Privacy Policy
With this privacy policy, we inform you about the personal data we process in connection with our activities and operations, including our https://wocen.org website. We specifically provide information about the purposes, methods, and locations of the personal data we process. Additionally, we inform individuals about their rights whose data we process.
For specific or additional activities and operations, additional privacy policies, as well as other legal documents such as Terms and Conditions (AGB), Terms of Use, or Participation Conditions, may apply.
We adhere to Swiss data protection law and, where applicable, foreign data protection law, especially that of the European Union (EU) with the General Data Protection Regulation (GDPR). The European Commission recognizes that Swiss data protection law ensures adequate data protection.
1. Contact Information
Responsible for the Processing of Personal Data:
Gerhard Bärtschi
WOCEN Women Climate Entrepreneurs
PO Box
4002 Basel
We note that in individual cases, there may be other responsible parties for the processing of personal data.
Data Protection Representative in the European Economic Area (EEA)
We have the following data protection representative in accordance with Art. 27 GDPR:
VGS Datenschutzpartner GmbH
Am Kaiserkai 69
20457 Hamburg
Germany
The data protection representative serves as an additional point of contact for individuals and authorities in the European Union (EU) and the rest of the European Economic Area (EEA) for inquiries related to the GDPR.
2. Terms and Legal Basis
2.1 Terms
Personendaten sind alle Angaben, die sich auf eine bestimmte oder bestimmbare natürliche Person beziehen. Eine betroffene Person ist eine Person, über die wir Personendaten bearbeiten.
Processing encompasses any handling of personal data, regardless of the means and procedures applied, such as querying, matching, adapting, archiving, preserving, extracting, disclosing, obtaining, recording, collecting, deleting, disclosing, organizing, storing, altering, disseminating, linking, destroying, and using personal data.
The European Economic Area (EEA) includes the member states of the European Union (EU), as well as the Principality of Liechtenstein, Iceland, and Norway. The General Data Protection Regulation (GDPR) refers to the processing of personal data as the processing of personal data.
2.2 Legal Basis
We process personal data in accordance with Swiss data protection law, particularly the Federal Act on Data Protection (Datenschutzgesetz, DSG) and the Ordinance on Data Protection (Datenschutzverordnung, DSV).We process, if and to the extent the General Data Protection Regulation (GDPR) is applicable, personal data based on at least one of the following legal bases:
- Art. 6(1)(b) GDPR for the necessary processing of personal data to fulfill a contract with the data subject and to carry out pre-contractual measures.
- Art. 6(1)(f) GDPR for the necessary processing of personal data to safeguard our legitimate interests or those of third parties, unless the fundamental rights and freedoms and interests of the data subject prevail. Legitimate interests include, in particular, our interest in carrying out our activities and operations permanently, user-friendly, securely, and reliably, as well as communicating about them, ensuring information security, protecting against misuse, enforcing our own legal claims, and complying with Swiss law.
- Art. 6(1)(c) GDPR for the necessary processing of personal data to fulfill a legal obligation to which we are subject under applicable law of member states in the European Economic Area (EEA).
- Art. 6(1)(e) GDPR for the necessary processing of personal data to perform a task carried out in the public interest.
- Art. 6(1)(a) GDPR for the processing of personal data with the consent of the data subject.
- Art. 6(1)(d) GDPR for the necessary processing of personal data to protect vital interests of the data subject or another natural person.
3. Art, Scope, and Purpose
We process personal data necessary to permanently, user-friendly, securely, and reliably carry out our activities and operations. Such personal data may include categories such as inventory and contact data, browser and device data, content data, meta or marginal data, usage data, location data, sales data, as well as contract and payment data.
We process personal data for the duration required for the respective purpose(s) or as legally required. Personal data no longer necessary for processing will be anonymized or deleted.
We may engage third parties to process personal data. We may process or transmit personal data jointly with third parties. These third parties are typically specialized service providers whose services we use. We ensure data protection with such third parties as well.
We generally process personal data only with the consent of the individuals concerned. If processing is permissible for other legal reasons, we may waive the need for consent. For example, we may process personal data without consent to fulfill a contract, comply with legal obligations, or safeguard overriding interests.
Within this framework, we process information voluntarily provided by individuals when contacting us, such as via postal mail, email, instant messaging, contact forms, social media, or telephone, or during registration for a user account. We may store such information in an address book or similar tools. If we receive data about other individuals, the transmitting parties are obligated to ensure data protection and the accuracy of such personal data.
We also process personal data obtained from third parties, from publicly accessible sources, or collected during the exercise of our activities, to the extent and within the limits permitted by law.
4. Personal Data Abroad
We generally process personal data in Switzerland and the European Economic Area (EEA). However, personal data may also be exported or transmitted to other states, especially for processing purposes.
We may export personal data to all countries and territories on Earth and beyond, provided that local law, as decided by the Swiss Federal Council or, if applicable, the European Commission under the General Data Protection Regulation (GDPR), ensures adequate data protection.
In cases where the law of a state does not ensure adequate data protection, we may transmit personal data if other safeguards are in place, such as standard data protection clauses or other suitable guarantees. Exceptionally, personal data may be exported to states without adequate or suitable data protection if specific data protection conditions are met, such as explicit consent from the individuals concerned or a direct connection to the conclusion or execution of a contract. Upon request, we gladly provide information to affected individuals about any guarantees or supply a copy of such guarantees.
5. Rights of Data Subjects
5.1 Data Protection Claims
We grant data subjects all rights under applicable data protection law. Data subjects, in particular, have the following rights:
• Information: Data subjects can request information about whether we process personal data about them and, if so, what personal data is involved. They also receive necessary information to assert their data protection claims and ensure transparency. This includes processed personal data, as well as information about the purpose of processing, the duration of retention, any disclosure or export of data to other countries, and the origin of the personal data.
• Correction and Restriction: Data subjects can correct inaccurate personal data, complete incomplete data, and request the restriction of processing.
• Deletion and Objection: Data subjects can request the deletion of personal data (“right to be forgotten”) and object to the processing of their data for the future.
• Data Disclosure and Transfer: Data subjects can request the disclosure of personal data or the transfer of their data to another controller.
We may postpone, restrict, or deny the exercise of data subjects’ rights within legally permissible limits. We may inform data subjects of any requirements they may need to meet when exercising their data protection claims. For example, we may refuse to provide information based on business secrets or protection of other individuals, either in whole or in part. We may also refuse the deletion of personal data based on statutory retention obligations, either in whole or in part.
We may, in exceptional cases, impose costs for exercising rights. We will inform data subjects in advance of any potential costs.
We are obligated to identify data subjects who request information or assert other rights with reasonable measures. Data subjects are obliged to cooperate.
5.2 Right to Complaint
Affected individuals have the right to enforce their data protection claims through legal means or file a complaint with the relevant data protection supervisory authority.
The data protection supervisory authority for private entities and federal agencies in Switzerland is the Federal Data Protection and Public Transparency Commissioner (FDPIC).
Affected individuals, to the extent the General Data Protection Regulation (GDPR) is applicable, have the right to file a complaint with a relevant European data protection supervisory authority.
6. Data Security
We implement suitable technical and organizational measures to ensure data security appropriate to the respective risk. However, we cannot guarantee absolute data security.
Access to our website is secured using transport encryption (SSL/TLS, especially with Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers indicate transport encryption with a padlock in the address bar.
Our digital communication, like any digital communication, is subject to mass surveillance without cause or suspicion, as well as other surveillance by security authorities in Switzerland, the rest of Europe, the United States of America (USA), and other countries. We have no direct control over the processing of personal data by intelligence agencies, law enforcement agencies, and other security authorities.
7. Website Usage
7.1 Cookies
We may use cookies. Cookies, both first-party (own cookies) and third-party cookies (from services we use), are data stored in the browser. Stored data may not be limited to traditional text-form cookies.
Cookies can be temporarily stored in the browser as “session cookies” or for a specific period as so-called permanent cookies. Session cookies are automatically deleted when the browser is closed. Permanent cookies have a specific storage duration. Cookies allow the browser to be recognized on the next visit to our website, enabling, for example, the measurement of our website’s reach. However, our website may not be fully functional without cookies. We request, at least if and to the extent necessary, explicit consent for the use of cookies.
For cookies used for success and reach measurement or advertising, a general objection (“opt-out”) is possible for many services through AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance), or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).
7.2 Server Log Files
We may capture the following information for each access to our website, provided it is transmitted by your browser to our server infrastructure or can be determined by our web server: date and time, including time zone, IP address, access status (HTTP status code), operating system, including user interface and version, browser, including language and version, accessed individual sub-page of our website, including transmitted data volume, last website visited in the same browser window (referer or referrer).
We store such information, which may also represent personal data, in server log files. This information is necessary to provide our website permanently, user-friendly, and reliably, ensuring data security, particularly the protection of personal data, through third parties or with the help of third parties.
7.3 Tracking Pixels
We may use tracking pixels on our website, also known as web beacons. Tracking pixels, including those from third parties whose services we use, are small, usually invisible images that are automatically retrieved when visiting our website. Tracking pixels can capture the same information as in server log files.
8. Notifications and Communications
We send notifications and communications via email and other communication channels such as instant messaging or SMS.
8.1 Success and Reach Measurement
Notifications and communications may contain web links or tracking pixels that capture whether an individual notification was opened and which web links were clicked. Such web links and tracking pixels may also capture the usage of notifications and communications on a personal basis. We need this statistical capture of usage for success and reach measurement to effectively and user-friendly, permanently, securely, and reliably send notifications and communications based on the needs and reading habits of recipients.
8.2 Consent and Objection
You must generally expressly consent to the use of your email address and other contact addresses unless the use is permissible for other legal reasons. For possible consent, we use the “Double Opt-in” procedure whenever possible. This means you receive an email with a web link that you must click to confirm, preventing misuse by unauthorized third parties. We may log such consents, including IP address and date and time, for evidence and security reasons.
You can generally object to receiving notifications and communications such as newsletters at any time. With such objection, you can simultaneously object to the statistical capture of usage for success and reach measurement. Necessary notifications and communications related to our activities and operations remain reserved.
8.3 Service Providers for Notifications and Communications
We send notifications and communications with the help of specialized service providers.
We specifically use:
Swiss Newsletter: Newsletter delivery; Provider: mailXpert GmbH (Switzerland); Data protection information: Privacy Policy, “Data Protection and Security”.
9. Social Media
We are present on social media platforms and other online platforms to communicate with interested individuals and inform about our activities and operations. In connection with such platforms, personal data may be processed outside Switzerland and the European Economic Area (EEA).
The respective General Terms and Conditions (GTC) and terms of use, as well as privacy policies and other provisions of individual operators of such platforms, also apply. These provisions inform in particular about the rights of affected individuals directly against the respective platform, including the right to information.
For our Facebook social media presence, including so-called Page Insights, we are jointly responsible – to the extent the General Data Protection Regulation (GDPR) is applicable – with Meta Platforms Ireland Limited (Ireland). Meta Platforms Ireland Limited is part of the Meta Companies (including in the USA). Page Insights provide information on how visitors interact with our Facebook presence. We use Page Insights to effectively and user-friendly provide our Facebook presence.
Further information on the type, scope, and purpose of data processing, information about the rights of affected individuals, and contact details for Facebook and the data protection officer of Facebook can be found in Facebook’s Privacy Policy. We have concluded the so-called “Controller Addendum” with Facebook, agreeing, among other things, that Facebook is responsible for ensuring the rights of affected individuals. Information on Page Insights can be found on the “Information about Page Insights” page, including “Information about Page Insights Data.”
10. Third-Party Services
We utilize services from specialized third parties to conduct our activities and operations in a permanent, user-friendly, secure, and reliable manner. Such services allow us to embed functions and content into our website. During such embedding, the utilized services, for technical reasons, may temporarily collect the IP addresses of users.
For necessary security-related, statistical, and technical purposes, third parties whose services we use may process data associated with our activities and operations in an aggregated, anonymized, or pseudonymized form. This includes, for example, performance or usage data required to provide the respective service.
We specifically use:
Services from Google:
Providers: Google LLC (USA) / Google Ireland Limited (Ireland) for users in the European Economic Area (EEA) and Switzerland; General data protection information: “Privacy and Security Principles“, Privacy Policy, “Google’s commitment to complying with applicable data protection laws“, “Guide to privacy in Google products“, “How we use data from websites or apps that use our services” (Information from Google), “Types of cookies used by Google and other technologies,” “Personalized advertising” (Activation / Deactivation / Settings)
10.1 Digital Infrastructure
We use services from specialized third parties to access the necessary digital infrastructure related to our activities and operations. This includes hosting and storage services from selected providers.
We specifically use:
WordPress.com:
Blog hosting and website builder; Providers: Automattic Inc. (USA) / Aut O’Mattic A8C Ireland Ltd. (Ireland) for users, among others, in Europe; Data protection information: Privacy Policy, Cookie Policy.
10.2 Digital Audio and Video Content
We use services from specialized third parties to enable the direct playback of digital audio and video content such as music or podcasts.
We specifically use:
Vimeo:
Video platform; Provider: Vimeo Inc. (USA); Data protection information: Privacy Policy, “Video Privacy“.
YouTube:
Video platform; Provider: Google; YouTube-specific information: Privacy and Security Center, “My Data on YouTube“
10.3 Payments
We use specialized service providers to securely and reliably process payments from our customers. For the processing of payments, the legal texts of the individual service providers, such as General Terms and Conditions (GTC) or Privacy Policies, also apply.
We specifically use:
Payrexx:
Payment processing; Provider: Payrexx AG (Switzerland); Data protection information: “Guidelines,” including Privacy Policy.
TWINT:
Payment processing in Switzerland; Provider: TWINT AG (Switzerland); Data protection information: Privacy Policy, “Security according to Swiss standards.”
10.4 Advertising
We utilize the opportunity to display targeted advertising for our activities and operations on third-party platforms such as social media platforms and search engines.
With such advertising, we aim to reach individuals who are already interested in or may be interested in our activities and operations (Remarketing and Targeting). For this purpose, we may transmit relevant – possibly personal – information to third parties enabling such advertising. We can also determine the success of our advertising, i.e., whether it leads to visits to our website (Conversion Tracking).
Third parties where we advertise and where you, as a user, are logged in, may potentially associate the usage of our website with your profile on that platform.
We specifically use:
Facebook Advertising (Facebook Ads):
Social media advertising; Providers: Meta Platforms Ireland Limited (Ireland) and other Meta Companies (including in the USA); Data protection information: Remarketing and Targeting, especially with the Facebook Pixel and Custom Audiences, including Lookalike Audiences, Privacy Policy, “Ad Preferences” (User login required).
Google Ads:
Search engine advertising; Provider: Google; Google Ads-specific information: Advertising based on various search queries, using different domain names – especially doubleclick.net, googleadservices.com, and googlesyndication.com – for Google Ads, “Advertising“, “Why am I seeing this ad?“.
Instagram Ads:
Social media advertising; Providers: Meta Platforms Ireland Limited (Ireland) and other Meta Companies (including in the USA); Data protection information: Remarketing and Targeting, especially with the Facebook Pixel and Custom Audiences, including Lookalike Audiences, Privacy Policy (Instagram), Privacy Policy (Facebook), “Ad Preferences (Instagram)” (User login required), “Ad Preferences (Facebook)” (User login required).
LinkedIn Ads:
Social media advertising; Providers: LinkedIn Corporation (USA) / LinkedIn Ireland Unlimited Company (Ireland); Data protection information: Remarketing and Targeting, especially with the LinkedIn Insight Tag, “Privacy“, Privacy Policy, Cookie Policy, Opt-out of personalized advertising.
11. Website Extensions
We use extensions for our website to access additional features.
We specifically use:
Google reCAPTCHA:
Spam protection (differentiation between desired comments from humans and unwanted comments from bots and spam); Provider: Google; Google reCAPTCHA-specific information: “What is reCAPTCHA?“, “What is reCAPTCHA?”.
Jetpack:
Various functions for the free WordPress blog software in the form of modules; Providers: Automattic Inc. (USA) / Aut O’Mattic A8C Ireland Ltd. (Ireland) for users, among others, in Europe; Data protection information: Privacy Notice for Visitors to Our Users’ Sites, Privacy Policy (Jetpack), Cookie Policy (Jetpack), Cookie Policy (Automattic).
12. Success and Reach Measurement
We seek to determine how our online offerings are utilized. Within this framework, we may measure the success and reach of our activities and operations, as well as the impact of third-party links to our website. Additionally, we may experiment and compare how different parts or versions of our online offerings are utilized (A/B testing). Based on the results of success and reach measurement, we can address errors, strengthen popular content, or make improvements to our online offerings.
For success and reach measurement, the IP addresses of individual users are typically stored. In this case, IP addresses are generally truncated (“IP masking”) to follow the principle of data minimization through pseudonymization.
Cookies may be used during success and reach measurement, and user profiles may be created. Any user profiles created may include, for example, information about the individual pages visited or content viewed on our website, details about the screen size or browser window, and the – at least approximate – location. In principle, any user profiles created are exclusively pseudonymized and not used for the identification of individual users. However, certain third-party services, where users are logged in, may potentially associate the usage of our online offerings with the user’s account or profile on that particular service.
We specifically use:
AWStats:
Success and reach measurement; Developer: AWStats (free open-source software); Data protection information: Evaluation of server log files on our own server infrastructure, “What is AWStats / Features Overview”.
Google Analytics:
Success and reach measurement; Provider: Google; Google Analytics-specific information: Measurement across different browsers and devices (Cross-Device Tracking) as well as with pseudonymized IP addresses that are only transferred to Google in the USA in exceptional cases, “Privacy“, “Browser Add-on for disabling Google Analytics“.
WordPress.com Stats:
Success and reach measurement; Providers: Automattic Inc. (USA) / Aut O’Mattic A8C Ireland Ltd. (Ireland) for users, among others, in Europe; Data protection information: Module of the Jetpack extension for the free WordPress blog software, Privacy Notice for Visitors to Our Users’ Sites, Privacy Policy (Jetpack), Cookie Policy (Jetpack), Cookie Policy (Automattic).
13. Final Provisions
We created this privacy policy with the assistance of the privacy policy generator from Datenschutzpartner.
We reserve the right to adjust and supplement this privacy policy at any time. We will inform about such adjustments and supplements in an appropriate manner, particularly by publishing the current privacy policy on our website.
Contact address
WOCEN
Women Climate Entrepreneurs
PO Box
4002 Basel
info[at]wocen.org
Bank connection
IBAN: CH13 0900 0000 1619 0106 0
BIC: POFICHBEXXX