Privacy Notice of Call for Climate Justice (Hilfswerk der Evangelisch-reformierten Kirche Schweiz – HEKS; Swiss Church Aid)
1. What is this Privacy Notice about?
HEKS (hereinafter referred to as “we”, “us”) collects and processes personal data that concern you but also other persons (hereinafter referred to as “third parties”). We use the word “data” here interchangeably with “personal data”.
In this Privacy Notice, we describe what we do with your data when you visit callforclimatejustice.org (hereinafter referred to as “Website”).
This Privacy Notice is aligned with the EU General Data Protection Regulation (GDPR), the Swiss Data Protection Act (DPA) and the revised Swiss Data Protection (revDPA). However, the application of these laws depends on the specific case.
2. Who is the controller for the processing of your data?
HEKS, the Swiss Church Aid, Zurich, is the controller in terms of data protection law for the processing performed by HEKS as described in this Privacy Notice, unless we tell you otherwise in a specific case.
You may contact us for data protection concerns and to exercise your rights under Section 10 as follows:
Swiss Church Aid
3. What data do we process?
We process various categories of data about you. The main categories of data are the following:
- Technical data: When you use our Website, we collect the IP address of your end device and other technical data in order to ensure the functionality and security of these offerings. These data also include logs with records of the use of our systems. We generally keep technical data for 26 months. In order to ensure the functionality of these offerings, we may also assign an individual code to you or your end device (e.g. in the form of a cookie, see Section 11). As a rule, technical data as such do not permit us to draw conclusions about your identity. However, technical data may be linked with other categories of data (and potentially with your person) in relation to signing the appeal.
- Communication data: When you contact us via the contact form or by e-mail, telephone, letter or other means of communication, we collect the data exchanged between you and us, including your contact details and the metadata of the communication. We generally keep these data for 12 months from the last exchange between us. This period may be longer where required for evidentiary purposes, to comply with legal or contractual requirements, or for technical reasons. E-mails in personal mailboxes and written correspondence are generally kept for at least 10 years.
- Master data: By master data, we mean the basic data that we need for the performance of our contractual and other business relationships or for marketing and promotional purposes, such as name and contact details. We process your master data because we wish to address you for our own purposes (e.g. with newsletters, etc.). We receive master data only from you personally. We generally keep these data for 10 years from the last exchange between us. This period may be longer where required for evidentiary purposes, to comply with legal requirements, or for technical reasons. In the case of contacts used only for marketing and advertising purposes, the retention period is usually much shorter, in most cases not more than two years from the last contact.
- Behavioural and preference data: Depending on our relationship with you, we try to get acquainted with you and better tailor our information to you. For this purpose, we collect and process data about your behaviour and preferences. We do so by analysing information about your behaviour in our domain, and we may also supplement this information with third-party information, including from publicly available sources. Based on these data, we can for example determine the likelihood that you will use certain services or behave in a certain way. The data processed for this purpose are already known to us in some cases (e.g. when you use our services), or we collect them by recording your behaviour (e.g. how you navigate our Website). We anonymise or delete these data when they are no longer relevant for the purposes pursued, which may be – depending on the nature of the data – up to 24 months. This period may be longer where required for evidentiary purposes, to comply with legal or contractual requirements, or for technical reasons. We describe how tracking works on our Website in Section 11.
Much of the data set out in this Section 3 are provided to us by you (e.g. through forms, when you communicate with us, when you use the Website, etc.). You are not obliged or required to disclose data to us. When using our Website, the processing of technical data cannot be avoided.
4. For what purposes do we process your data?
We process your data for the purposes explained below. Further information is set out in Sections 11 and 11 for online services. These purposes and their underlying objectives represent our legitimate interests and potentially those of third parties. You can find further information about the legal bases for our processing in Section 5.
We process your data for purposes related to communication with you, in particular in relation to responding to enquiries and the exercise of your rights (Section 10) and to enable us to contact you in case of queries. For this purpose, we use in particular communication data and master data. We keep these data to document our communication with you, for training purposes, for quality assurance and for follow-up enquiries.
We process data for marketing purposes and relationship management, for example, to send our customers and other contractual partners personalised advertising about our information and services. This may happen in the form of newsletters and other regular contacts (electronically, by mail or by telephone), through other channels for which we have contact information from you, but also as part of marketing campaigns. You can decline such contacts at any time (see at the end of this Section 4) or refuse or withdraw consent to be contacted for advertising purposes. With your consent, we can target our online advertising on the internet more specifically to you (see Section 11). We process personal data to comply with laws, directives and recommendations from authorities and internal regulations (“compliance”).
5. On what basis do we process your data?
Where we ask for your consent for certain processing activities (e.g. for marketing mailings), we will inform you separately about the relevant processing purposes. You may withdraw your consent at any time with prospective effect by giving us written notice (by mail) or, unless otherwise noted or agreed, by sending an e-mail to us; you can find our contact details in Section 2. For withdrawing your consent to online tracking, see Section 11. Once we have received notice of the withdrawal of your consent, we will no longer process your data for the purposes you originally consented to, unless we have another legal basis for doing so. Withdrawal of your consent does not, however, affect the lawfulness of the processing based on the consent prior to withdrawal.
Where we do not ask for your consent to processing, our processing of your personal data is based on our legitimate interest or that of a third party in such processing, in particular in pursuing the purposes and related objectives set out in Section 4 above, and in being able to implement corresponding measures. Our legitimate interests also include compliance with legal regulations, insofar as this is not already recognised as a legal basis in applicable data protection legislation (e.g. in the GDPR or in laws in the European Economic Area [EEA] or Switzerland).
6. With whom do we share your data?
In connection with the Website, with our legal obligations and with the other purposes set out in Section 4, or otherwise for protecting our legitimate interests, we may also transfer your personal data to third parties, in particular to the following categories of recipients:
ECCHR, European Center for Constitutional and Human Rights e.V., Zossener Str. 55-58, 10961 Berlin
Walhi, Jn. Tegal Parang Utara No 14, Jakarta Selatan 12790, INDONESIA
The sharing of data with these organisations occurs solely in the case of explicit consent. If you subscribe to a follow-up newsletter in English or Indonesian, we will share your data with the ECCHR (English) or Walhi (Indonesian).
We work with service providers in Switzerland and abroad who process data about you on our behalf or as joint controllers with us or who receive data about you from us as a separate controller. For the service providers used for the Website, see Section . Our main service providers in the IT area are:
- Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA
- Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
- Meta Headquarters, 1 Hacker Way, Menlo Park, California 94025, USA
- Augenweide Werbeagentur GmbH, Allmendweg 8, 4528 Zuchwil, Switzerland
- Cyon GmbH, Brunngässlein 12, 4052 Basel, Switzerland
- Shorthand, First Floor, Thavies Inn House, 3-4 Holborn Circus, London, EC1N 2HA, England
- ActiveCampaign, Block D, Iveagh Court, Harcourt Road, Dublin, 2, Ireland
Authorities: We may share personal data with agencies, courts and other authorities in Switzerland and abroad if we are legally obliged or entitled to do so or if it appears necessary to protect our interests.
7. Is your personal data also transferred abroad?
As explained in Section 6, we also share data with other parties, some of whom are located outside of Switzerland. Your data may therefore be processed in Europe, in the USA and in Indonesia; in exceptional cases, however, in any country in the world.
Please note that data exchanged over the internet are often routed through third countries. Your data may therefore be transferred abroad even if the sender and recipient are in the same country.
8. How long do we process your data?
We process your data for as long as is required for our processing purposes, under the legal retention periods and in connection with our legitimate interests in processing for documentation and evidentiary purposes or where storage is necessary for technical reasons. You can find further information on the respective storage and processing periods for the individual data categories in Section 3, and for the cookie categories in Section 11. Unless prevented by legal or contractual obligations, we will delete or anonymise your data once the storage or processing period has expired as part of our usual processes.
9. How do we protect your data?
We take appropriate security measures in order to safeguard the confidentiality, integrity and availability of your personal data, to protect them against unauthorised or unlawful processing, and to minimise the risk of loss, accidental alteration, unintended disclosure or unauthorised access.
10. What are your rights?
Applicable data protection laws grant you the right to object to the processing of your data in some circumstances, in particular for direct marketing purposes and other legitimate interests in processing.
To help you control the processing of your personal data, you also have the following rights in relation to our data processing, depending on the applicable data protection law:
- The right to request information from us as to whether and what data we process from you
- The right to have us correct data if they are inaccurate
- The right to request the erasure of data
- The right to request that we provide certain personal data in a commonly used electronic format or transfer them to another controller
- The right to withdraw consent, where our processing is based on your consent
- The right to receive, upon request, further information that is necessary for exercising these rights
If you wish to exercise the above-mentioned rights in relation to us, please contact us in writing, visit us at our premises or, unless otherwise specified or agreed, send us an e-mail; you can find our contact details in Section 2. In order for us to be able to prevent misuse, we need to identify you (e.g. by means of a copy of your ID card, unless identification is possible otherwise).
Please note that conditions, exceptions or restrictions apply to these rights under the applicable data protection law (e.g. to protect third parties or trade secrets). We will inform you accordingly where applicable.
If you do not agree with the way we handle your rights or with our data protection practices, please notify our Data Protection Officer (Section 2) about this. If you are located in the EEA, the United Kingdom or in Switzerland, you also have the right to lodge a complaint with the data protection supervisory authority in your country. You can find a list of authorities in the EEA here: www.edpb.europa.eu/about-edpb/board/members_en. You can reach the UK supervisory authority here: www.ico.org.uk/global/contact-us/. You can reach the Swiss supervisory authority here:
11. Do we use online tracking and online advertising technologies?
We use various technologies on our Website that enable us and third parties engaged by us to recognise you during your use of our Website and, in some cases, to track you across several visits. This Section informs you about this.
In essence, our aim is to distinguish access by you (through your system) from access by other users so that we can ensure the functionality of the Website and perform analysis and customisation activities. In doing so, our intent is not to determine your identity, even if that is possible where we or third parties engaged by us can identify you by combination with registration data. However, even without registration data, the technologies we use are designed in such a way that you are recognised as an individual visitor each time you access the Website, such as when our server (or third-party servers) assigns a specific identification number to you or your browser (so-called “cookie”).
We use these technologies on our Website and may allow certain third parties to do so as well. However, depending on the purpose of these technologies, we may ask for your consent before they are used. You can access your current settings at the bottom left under “COOKIE SETTINGS”. You can configure your browser in such a way that it blocks or deceives certain types of cookies or alternative technologies or deletes existing cookies. You can also add software to your browser that blocks certain third-party tracking. You can find more information on the help pages of your browser (usually under the keyword “Privacy”) or on the websites of the third parties set out below.
We distinguish between the following categories of cookies (incl. other technologies that work similarly, such as fingerprinting):
- Necessary cookies: Some cookies are necessary for the functioning of the Website or for certain features. For example, they ensure that you can move between pages without losing information that was entered in a form. These cookies are only temporary (“session cookies”). If you block them, the Website may not work properly. Other cookies are necessary for the server to store options or information that you entered once a session (i.e. a visit to the Website) ends (e.g. where you use features for setting the language, providing consent, etc.). These cookies have an expiration date of up to 24 months.
In addition to marketing cookies, we use other technologies to control online advertising on other websites and thereby reduce advertising wastage. For example, we may transmit the e-mail addresses of our users and other persons to whom we wish to display advertisements to operators of advertising platforms (e.g. social media). If these persons are registered there with the same e-mail address (which the advertising platforms determine by a matching process), the operators will display our advertisements specifically to these persons. In this regard, the operators do not receive personal e-mail addresses of persons who are not already known to them. In case of known e-mail addresses, however, they learn that these persons are in contact with us and the content they have accessed.
We may also integrate additional third-party offerings on our Website, in particular from social media providers. These offerings are deactivated by default. Once you activate them (e.g. by clicking a button), the corresponding providers can determine that you are using our Website. If you have an account with the social media provider, it can assign this information to you and thereby track your use of online offerings. These social media providers process these data as separate controllers.
We currently use offerings from the following service providers and advertising partners (where they use data from you or cookies set on your computer for advertising purposes):
- Google Analytics:
Google Ireland (with registered office in Ireland) is the provider of the service Google Analytics and acts as our processor. Google Ireland uses Google LLC (with registered office in the USA) as its processor (hereinafter both referred to as “Google”). Google tracks the behaviour of visitors to our Website (duration, page views, geographic origin of access, etc.) through performance cookies (see above) and on this basis creates reports for us about the use of our Website. We have configured the service in such a way that the IP addresses of visitors are truncated by Google in Europe before being forwarding to the USA, meaning they cannot be traced back. We have turned off the “Data sharing” and “Signals” options. Although we can assume that the information we share with Google is not personal data for Google, it is conceivable that Google may be able to use these data for its own purposes in order to draw conclusions about the identity of visitors, create personal profiles and link these data with the Google accounts of these individuals. If you consent to the use of Google Analytics, you expressly consent to any such processing, including the transfer of your personal data (particularly data about website and app usage, device information and unique IDs) to the USA and other countries. Information about data protection by Google Analytics can be found here: [https://support.google.com/analytics/answer/6004245], and if you have a Google account, you can find more details about processing by Google here [https://policies.google.com/technologies/partner-sites? hl=deen].
- Google Tag Manager:
Our Website uses Google Tag Manager offered by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Tag Manager transfers the user’s IP address. This information is normally transferred to a Google server in the USA and stored there. We point out that on this Website, IP addresses are anonymised using IP masking in the case of Google Analytics. If anonymisation is active, Google truncates IP addresses within the Member States of the European Union or in other Contracting States of the Agreement on the European Economic Area, for which reason it is not possible to draw any conclusions about your identity. Only in exceptional cases is the full IP address transferred to a Google server in the USA and truncated there.
Opt-out: You can prevent the storage of cookies by adjusting the settings of your browser software. In addition, you can prevent Crazy Egg from collecting data generated by the cookie relating to your use of the Website (incl. your IP address) and processing these data by following the instructions at the following link: www.crazyegg.com/opt-out
- Pixel tags: In technical term, a pixel tag is not a cookie but rather a similar type of technology, which is placed on a website or in e-mails (newsletters) in order to track activities on websites or in e-mails. Pixel tags are often used in combination with cookies. The collected information is anonymous. We use Facebook pixel tags in order to track conversions of social media on our Website. You can find more information about the Facebook pixel tag here.
- ActiveCampaign: We work with the Swiss service provider getunik and software from ActiveCampaign (USA) for the purpose of sending e-mails and our newsletter. Both have access to select data (e.g. e-mail address, origin of the subscription, and donation amount and purpose, as well as newsletter usage data, such as openings and clicks on links), but they are not permitted to process these data for their own purposes. In order to ensure compliance with all data protection requirements, getunik has concluded a processing contract with ActiveCampaign that is based on standard European Union (EU) contract clauses. The ActiveCampaign software enables us to analyse the aforementioned data and thus to optimise our communication measures. It helps us to use our tools in a more targeted manner.
12. Can we change this Privacy Notice?
This Privacy Notice is not part of a contract with you. We can change this Privacy Notice at any time. The version published on this Website is the current version.
Last updated: 24 June 2022
Support Edi, Arif, Asmania and Bobby in their fight for climate justice. Sign their appeal to Holcim.
Every vote counts. Many thanks to all who have already signed.