Privacy Policy
Privacy policy of DaSCH
Responsible:
Swiss National Data and Service Center
for the Humanities (DaSCH)
Kornhausgasse 7
4051 Basel
0041 61 207 64 00
The protection of personal data is important to us. We therefore inform you in this privacy policy about your rights and about the processing of personal data by us. We ensure compliance with the European General Data Protection Regulation (GDPR) and the Swiss Data Protection Act (DPA), insofar as these laws are applicable, with appropriate technical and organizational measures.The General Data Protection Regulation only applies if its conditions of application are met, otherwise Swiss data protection law applies exclusively. This general privacy policy applies to all of our online offerings (websites, social media presences, etc.).
1 General information on data processing
1.1 Scope and purpose of the processing of personal data
Your personal data will only be processed to the extent necessary to provide our online offers, content and services. As a rule, personal data is only collected and used with your consent or if the processing of the data is permitted by law.
1.2 Legal basis for the processing of personal data
Insofar as the scope of application of the European General Data Protection Regulation is opened, the General Data Protection Regulation (GDPR) applies. In the case of exclusive reference to Switzerland or Swiss contractual partners, Swiss law (namely the FADP) applies exclusively.
Personal data is processed on the following basis:
-
Consent on your part (Art. 6 para. 1 lit. a GDPR or Art. 6 para. 1 and 6 as well as Art. 31 FADP),
-
Necessity for the fulfillment of a contract concluded between you and us (Art. 6 para. 1 lit. b GDPR or Art. 31 para. 2 lit. a FADP),
-
Necessity for the implementation of pre-contractual measures (also Art. 6 para. 1 lit. b GDPR or Art. 31 para. 2 lit. a FADP),
-
Necessity to fulfill a legal obligation (e.g. statutory retention and storage obligations) (Art. 6 para. 1 lit. c GDPR or Art. 31 para. 1 FADP),
-
Safeguarding the vital interests of the data subject or another natural person (Art. 6 para. 1 lit. d GDPR or Art. 31 para. 1 FADP),
-
Necessity to protect our legitimate interests or those of a third party (Art. 6 para. 1 lit. f GDPR or Art. 31 para. 1 FADP).
1.3 Disclosure of personal data to third parties and processors
No personal data will be passed on to third parties without your express consent.
DaSCH may provide its services in cooperation with external service providers. The transfer to these external providers is always based on the aforementioned legal bases. In the context of this so-called order processing, the transfer of personal data takes place on the basis of Art. 28 GDPR or Art. 9 FADP.
DaSCH only commissions processors who offer sufficient guarantees that suitable technical and organizational measures are taken to ensure that processing is carried out in accordance with the requirements of the GDPR and FADP.
1.4 Data transfer to third countries
DaSCH is based in Switzerland, which means that a third country relationship exists in relation to the EU. The EU has deemed the Swiss data protection regulations to be adequate (Art. 44 ff. GDPR and Art. 16 para. 1 FADP) and vice versa.
As part of the provision of services, personal data is transferred to the European Union for further processing and vice versa.
DaSCH only allows your data to be processed in a third country if the special requirements of Art. 44 et seq. GDPR or Art. 6 para. 1, Art. 16 f. and Art. 31 para. 1 and 2 FADP are met. This means that your data will only be processed on the basis of special guarantees and that the third country has an adequate level of data protection.
1.5 Deletion of data and storage duration
Your personal data will be deleted or blocked as soon as the purpose for which it was stored no longer applies.
DaSCH processes personal data for as long as is necessary for the respective purposes. In the case of longer-term retention obligations, e.g. due to legal obligations, the duration of processing will be adjusted accordingly. Insofar as documentation obligations (accounting, tax records) exist, such data is not covered by any deletion as long as the corresponding obligation exists.
2 Rights of the data subjects
As your personal data is processed, you are considered a data subject within the meaning of Art. 4 para. 1 GDPR and Art. 5 lit. a FADP. You are entitled to the following rights insofar as they are provided for by the applicable data protection law:
2.1 Right to withdraw a declaration of consent
You have the right to withdraw your consent to the processing of your personal data at any time. This does not affect the other grounds for justification.
2.2 Right to information
At your request, DaSCH will inform you whether or not data about you is being processed.
If DaSCH processes data about you, you will be provided with the following information regarding the personal data processed
-
the purposes of the processing;
-
the categories of personal data being processed
-
the recipients or categories of recipients to whom the personal data have been or will be disclosed;
-
in the case of transfer to a third country or to an international organization, additional information on the appropriate safeguards pursuant to Art. 46 GDPR or Art. 16 FADP
-
the planned duration (if possible) for which the personal data will be stored or the criteria for determining this duration (if the planned duration cannot be determined)
-
the existence of the right to rectification or erasure of personal data concerning you, the right to restriction of processing by us or the right to object to such processing
-
the existence of the right to lodge a complaint with a supervisory authority
-
all available information about the origin of the data if the personal data is not collected directly from you.
You will generally receive a copy of the personal data within one month of receipt of the request for information. This is usually done electronically.
2.3 Right to rectification
If your personal data is incorrect, you have the right to request that the incorrect data be corrected immediately. If personal data is incomplete, you have the right to request that it be completed.
2.4 Right to erasure
You have the right to request the erasure of your personal data.
The deletion will be complied with immediately if:
-
the data is no longer necessary for the purpose for which it was collected;
-
You withdraw your consent to data processing and there is subsequently no other legal basis for the processing;
-
you object to the processing and there are no overriding legitimate grounds for the processing
-
the personal data has been processed unlawfully;
-
the deletion of personal data is necessary to fulfill a legal obligation under Union law or the law of the Member States.
The right to erasure does not exist if DaSCH processes the data in order to assert, exercise or defend legal claims or if there is an overriding public interest.
2.5 Right to restriction of processing
You can request the restriction of the processing of personal data if in particular
-
the accuracy of the personal data is contested for a period enabling the accuracy of the personal data to be verified;
-
the processing is unlawful and the restriction of the use of the personal data is requested instead of erasure.
If processing has been restricted for the aforementioned reasons, this personal data will only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the EU, Switzerland or a member state.
You will be informed before the restriction is lifted.
2.6 Right to data portability
You have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format, provided that the processing is based on consent or on a contract and is carried out by automated means.
2.7 Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 para. 1 lit. e or f GDPR or Art. 6 para. 1 and Art. 31 para. 1 and 2 FADP; this also applies to profiling based on these provisions. The controller will no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing.
3 Use of our online services
In principle, you can use the online services without disclosing your identity (namely publicly accessible websites). In the context of a contractual relationship with von DaSCH, the disclosure of your identity is a prerequisite.
3.1 Data collection when visiting our websites
If the DaSCH websites are used purely for information purposes (there is no registration, contract, etc.), DaSCH only collects the personal data that your browser transmits to the DaSCH servers. This is the following data, which is technically necessary (not exhaustive):
-
Date and time of the request,
-
IP address of the user,
-
Content of the request (specific page),
-
Access status/HTTP status code,
-
Website from which the request originates,
-
Operating system of the user,
-
Language and version of the browser software.
Since the collection of data to display the websites and the storage of data in log files is absolutely necessary for the operation of our websites and the maintenance of IT security, you have no option to object in this respect.
3.2 Use of cookies
Various types of cookies are used:
Temporary cookies (e.g. "session cookies" etc.) are deleted after you leave our online offer and close the browser.
Permanent cookies (e.g. for search settings, language, etc.) remain stored even after you close the browser. They have an expiration date and can be deleted at any time in the security settings of your browser. Such cookies are also used for reach measurement or marketing purposes.
In addition to so-called "first-party cookies", which are set by DaSCH as the data controller, "third-party cookies" are also used. These third-party cookies are offered by other providers.
For the processing of personal data using "first-party cookies", DaSCH relies on Art. 6 para. 1 lit. f GDPR or Art. 6 para. 1 and Art. 31 para. 1 and 2 FADP; for the processing of personal data using "third-party cookies", DaSCH relies on Art. 6 para. 1 lit. a GDPR or Art. 6 para. 1 and Art. 31 para. 1 and 2 FADP.
3.3 User account, contact forms and email contact
The input screen in the registration process shows which data is processed. This information is used for the purpose of using our offers and providing services.
You have the option of canceling your user account at any time. In this case, your data will be deleted unless DaSCH is required by law to retain it.
To contact von DaSCH, you will find contact forms and e-mail links (mailto) on our online offers, which can be used for electronic contact.
3.4 Data evaluation in the context of debugging
DaSCH uses debugging tools for the purpose of product improvement. These tools make it possible to rectify errors. The provider uses the tools "Fathom" (see section 3.5 below), "DataDog" (see section 3.6 below) and "Pendo" (see section 3.7 below), each based on JavaScript. The debugging instances are operated by the various providers to whom the debugging data is transmitted.
Categories of data subjects: Data subjects who interact with the provider's services (system, websites, applications, etc.). As a rule, this means you yourself.
Categories of personal data: Details of the service account, personal data, including IP address, device name under certain circumstances, e-mail address and other types of identifiable data[RS1] [R2] .
In addition to this personal data, technical data such as error messages, operating system, browser software, etc. are transmitted, which are used to rectify errors that have occurred.
3.5 Datadog
DaSCH uses Datadog for troubleshooting and performance analysis (software performance and user experience). The European data storages of Datadog (storage location Germany) are used.
Data collected by Datadog under certain circumstances are Device type and model, operating system, geolocation and event data, which includes user journeys through DaSCH applications, network requests, error messages and actions. IP addresses are not stored[R3].
A contract for commissioned data processing has been concluded with Datadog.
Provider: Datadog, Inc, 620 8th Avenue, Floor 45, New York, NY 10018, USA
Privacy policy: https://www.datadoghq.com/legal/privacy/
Email: gdpr@datadoghq.com
3.6 Fathom
DaSCH uses Fathom to analyze the use of DaSCH applications.
A contract for commissioned data processing has been concluded with Fathom.
Provider: Conva Ventures Inc, BOX 37058 Millstream PO, Victoria, British Columbia, V9B 0E8, Canada
Data protection declaration
3.7 Pendo
DaSCH uses Pendo to analyze the use of the DaSCH applications by analyzing data about the behavior of users and their devices using cookies and other technologies.
Data collected by Pendo may include: User ID of users, browser name and version, server name, first and last visit, pageviews, click and focus events, device used for access, website language used.
A contract for commissioned data processing has been concluded with Pendo.
Provider: Pendo, 301 Hillsborough St, Raleigh, NC 27603, United States
Privacy policy: https://www.pendo.io/legal/privacy-policy/
Email: gdpr@pendo.io
3.8 Gravatar
DaSCH has integrated the option to use Gravatar in the user account. Any avatar is obtained from gravatar.com.
Provider: Aut O'Mattic A8C Ireland Ltd, Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Ireland
Privacy policy: https://support.gravatar.com/account/data-privacy/
3.9 External links
It is possible that DaSCH's website may contain links to external sites. DaSCH has no influence on whether the respective operators comply with data protection regulations.
4 Social media presences / third parties
We offer online services on various social media platforms in order to provide information there and to be able to contact you.
We have no influence on the processing of personal data by the respective platform operator. As a rule, when you visit our social media offerings, the platform operator stores cookies in your browser in which your usage behavior and interests are stored for market research and advertising purposes. The platform operators use the usage profiles obtained in this way - usually across all devices - to display personalized advertising to you. Data processing may also affect people who are not registered as users with the respective social media platform. Under certain circumstances, your data may be processed outside the European Union, which may make it more difficult to enforce your rights. However, when selecting such social media platforms, we ensure that the operators undertake to comply with the data protection standards of the EU and Switzerland.
The processing of your personal data when you visit one of our social media offerings is based on our legitimate interests in a diverse external presentation of our company and the use of an effective means of information and communication with you. The legal basis for this is Art. 6 para. 1 lit. f GDPR or Art. 6 para. 1 and Art. 31 para. 1 and 2 FADP. Under certain circumstances, you may also have given a platform operator consent to data processing, in which case the legal basis is Art. 6 para. 1 lit. a GDPR or Art. 6 para. 1 and Art. 31 para. 1 and 2 FADP.
Detailed information on data processing in connection with the use of our social media offerings, opt-out options and the assertion of information rights can be found in the privacy policy of the relevant platform operator.
4.1 LinkedIn
DaSCH has an online presence on LinkedIn, which you can use to contact and communicate with DaSCH. The processing of personal data on LinkedIn takes place outside the area of responsibility of DaSCH.
Provider: LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland
Privacy policy: https://www.linkedin.com/legal/privacy-policy
Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
4.2 Twitter/X
Provider: Twitter International Unlimited Company, Attn: Data Protection Officer, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, IRELAND
Privacy policy: https://twitter.com/de/privacy
Opt-out: https://twitter.com/personalization
5 Information and data security
DaSCH takes information security just as seriously as data protection.
Appropriate security of your data within the meaning of Art. 32 GDPR and Art. 8 FADP is ensured in order to protect your personal data.
7 Entry into force / amendments
Basel, 17.11.2023
The German version of this data protection declaration is legally binding, the English translation serves information purposes only.