents with your friends or a group or send our website to your friends in private. If you do this, your browser establishes a direct link to the Facebook servers. Facebook transfers the shared content directly to your browser and incorporates it into the page. For the purpose and scope of data gathering, Facebook’s onward processing and use of your data and your rights and setting options to protect your privacy in this regard, please see Facebook’s data policy. Twitter Our web pages incorporate functions of the Twitter service. These functions are provided by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. Using Twitter and the retweet function links the websites you visit with your Twitter account and makes them known to other users. This also transfers data to Twitter. Please note that, as a website provider, we have no knowledge of the content of the forwarded data or what use Twitter makes of them. For further information on this, see the Twitter privacy policy. You can modify your privacy settings on Twitter via the account settings. Instagram Our web pages incorporate functions of the Instagram service. These functions are provided as a package by Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA. When you are logged in to your Instagram account, you can click on the Instagram button to link our web content with your Instagram profile. This enables Instagram to allocate your visit to our web pages to your user account. Please note that, as a website provider, we have no knowledge of the content of the forwarded data or what use Instagram makes of them. For more information, see Instagram’s Privacy Policy. YouTube Our website uses sharing options of the Google-operated YouTube site. The site operator is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit one of our web pages on which a YouTube plug-in has been placed, a link is created to the YouTube servers. The YouTube server receives information via this link on which of our web pages you have visited. If you are logged in to your YouTube account, you enable YouTube to allocate your surfing patterns directly to your personal profile. You can block this by logging out of your YouTube account. The use of YouTube takes place in the interest of an appealing presentation of our online services. This constitutes a legitimate interest in the terms of GDPR Article 6(1)(f). You will find further information on the handling of user data in the YouTube privacy policy. TikTok For the purposes of analysing traffic and optimizing our website and services, we use the TikTok Pixel made available by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland und TikTok Information Technologies UK Limited, WeWork, 125 Kingsway, London, WC2B 6NH, United Kingdom (together: TikTok). It enables us to monitor and understand how visitors interact with our website. Information about our visitors’ interaction with the website or the devices they use is collected and forwarded to TikTok. This helps us to ensure that our visitors are shown advertisements that correspond to their interests. You can find additional information and the TikTok privacy policy at www.tiktok.com/legal/privacy-policy-eea?lang=en. Snapchat We use the Snap Pixel from the social network Snapchat, Snap Inc., Market Street, Venice, CA 90291, USA (Snapchat), to monitor and understand how visitors interact with our website. It enables us to improve the way we display advertising to people visiting our website. Information about our visitors’ interaction with the website or the devices they use is collected and forwarded to Snapchat. The data are used to improve and personalize advertising on our website. We may also analyse the effectiveness of the Snapchat ads for statistical and market research purposes (conversion tracking). You can find additional information and the Snapchat privacy principles at www.snap.com/en-US/privacy/privacy-center

Question 5

SRC apps

Accepted Answer

The SRC Babysitting app The SRC uses the Babysitting app to provide important information and knowledge for future babysitters on its babysitting courses. The interactive app helps babysitters to record their childminding experience and make notes on individual assignments. It should be understood that this is an interactive learning app. Babysitters set up their own profiles on the app. This app is used without gathering or processing personal data. The data of the children looked after are recorded in anonymized form. The data remain exclusively on the device on which they were entered and are not linked to the babysitter’s profile. The SRC does not produce personalized child profiles or pass data to third parties. The SRC uses functions of the Google Analytics web analysis service for the use of this app. These data serve purely for statistical purposes and are not personalized. Further information about Google Analytics is available here. We accept no liability for data processing by equipment or software manufacturers and by apps for which the SRC is not responsible. The SRC First Aid app As part of an international project, the rescue organizations of the Swiss Red Cross use the SRC First Aid app to make life-saving information and knowledge available in emergencies. This app is used without gathering or processing your personal data. The SRC does not generate personality or preference profiles, and does not release data to third parties.  The SRC uses functions of the Google Analytics web analysis service for the use of this app. These data serve purely for statistical purposes and are not personalized. Further information about Google Analytics is available here. We accept no liability for data processing by equipment or software manufacturers and by apps for which the SRC is not responsible.

Question 6

What are my rights in relation to my data?

Accepted Answer

You have the right at any time to receive information, free of charge, about the origin, recipient and purpose of your stored personal data. You also have a right to require rectification, blocking or erasure of these data. Furthermore, you have a right of appeal to the competent supervisory authority. You can refer any questions about this and other data-protection-related matters to the contact address given in point 1, at any time. Revocation of your data processing consent Many forms of data processing are only possible with your express consent. You may, at any time, revoke consent that you have granted. To do so, just email info@redcross.ch. No specific form is required. This does not affect the legality of data processing which took place before your revocation. Rectification, erasure and your right to have data blocked You are at all times entitled to require immediate rectification of incorrect personal data stored by us, or to supplement them. You can, at all times, require erasure or blocking of your personal data stored or kept by us, unless we need to process them to exercise the rights of freedom of speech, freedom of information, in fulfilment of a legal obligation, on grounds of public interest, or to assert, exercise or defend legal entitlements. If you have any further questions, please contact us by email at info@redcross.ch. Right of data portability You are entitled to obtain the release of data which we process by automated means, on the basis of your consent or by contract. Such data can be released either to you personally, or to a third party, in a current, machine-readable format. If you require direct transfer of your data to another data controller, this only takes place if technically feasible. Right of appeal to the competent supervisory authority In the event of breach of data protection law, you have a right of appeal to the competent supervisory authority. In Switzerland, this is the Federal Data Protection and Information Commissioner. In the EU, appeal to the national data protection officer of the state in which our order processor / provider has its place of business. A list of data protection officers in Europe are available via the following link: www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

Question 7

Final provisions

Accepted Answer

Disclaimer The SRC is responsible for this policy on data protection at the Swiss Red Cross. The information at this website has been compiled with great care. However, it cannot be warranted up to date, accurate and complete. Therefore all liability for possible losses connected with the use of information in this data protection statement is declined. Simple use of this website gives rise to no contractual relations with the Swiss Red Cross. Current validity and amendment of this data protection policy We may amend or adapt this data protection policy at any time. The current data protection policy can be downloaded from www.redcross.ch.

Find out what your cantonal association offers

Data protection at the Swiss Red Cross

Who is responsible for data processing?

Share this page

Data protection at the Swiss Red Cross

Data protection at a glancebutton-add

Which data do we process, and where do they come from?button-add

Data recording at our websitebutton-add

Posts on social mediabutton-add

SRC appsbutton-add

What are my rights in relation to my data?button-add

Final provisionsbutton-add

Who is responsible for data processing?

Share this page