Privacy statement with regard to website use and advertisements

General information and legal guidelines

This privacy statement concerns HEKS/EPER, the relief organisation of the Protestant Churches of Switzerland.
Its goal is to provide you with detailed information on the use, storage and administration of personal data. As the operator of the website www.heks.ch and other websites such as www.hilfe-schenken.ch and www.farbe-bekennen.jetzt, HEKS/EPER (the relief organisation of the Protestant Churches of Switzerland) takes the protection of your personal data very seriously.
In general, you can use our Internet services without having to enter any personal data (such as, for example, your name, address or email address). 
We only use your personal data when you have given us explicit permission to do so. In such a case, we treat your data confidentially and according to the current legal data protection regulations of the EU (GDPR), Switzerland (DSG-Data Protection Act ) and this privacy statement.

Party responsible for the data handling 

HEKS/EPER
Seminarstrasse 28
Postfach
CH-8042 Zurich
+41 44 360 88 00
dataprotection@heks.ch

is in charge of handling data as described in the present privacy statement.

You can reach our Data Protection Officer at the postal address below (please include “c/o Data Protection Officer”) or by email: dataprotection@heks.ch.

Right to information

You may contact us free of charge with any questions regarding the collection, processing or use of your personal data, as well as the latter’s correction, blocking or deletion, or to revoke a previously granted permission. For questions on how HEKS/EPER processes and stores data, or to request information on the data we already have on file, please contact our Data Protection Officer by email (dataprotection@heks.ch), post (HEKS, c/o Data Protection Officer, Seminarstrasse 28, Postfach, 8042 Zurich, Switzerland) or telephone (+41 44 360 88 00). To modify your information, please contact your regular contact person at HEKS/EPER or our Data Protection Officer.

Purpose and objective

We use our communication tools (website(s), newsletter, etc.) to keep you informed of our projects in Switzerland and abroad as well as our campaigns and offers. They offer valuable information regarding our developmental goals and the way we use donations. This information gives you an overview of our efforts in the area of data protection, and attests to the transparency we are committed to providing in our everyday activities. 
When visiting our website(s), you have the possibility to define your own individual privacy settings, e.g. the use of cookies or temporary data storage. As per applicable law, these settings will only take effect with your express permission.

Data processing and data storage

Data processing and data storage are processes that are used – often via technical means – to treat and analyse default, collected or stored data. The systematised handling of personal data, with the goal to acquire information on the individuals concerned, is only permitted within the framework of the legal data protection guidelines of the EU (GDPR) and Switzerland (DSG). For the purpose of transparency, we will describe how we handle your personal data below. 
In general, you can visit our websites without having to enter any personal data. In an effort to improve our websites’ quality, we collect non-personal usage data such as your IP address, the sites you have visited and the browser you are using. We never use this data to draw conclusions about your identity.
You will only be asked to enter personal data if you wish to participate in a campaign (e.g. a petition), contact HEKS, make a donation or order products and information. Your data is sent to an internal address database administered exclusively by HEKS. 
All data collected in this way is stored on the HEKS premises. Our hard drives are protected with all the necessary security features. Your data is therefore safe from crashes (backup, generator) and protected against hacker attacks by a firewall. Access rights are set in such a way that only those HEKS employees who are authorised to handle your data actually have access to it. Your data will never be passed on to third parties – HEKS does not trade addresses or personal information. With your permission, we use your data for statistical and analytical purposes, e.g. to assess our organisation's impact. 
We constantly cater to your needs, whether they may be to modify your contact information, reduce the frequency or delivery method of our mailings or remove your address from our list if you no longer wish to receive emails from us.
In general, we delete your personal data as soon as it no longer serves its intended purpose, except in cases where we are required to continue to store it on a temporary basis, such as to comply with regulatory requirements or obligations regarding data retention and supporting documents.

Cookies

Cookies neither harm your computer nor contain viruses. Cookies are small text files that are deposited on your computer and saved by your Internet browser (e.g. Internet Explorer, Edge, Chrome, Safari, Firefox, etc.).
We use cookies on our website to identify users who repeatedly use our services. Cookies are used to optimise our website and services according to our users’ needs. They enable us to recognise your browser the next time you visit our website.
You are free to customise the use of cookies in your browser settings to meet your own specific wishes and requirements. However, please note that by disabling cookies, you may be unable to take full advantage of all our website's features.

Web analysis

We collect data on our websites to analyse how visitors make use of our services. This data allows us to continually improve our communication and to tailor this communication to our visitors’ needs. It also enables us to deploy our communication tools in an economic and efficient manner.

Google Analytics

We use Google Analytics, a web analysis tool offered by Google, Inc., whose head office is located in the United States of America (1600 Amphitheatre Parkway, Mountain View, CA, 94043, USA). Google Analytics uses cookies. Google processes the information collected by these cookies (e.g. your IP address and the time, place and frequency of your visits) in the USA.
Please note that the “anonymizeIP” code has been added to Google Analytics on all our websites. This code uses “IP masking” to anonymise the collection and sending of visitor IP addresses to Google Analytics. With anonymizeIP, your IP address is shortened before it will be sent within the European Union or in other nations included in the Agreement on the European Economic Area. In certain rare cases, your full IP address will be sent to a Google server in the USA before being shortened there.
Google Analytics uses the collected information to create reports that illustrate the usage statistics of our website. 
Google Analytics may also pass this information on to third parties, provided this is permitted by law or that third parties have been hired by Google Analytics to process the data.
Google Analytics complies with the data protection regulations of the European Union. You can therefore be sure that under no circumstances will Google Analytics link your IP address to other Google data. In general, user and event data are only kept for 26 months. You can disable cookies in the settings of your browser; please note, however, that you may not be able to make full use of all our website’s functions if you do so.
Google Analytics offers an opt-out add-on for all the major browsers, which will give you greater control over the data that is collected and processed by Google Analytics. If you choose to activate this function, Google Analytics will receive no information regarding your visit to our website. Nevertheless, the use of the opt-out add-on does not prevent information from being sent to us or to other web analysis services potentially used by our services. For more information on Google’s opt-out add-on and its activation, please visit the following link: https://tools.google.com/dlpage/gaoptout?hl=en-GB. The full Google Analytics Terms of Service and Privacy Policy are available at https://www.google.com/analytics/terms/gb.html and https://policies.google.com/?hl=en-GB.

Crazy Egg

Some of our websites use the tracking tool CrazyEgg to assign anonymous IP addresses to individual, randomly selected visits. This tracking tool allows us to evaluate – via cookies – how our website is being used (e.g. which content is being clicked). CrazyEgg charts offer visual illustrations of these usage statistics. When using this tool, we can neither see your personal data, nor collect, process nor use it.
If you disagree with CrazyEgg collecting and processing your data, you may opt out at any time by following the instructions on their website: www.crazyegg.com/opt-out. For more information on data protection with CrazyEgg.com, please visit www.crazyegg.com/privacy.

Newsletter

Our newsletter provides you with regular updates on our offers and projects, as well as on other news from HEKS/EPER. All newsletter subscriptions must be completed via the “double opt-in process”. To start the process, simply enter your valid email address and you will receive an email from us. We will only send you our newsletter after you have clicked on the link in this email to confirm your subscription. 
Upon subscribing to our newsletter, your IP address and the date/time of your subscription are saved in our system. This information enables us to track and prevent potentially fraudulent subscriptions by third parties. 
We only use this collected data to send our newsletter. It is never passed on to third parties. You may cancel your subscription to the newsletter at any time.

MailChimp

We use the email marketing platform MailChimp to send our newsletter. MailChimp is a service offered by The Rocket Science Group, LLC, 512 Means Street, Suite 404, Atlanta, GA, 30318 (hereinafter “Rocket”).
The data saved during the registration process is sent to and stored with Rocket. None of the data entered during the registration process is sent to third parties. MailChimp enables us to evaluate the performance of our mailings by providing information such as the number of users who received an email, whether the emails were sent back and if users unsubscribed from the list after receiving an email. 
Rocket is committed to handling and storing all data conferred to its services in accordance with the requirements of the GDPR and DSG. For more information on MailChimp, please visit https://mailchimp.com/legal/privacy/.
MailChimp is a “Swiss-US and EU-US Privacy Shield” certified service. The “Privacy Shield” is an agreement between Switzerland or the European Union (EU) and the USA, which ensures that European privacy standards are respected in the USA.

Advertisements

Google Tag Manager and Google Search API

We use “Google Tag Manager”, a service provided by Google Inc. (“Google”). The “Google Tag Manager” allows other analysis and marketing services to be incorporated into our Internet services (e.g. “AdWords Conversion Tracking”, “DoubleClick”, and “Google Analytics"). The “Google Tag Manager” uses cookies that enable Google and its partner websites to display advertisements on our website (and others) based on user visits and interests. Google collects user data via a variety of online offers, but only in pseudonymous form. The user information collected by “DoubleClick” is sent to Google and saved on Google servers in the USA. For more information on Google’s use of data for advertising purposes, as well as the possibility to opt out, please visit the following summary page: http://www.google.com/policies/technologies/ads/. You can also use the settings and opt-out options in Google to disable interest-based advertising. To do so, please visit http://www.google.com/ads/preferences/ or http://www.google.de/settings/ads/anonymous.

Remarketing

For some websites and campaigns, HEKS uses the remarketing function offered by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA, 94043, USA (hereinafter “Google”).
This function is used to present interest-based advertisements to website visitors within the Google Display Network. A cookie is saved in the user’s browser that can recognise users when they visit websites belonging to the Google Display Network. These websites may present online advertisements to users, which relate to content the users may have viewed before and which make use of Google’s “remarketing” function. 
If you do not wish to receive interest-based ads of this kind, then simply disable Google’s use of cookies for this purpose on the following page: https://www.google.de/settings/ads. As an alternative, visit the opt-out page of the Network Advertising Initiative to disable the use of cookies by third party providers.

Facebook Pixel

This website uses the Facebook pixel provided by the social networking site Facebook, 1601 South California Avenue, Palo Alto, CA, 94304, USA. The Facebook pixel establishes a direct connection between the user’s browser and the Facebook server whenever the website is visited. As a result, Facebook learns which users (and IP addresses) have visited our site. Facebook can then match these users with their respective Facebook user accounts. Information obtained in this way can be used for Facebook Ads or tracking functions. Please note that HEKS has no knowledge of the content of the data that is transmitted, nor of how Facebook uses it. More information on Facebook’s data policy can be found at: https://www.facebook.com/about/privacy.

Social Plugins

Social plugins are functions and/or buttons created by social media platforms such as Twitter and Facebook, which can be added to other websites. One of the best-known social plugins is Facebook’s “Like” button. Social plugins allow visitors of other websites to interact with a social networking site by clicking on a button.

Facebook

Our website uses plugins from the social networking site Facebook (1601 South California Avenue, Palo Alto, CA, 94304, USA). You can recognise Facebook plugins on our website by the Facebook logo or “Like” button. For an overview of Facebook plugins, please see: https://developers.facebook.com/docs/plugins/?locale=en_US. Each time a user visits a page that includes such a plugin, the plugin is downloaded from the Facebook server and displayed as a logo or button in the user’s browser. The Facebook server can thus obtain information about the page the user is visiting. If the user is a member of Facebook and logged into Facebook while visiting the page, Facebook can identify the exact page the user is visiting via the information sent by the plugin. It will then link this information to the user’s Facebook account. If the user activates a plugin, this information is sent to the user’s Facebook account where it is saved. Moreover, Facebook will learn that the user has visited this website, regardless of whether the user activates one of the plugins or not.
If you disagree with Facebook receiving and/or saving information regarding the pages you have visited, then log out of Facebook first before visiting another website. Additional information on Facebook’s plugin and privacy settings can be obtained from Facebook Inc.’s Data Policy (https://www.facebook.com/about/privacy/) and Terms of Service (https://www.facebook.com/legal/terms).

Twitter

Our website uses plugins from the social networking site twitter.com (“Twitter”). Twitter is a trademark of Twitter Inc., Twitter, Inc., 1355 Market St, Suite 900, San Francisco, CA, 94103, USA. Please visit the following page to view the various Twitter plugins: https://dev.twitter.com/web/overview. Each time a user visits a page that includes such a plugin, the plugin is downloaded from the Twitter server and displayed as a logo or button in the user’s browser. The Twitter server can thus obtain information about the page the user is visiting. If the user is a member of Twitter and logged into Twitter while visiting the page, Twitter can identify the exact page the user is visiting via the information sent by the plugin. It will then link this information to the user’s Twitter account. If the user activates a plugin, this information is sent to the user’s Twitter account where it is saved. Moreover, Twitter will learn that the user has visited this website, regardless of whether the user activates one of the plugins or not.
If you disagree with Twitter receiving and/or saving information regarding the pages you have visited, then log out of Twitter first before visiting another website. Additional information on Twitter’s plugin and privacy settings can be obtained from Twitter Inc.’s Privacy Policy (https://twitter.com/en/privacy) and Terms of Service (https://twitter.com/en/tos).

Fundraising

General information 

HEKS maintains an internal database which stores contact details and information on the donations received and correspondence with donors (see section 1.4. Data processing and data storage). Data is stored internally and is only accessible to HEKS employees or specific external contractors (e.g. for database maintenance purposes) who need to access data in order to perform their work. This data contains information about your interests and allows us to contact you in a targeted manner.  
Our internal address database (postal addresses and phone numbers) is updated by specialised Swiss providers.

Donation appeal: General

We have entered into agreements with address dealers and external IT centres to ensure compliance with the current legal data protection regulations. Orange pay-in slips (ISR) are enclosed with our donation letters: Payments are allocated exclusively in accordance with the donation purpose specified in the donation letter.
As a non-profit organisation, HEKS relies on your donations. HEKS uses donation letters to generate the resources we need for our projects. Our donation appeals are sent by post to private or rented addresses. Appeals are occasionally made by telephone via an external agency. 

Donation appeal: Private addresses 

To make sure that you do not receive unnecessary correspondence from us, HEKS carries out an internal selection of addresses from the existing address database. HEKS then submits the selected addresses and donation purpose via FTP  (file transfer protocol) to an external IT centre that forwards the printed donation letters to Swiss Post. 
If donation letters are returned, they are disposed of directly by Swiss Post. If returned letters indicate “return”, “send back”, “rejected”, “no mailings”, “delete address” or “deceased”, no further donation letters will be sent to the relevant address. If you return a letter, Swiss Post will send us your information electronically, encrypted via data matrix code, to ensure that we do not send you any more donation letters in the future.

Donation appeal: Rented addresses

To attract new donors, we also rent addresses from reputed address dealers based exclusively in Switzerland. 
If you do not wish to receive direct marketing of this kind by post in future, you can have your address registered on the “Robinson list” (Swiss dialogue marketing association, SDV). As an organisation certified by ZEWO, we undertake to respect our donors’ wishes. That is why we compare the addresses we have selected for canvassing new donors with the opted-out addresses on the Robinson list. The address comparison with the Robinson list is conducted by an address dealer from an external IT centre.
To comply with data protection regulations, all donation letters returned by the recipient are disposed of directly by Swiss Post. Swiss Post then sends us your information electronically, encrypted via datamatrix code.

Data processing for donations via pay-in slip, direct debit (LSV), e-banking/PostFinance or e-finance 

You select the financial institution which will process your donation, and your financial institute thereby also undertakes to comply with its own data protection regulations. Your selected financial institution transfers your donation to us, stating your name, your address, the donation purpose and any notes you have added to the payment.

Data processing for donations via our website using Visa, Mastercard, PayPal, PostFinance Card or text message

RaiseNow is a certified e-payment platform based in Switzerland (https://www.raisenow.com/gb-en). If you make a donation on our website, your data will be transmitted to us in encrypted form by RaiseNow. Credit card data is transmitted via Datatrans to PostFinance or Six, which will then debit your account and trigger the payment to us. If you choose to pay by PayPal, we receive an order to debit your PayPal account once your donation has been transferred to it. No credit card data is stored by HEKS itself. Your payment data is transmitted directly via the above-mentioned external partners, which are certified by the payment card industry (PCI DSS). Our service providers are only allowed to use your information to perform their tasks and they are obliged to comply with the current legal data protection regulations.

Data processing for donations via text message 

You can react to donation appeals immediately and donate by sending us a text with the code 488. The number 488 is managed by the FairGive association (based in Switzerland: http://www.fairgive.org/) which has concluded agreements with the telecom operators. This allows for a secure donation process and protects the transfer of your donations. FairGive transmits your data to RaiseNow, which triggers the processes listed under b). Your donation will be charged to your phone bill or deducted from your phone credit. Your telecom operator undertakes to guarantee the secure transfer of your donations and the protection of your personal data in accordance with the general terms and conditions acknowledged by you (please make sure that you are aware of these). During the text message payment process, you have the option of sending your postal address to HEKS via text message so that we can send you your annual donation receipt.

 

Data processing: “Hilfe schenken” website

Our donation site www.hilfe-schenken.ch features an order form made available by our service provider “Hausformat”, which is based in Switzerland (https://www.hausformat.com/). “Hausformat” then forwards your data to RaiseNow. This triggers the processes outlined under b). At the same time, the order form is sent to us so that we can send you the correct donation certificate.
Donations are allocated to the corresponding address on the basis of the incoming payments received, and a thank you message is sent automatically. If there is no address available yet, we will open a new one in our “my company” database.