Privacy statement with regard to website use and advertisements
General information and legal guidelines
This privacy statement concerns HEKS/EPER, the relief organisation of the Protestant Churches of Switzerland.
Its goal is to provide you with detailed information on the use, storage and administration of personal data. As the operator of the website www.heks.ch and other websites such as www.hilfe-schenken.ch and www.farbe-bekennen.jetzt, HEKS/EPER (the relief organisation of the Protestant Churches of Switzerland) takes the protection of your personal data very seriously.
In general, you can use our Internet services without having to enter any personal data (such as, for example, your name, address or email address).
We only use your personal data when you have given us explicit permission to do so. In such a case, we treat your data confidentially and according to the current legal data protection regulations of the EU (GDPR), Switzerland (DSG-Data Protection Act ) and this privacy statement.
Party responsible for the data handling
+41 44 360 88 00
is in charge of handling data as described in the present privacy statement.
You can reach our Data Protection Officer at the postal address below (please include “c/o Data Protection Officer”) or by email: firstname.lastname@example.org.
Right to information
You may contact us free of charge with any questions regarding the collection, processing or use of your personal data, as well as the latter’s correction, blocking or deletion, or to revoke a previously granted permission. For questions on how HEKS/EPER processes and stores data, or to request information on the data we already have on file, please contact our Data Protection Officer by email (email@example.com), post (HEKS, c/o Data Protection Officer, Seminarstrasse 28, Postfach, 8042 Zurich, Switzerland) or telephone (+41 44 360 88 00). To modify your information, please contact your regular contact person at HEKS/EPER or our Data Protection Officer.
Data processing and data storage are processes that are used – often via technical means – to treat and analyse default, collected or stored data. The systematised handling of personal data, with the goal to acquire information on the individuals concerned, is only permitted within the framework of the legal data protection guidelines of the EU (GDPR) and Switzerland (DSG). For the purpose of transparency, we will describe how we handle your personal data below.
In general, you can visit our websites without having to enter any personal data. In an effort to improve our websites’ quality, we collect non-personal usage data such as your IP address, the sites you have visited and the browser you are using. We never use this data to draw conclusions about your identity.
You will only be asked to enter personal data if you wish to participate in a campaign (e.g. a petition), contact HEKS, make a donation or order products and information. In such a case, your data will only be used for the handling of your request. Your data is sent to an internal address database administered exclusively by HEKS.
All data collected in this way is stored on the HEKS premises. Our hard drives are protected with all the necessary security features. Your data is therefore safe from crashes (backup, generator) and protected against hacker attacks by a firewall. Access rights are set in such a way that only those HEKS employees who are authorised to handle your data actually have access to it. Your data will never be passed on to third parties – HEKS does not trade addresses or personal information. With your permission, we use your data for statistical and analytical purposes, e.g. to assess our organisation's impact.
We constantly cater to your needs, whether they may be to modify your contact information, reduce the frequency or delivery method of our mailings or remove your address from our list if you no longer wish to receive emails from us.
In general, we delete your personal data as soon as it no longer serves its intended purpose, except in cases where we are required to continue to store it on a temporary basis, such as to comply with regulatory requirements or obligations regarding data retention and supporting documents.
Cookies neither harm your computer nor contain viruses. Cookies are small text files that are deposited on your computer and saved by your Internet browser (e.g. Internet Explorer, Edge, Chrome, Safari, Firefox, etc.).
Please note that the “anonymizeIP” code has been added to Google Analytics on all our websites. This code uses “IP masking” to anonymise the collection and sending of visitor IP addresses to Google Analytics. With anonymizeIP, your IP address is shortened before it will be sent within the European Union or in other nations included in the Agreement on the European Economic Area. In certain rare cases, your full IP address will be sent to a Google server in the USA before being shortened there.
Google Analytics uses the collected information to create reports that illustrate the usage statistics of our website.
Google Analytics may also pass this information on to third parties, provided this is permitted by law or that third parties have been hired by Google Analytics to process the data.
Google Analytics complies with the data protection regulations of the European Union. You can therefore be sure that under no circumstances will Google Analytics link your IP address to other Google data. In general, user and event data are only kept for 26 months. You can disable cookies in the settings of your browser; please note, however, that you may not be able to make full use of all our website’s functions if you do so.
If you disagree with CrazyEgg collecting and processing your data, you may opt out at any time by following the instructions on their website: www.crazyegg.com/opt-out. For more information on data protection with CrazyEgg.com, please visit www.crazyegg.com/privacy.
Upon subscribing to our newsletter, your IP address and the date/time of your subscription are saved in our system. This information enables us to track and prevent potentially fraudulent subscriptions by third parties.
We only use this collected data to send our newsletter. It is never passed on to third parties. You may cancel your subscription to the newsletter at any time.
We use the email marketing platform MailChimp to send our newsletter. MailChimp is a service offered by The Rocket Science Group, LLC, 512 Means Street, Suite 404, Atlanta, GA, 30318 (hereinafter “Rocket”).
The data saved during the registration process is sent to and stored with Rocket. None of the data entered during the registration process is sent to third parties. MailChimp enables us to evaluate the performance of our mailings by providing information such as the number of users who received an email, whether the emails were sent back and if users unsubscribed from the list after receiving an email.
Rocket is committed to handling and storing all data conferred to its services in accordance with the requirements of the GDPR and DSG. For more information on MailChimp, please visit https://mailchimp.com/legal/privacy/.
MailChimp is a “Swiss-US and EU-US Privacy Shield” certified service. The “Privacy Shield” is an agreement between Switzerland or the European Union (EU) and the USA, which ensures that European privacy standards are respected in the USA.
Google Tag Manager and Google Search API
For some websites and campaigns, HEKS uses the remarketing function offered by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA, 94043, USA (hereinafter “Google”).
This function is used to present interest-based advertisements to website visitors within the Google Display Network. A cookie is saved in the user’s browser that can recognise users when they visit websites belonging to the Google Display Network. These websites may present online advertisements to users, which relate to content the users may have viewed before and which make use of Google’s “remarketing” function.
This website uses the Facebook pixel provided by the social networking site Facebook, 1601 South California Avenue, Palo Alto, CA, 94304, USA. The Facebook pixel establishes a direct connection between the user’s browser and the Facebook server whenever the website is visited. As a result, Facebook learns which users (and IP addresses) have visited our site. Facebook can then match these users with their respective Facebook user accounts. Information obtained in this way can be used for Facebook Ads or tracking functions. Please note that HEKS has no knowledge of the content of the data that is transmitted, nor of how Facebook uses it. More information on Facebook’s data policy can be found at: https://www.facebook.com/about/privacy.
Social plugins are functions and/or buttons created by social media platforms such as Twitter and Facebook, which can be added to other websites. One of the best-known social plugins is Facebook’s “Like” button. Social plugins allow visitors of other websites to interact with a social networking site by clicking on a button.
Our website uses plugins from the social networking site Facebook (1601 South California Avenue, Palo Alto, CA, 94304, USA). You can recognise Facebook plugins on our website by the Facebook logo or “Like” button. For an overview of Facebook plugins, please see: https://developers.facebook.com/docs/plugins/?locale=en_US. Each time a user visits a page that includes such a plugin, the plugin is downloaded from the Facebook server and displayed as a logo or button in the user’s browser. The Facebook server can thus obtain information about the page the user is visiting. If the user is a member of Facebook and logged into Facebook while visiting the page, Facebook can identify the exact page the user is visiting via the information sent by the plugin. It will then link this information to the user’s Facebook account. If the user activates a plugin, this information is sent to the user’s Facebook account where it is saved. Moreover, Facebook will learn that the user has visited this website, regardless of whether the user activates one of the plugins or not.
If you disagree with Facebook receiving and/or saving information regarding the pages you have visited, then log out of Facebook first before visiting another website. Additional information on Facebook’s plugin and privacy settings can be obtained from Facebook Inc.’s Data Policy (https://www.facebook.com/about/privacy/) and Terms of Service (https://www.facebook.com/legal/terms).
Our internal address database (postal addresses and phone numbers) is updated by specialised Swiss providers.
Donation appeal: General
We have entered into agreements with address dealers and external IT centres to ensure compliance with the current legal data protection regulations. Orange pay-in slips (ISR) are enclosed with our donation letters: Payments are allocated exclusively in accordance with the donation purpose specified in the donation letter.
As a non-profit organisation, HEKS relies on your donations. HEKS uses donation letters to generate the resources we need for our projects. Our donation appeals are sent by post to private or rented addresses. Appeals are occasionally made by telephone via an external agency.
Donation appeal: Private addresses
To make sure that you do not receive unnecessary correspondence from us, HEKS carries out an internal selection of addresses from the existing address database. HEKS then submits the selected addresses and donation purpose via FTP (file transfer protocol) to an external IT centre that forwards the printed donation letters to Swiss Post.
If donation letters are returned, they are disposed of directly by Swiss Post. If returned letters indicate “return”, “send back”, “rejected”, “no mailings”, “delete address” or “deceased”, no further donation letters will be sent to the relevant address. If you return a letter, Swiss Post will send us your information electronically, encrypted via data matrix code, to ensure that we do not send you any more donation letters in the future.
Donation appeal: Rented addresses
To attract new donors, we also rent addresses from reputed address dealers based exclusively in Switzerland.
If you do not wish to receive direct marketing of this kind by post in future, you can have your address registered on the “Robinson list” (Swiss dialogue marketing association, SDV). As an organisation certified by ZEWO, we undertake to respect our donors’ wishes. That is why we compare the addresses we have selected for canvassing new donors with the opted-out addresses on the Robinson list. The address comparison with the Robinson list is conducted by an address dealer from an external IT centre.
To comply with data protection regulations, all donation letters returned by the recipient are disposed of directly by Swiss Post. Swiss Post then sends us your information electronically, encrypted via datamatrix code.
Data processing for donations via pay-in slip, direct debit (LSV), e-banking/PostFinance or e-finance
You select the financial institution which will process your donation, and your financial institute thereby also undertakes to comply with its own data protection regulations. Your selected financial institution transfers your donation to us, stating your name, your address, the donation purpose and any notes you have added to the payment.
Data processing for donations via our website using Visa, Mastercard, PayPal, PostFinance Card or text message
RaiseNow is a certified e-payment platform based in Switzerland (https://www.raisenow.com/gb-en). If you make a donation on our website, your data will be transmitted to us in encrypted form by RaiseNow. Credit card data is transmitted via Datatrans to PostFinance or Six, which will then debit your account and trigger the payment to us. If you choose to pay by PayPal, we receive an order to debit your PayPal account once your donation has been transferred to it. No credit card data is stored by HEKS itself. Your payment data is transmitted directly via the above-mentioned external partners, which are certified by the payment card industry (PCI DSS). Our service providers are only allowed to use your information to perform their tasks and they are obliged to comply with the current legal data protection regulations.
Data processing for donations via text message
You can react to donation appeals immediately and donate by sending us a text with the code 488. The number 488 is managed by the FairGive association (based in Switzerland: http://www.fairgive.org/) which has concluded agreements with the telecom operators. This allows for a secure donation process and protects the transfer of your donations. FairGive transmits your data to RaiseNow, which triggers the processes listed under b). Your donation will be charged to your phone bill or deducted from your phone credit. Your telecom operator undertakes to guarantee the secure transfer of your donations and the protection of your personal data in accordance with the general terms and conditions acknowledged by you (please make sure that you are aware of these). During the text message payment process, you have the option of sending your postal address to HEKS via text message so that we can send you your annual donation receipt.
Data processing: “Hilfe schenken” website
Our donation site www.hilfe-schenken.ch features an order form made available by our service provider “Hausformat”, which is based in Switzerland (https://www.hausformat.com/). “Hausformat” then forwards your data to RaiseNow. This triggers the processes outlined under b). At the same time, the order form is sent to us so that we can send you the correct donation certificate.
Donations are allocated to the corresponding address on the basis of the incoming payments received, and a thank you message is sent automatically. If there is no address available yet, we will open a new one in our “my company” database.