Data protection is important to us!

 

We know that careful handling of your personal data is important to you. Therefore, we appreciate your trust that the HSG Foundation will handle this information conscientiously. In the following, we provide information about the collection and processing of personal data in our business activities and when using our website. Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behavior. We have taken extensive technical and operational precautions to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security procedures are regularly reviewed and adapted to technological progress.

 

Privacy Policy

 

«The HSG Foundation collects and processes personal data in the course of its business activities. This privacy policy explains how we collect and process personal data. Personal data is any information that relates to an identified or identifiable natural person. This privacy policy is subject to Swiss law. The collection and processing of data is governed in particular by the Swiss Federal Act on Data Protection Act (FADP). Only as far as applicable, provisions of the European Union (EU), in particular the EU General Data Protection Regulation (GDPR) are taken into account. We can adapt this data protection declaration at any time without prior notice. The current version published on our website shall apply. Status 08.2023 »

 

 

1. Responsible for data processing

The HSG Foundation, Dufourstrasse 48, CH-9000, St.Gallen is responsible for the data processing described below. Telephone: +41 71 224 77 66; e-mail: kontakt@hsg-stiftung.ch

 

 

2. Collection and Processing of Personal Data

We collect and process personal data that we receive in the course of our business activities and the business relationship with donors, business partners and other persons. Publicly known or accessible personal data may also be processed by us if this is appropriate for our business activities. In the context of our business relationship, you must provide the personal data that is required for the establishment and implementation of a business relationship and the fulfillment of the associated contractual obligations. Without this data, we will generally not be able to enter into or perform a contract with you (or the entity or person you represent). Also, the website cannot be used if certain information to secure data traffic (such as IP address) is not disclosed.

 

 

3. Processing Purposes

We use the personal data we collect to pursue the purpose of the Foundation, the raising of funds to support the University of St.Gallen. Within the framework of the GDPR, this is done on the basis of Art. 6 (1) lit. b GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures. In addition, we process personal data of you and other persons, to the extent permitted and deemed appropriate, also for the following purposes, in which we (and sometimes third parties) have a legitimate interest corresponding to the purpose: - Offering and further developing our offers, services and websites, apps and other platforms, - Information and marketing (including holding events), insofar as you have not objected to the use of your data (if we send you information as an existing donor from us, you can object to this at any time, we will then put you on a block list against further information mailings).

 

 

4. Payment Providers

 

4.1 Data Processing for Donations via Payment Slip, LSV/DD and E-Banking/PostFinance, E-Finance

You choose the financial institution through which you make your payment. Your financial institution will adhere to its own data protection regulations. The financial institution you choose transmits the donation to us, stating your name, address, the purpose of the donation and any comments.

4.2 Data Processing for Donations via our Website by Visa, Mastercard, AmericanExpress, PayPal, PostFinance Card, TWINT

RaiseNow is a certified e-payment platform based in Switzerland (https://www.raisenow.com/de). When donating through our website, your data is transmitted directly via RaiseNow in encrypted form. Credit card data is transmitted via Datatrans to Postfinance or Six, which initiate the collection from you and the payment to us. In the case of PayPal, we receive a request from you to debit the donation amount to the PayPal account after the payment has been collected. The HSG Foundation does not store any card data itself. Your payment data goes directly through the aforementioned, certified by credit card industry (PCI DSS), external partners. Our service providers may only use the information to fulfill their tasks and are obliged to comply with the applicable data protection regulations.

 

 

5. Data Disclosure

Within the scope of our business activities and the purposes set out in section 3, we also disclose data to third parties, insofar as this is permitted and appears to us to be appropriate, so that they can process it for us. This data may also be disclosed to the University of St.Gallen and the HSG Alumni Association so that they can process it for their own purposes (information about events, fundraising activities, marketing measures). If a recipient is located in a country without adequate legal data protection, we contractually oblige the recipient to comply with the applicable data protection (for this purpose, we use the revised standard contractual clauses of the European Commission, which can be accessed here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?), unless the recipient is already subject to a legally recognized set of rules to ensure data protection and we cannot rely on an exception provision. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interests or if the performance of a contract requires such disclosure, if you have given your consent or if it is a matter of data made generally available by you, the processing of which you have not objected to.

 

 

6. Retention Period

We process and store your personal data as long as it is necessary for the fulfillment of our contractual and legal obligations or otherwise for the purposes pursued with the processing, i.e., for example for the duration of the entire business relationship (from the initiation to the termination of a contract) as well as beyond that in accordance with the legal storage and documentation obligations. In this context, it is possible that personal data will be retained for the time during which claims can be asserted against our company and insofar as we are otherwise legally obligated to do so, or legitimate business interests require this (e.g., for evidence and documentation purposes). As soon as your personal data is no longer required for the above-mentioned purposes, it will be deleted or anonymized as far as possible. For operational data (e.g., system protocols, logs), shorter retention periods of twelve months or less apply in general.

 

7. Data Security

We take appropriate technical and organizational security measures to protect your personal data from unauthorized access and misuse.

 

 

8. Your Rights

You have the following rights with respect to personal data concerning you: - Right to information, - Right to correction or deletion, - Right to restriction of processing, - Right to object to processing. If data processing is based on your consent, you can revoke this consent for future processing at any time without giving reasons. The revocation should be sent to the address [kontakt@hsg-stiftung.ch]. In order to process your requests and exercise your rights, it may be necessary for you to identify yourself so that we can clearly identify you. In Switzerland, there is no right of appeal to a supervisory authority. Individuals in Switzerland may report a data protection infringement to the Federal Data Protection and Information Commissioner. For citizens in the EU, in the event of a data protection breach, the affected parties have a right to lodge a complaint with the competent supervisory authority in the EU.

Website

 

When you use our website, various personal data are collected. This privacy policy explains what data we collect when you visit our website and what we use it for. It also explains how and for what purpose this is done. This declaration applies to the Internet pages available at https://www.hsg-stiftung.ch/. It should be noted that there may be links to other websites for which different data protection rules may apply.

1. Collected Data

When collecting and processing personal data, we comply with the legal requirements of the applicable data protection laws. The processing of personal data is governed by the Federal Act on Data Protection (FADP). Insofar as the GDPR is applicable, Art. 6 para. 1 lit. b and f of the GDPR constitutes the legal basis for the processing. Our Internet pages collect a series of general data with each page visit. This general data and information are stored in the log files of the server. The following data is collected: - IP address - date and time of the request - time zone difference to GMT time zone – content of the request – access status/http status code – amount of data transferred in each case – internet page from which the request originated – browser (incl. language and version) – operating system When using this general data, no assignment to a specific person takes place. The collection of this data is technically necessary to display our website to you and to ensure its stability and security. The basis for the data processing is Art. 6 para. 1 lit. f GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures.

2. Encrypted Payment Transactions on this Website.

If, after the conclusion of a fee-based contract, there is an obligation to provide us with your payment data (e.g., account number in the case of direct debit authorization), this data is required for payment processing. Payment transactions via the common means of payment (Visa/MasterCard, direct debit) are made exclusively via an encrypted SSL or TLS connection. With encrypted communication, your payment data that you transmit to us cannot be read by third parties.

3. SSL or TLS Encryption

This website uses SSL or TSL encryption for security reasons and to protect the transmission of confidential content, such as requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If SSL encryption is activated, the data you transmit to us cannot be read by third parties.

4. Cookies

Our website uses so-called cookies. These are small text files that are stored on your computer and can be retrieved there. Cookies are used to enable you to register for our services and to personalize our website for you. For this purpose, our website is supported by cookies, which collect information about your IP address, the time and duration of your visit, the number of visits, form usage, your search settings, your display view and your settings for favourites on our website. The storage period of cookies varies. You can prevent the setting of cookies by our website at any time by means of a corresponding setting of the Internet browser used and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time using an Internet browser or other software programs. This is possible in all common Internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be fully usable. Within the scope of the GDPR, cookies that are required to carry out the electronic communication process or to provide certain functions that you have requested (e.g. shopping cart function) are stored on the basis of Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in storing cookies for the technically error-free and optimized provision of its services. Insofar as other cookies (e.g. for the analysis of your surfing behaviour) are stored, these are treated separately in this privacy statement.

5. Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics also uses cookies and uses this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity and to provide other services related to website and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. The storage of Google Analytics cookies is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in analysing user behaviour to optimize both its web and its information offering. We have activated the IP anonymization function on this website. This means that your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

6. Social Media Plugins

Within the scope of the web offer, plugins from various third-party providers of social media platforms may be integrated. When visiting the website, these plugins may automatically transmit data to the third-party providers. We use the following plugins with a two-click solution.

6.1 LinkedIn

Plugins of the social network LinkedIn of LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA (hereinafter "LinkedIn") are integrated on our web pages. You can recognize the LinkedIn plugins by the LinkedIn logo or the "Recommend" button on our website. When you visit our pages, a direct connection is established between your browser and the LinkedIn server via the plug-in. LinkedIn thereby receives the information that you have visited our site with your IP address. If you click the LinkedIn "Recommend Button" while logged into your LinkedIn account, you can link the content of our pages on your LinkedIn profile. This allows LinkedIn to associate the visit to our pages with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by LinkedIn. Details on data collection (purpose, scope, further processing, use) as well as your rights and setting options can be found in LinkedIn's privacy policy. You can find this information at: http://www.linkedin.com/legal/privacy-policy. LinkedIn's services require a flow of data from the European Union (EU), the European Economic Area (EEA) and Switzerland to the United States (USA) and back. To ensure that personal data is protected when transferred outside the EU, EEA and Switzerland, data is processed in accordance with the European Commission's Standard Contractual Clauses (SCC).

6.2 Facebook

Plugins of the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA are integrated on our pages. You can recognize the Facebook plugins by the Facebook logo or the "Like button" ("Like") on our site. You can find an overview of the Facebook plugins here: www.facebook.com/about/privacy/. When you visit our pages, a direct connection is established between your browser and the Facebook server via the plugin. Facebook thereby receives the information that you have visited our site with your IP address. If you click the Facebook "Like" button while logged into your Facebook account, you can link the content of our pages on your Facebook profile. This allows Facebook to associate the visit to our pages with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Facebook. For more information, please refer to Facebook's privacy policy at www.facebook.com/about/privacy/. The following contract addendum applies to the transmission of European data: https://www.facebook.com/legal/EU_data_transfer_addendum. It applies to the extent that Facebook Ireland, as your processor, processes European data in accordance with the Terms of Use for Covered Products and transfers of such data from the EU, the EEA, the United Kingdom or Switzerland to Facebook, Inc. occur.

6.3 Twitter

Functions of the Twitter service are integrated on our pages. These functions are offered by Twitter Inc, 795 Folsom St, Suite 600, San Francisco, CA 94107, USA. By using Twitter and the "Re-Tweet" function, the web pages you visit are linked to your Twitter account and made known to other users. In the process, data such as IP address, browser type, domains called up, pages visited, mobile phone provider, device and application IDs and search terms, among other things, are transmitted to Twitter. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Twitter. You can change your privacy settings on Twitter in the account settings at twitter.com/account/settings. If you have any questions, please contact privacy@twitter.com. Due to ongoing updates to Twitter's privacy policy, please refer to the current version at http://twitter.com/privacy. Twitter adheres to the standard contractual clauses approved by the EU Commission when transferring data to the USA.

7. Newsletter

If you register for our newsletter, we will immediately send an e-mail to the e-mail address provided, which contains a hyperlink. If you click on this link, you confirm your newsletter registration (double opt-in procedure). If this registration confirmation is not received within one week, we will delete the e-mail address from our temporary list again and registration will not have taken place. If you confirm the newsletter registration, you give your consent to the storage of your e-mail address including the date of registration, IP address and the list name of the desired newsletter. We use your e-mail address and the optional personal data collected at the same time, such as name and title, only for the administration and sending of the newsletter requested by you, for the periodicity given at registration. Your consent to the sending of the newsletter can be revoked at any time and the newsletter can thus be unsubscribed. You can declare the revocation by clicking on the link provided in each newsletter e-mail or via the contact details provided by the controller. You can also unsubscribe from the newsletter using the following web address: https://www.hsg-stiftung.ch/newsletter/. For our newsletter service, we use the newsletter service "Mailchimp" of Rocket Sience Group LLC, 675 Ponce de Leon Ave NE, Suite 5000 Atlanta, GA 30308. Your email address for receiving the newsletter is stored at MailChimp. If you have unsubscribed from the newsletter, it will be deleted. MailChimp stores the date of registration and your IP address. A further use of your IP address does not take place. We would like to point out that the data collected and used via MailChimp is stored and processed on computers in the USA. We have concluded a data processing agreement with MailChimp based on the so-called EU standard contractual clauses. Your e-mail address will not be passed on to third parties in any other way. Furthermore, we may send you our newsletter as part of a business or contractual relationship with you. As a donor, you will be informed about our work, further projects and important developments. You can unsubscribe from the newsletter at any time by clicking on the link provided in every newsletter email or via the contact details of the controller given in the imprint.

8. Data Security

To protect your data, we have implemented numerous technical and organizational measures to ensure as comprehensive as possible the protection of personal data processed via this website. Communication by e-mail, fax, cell phones or Internet applications involves risks such as the possibility of viewing the content of the message, its alteration or loss. The HSG Foundation accepts no liability for this.

 

9. Your Rights

You have the following rights with regard to personal data concerning you: - Right to information, - Right to correction or deletion, - Right to restriction of processing, - Right to object to processing. If data processing on our website is based on your consent, you can revoke this consent for the future at any time without giving reasons. The revocation is to be sent to the address [kontakt@hsg-stiftung.ch]. The legality of the data processing carried out until the revocation remains unaffected by the revocation. In order to be able to process your requests to exercise your rights, it may be necessary for you to identify yourself so that we can clearly identify you. For citizens in the EU, in the event of violations of data protection law, data subjects have a right to lodge a complaint with the competent supervisory authority in the EU. The competent supervisory authority in Germany is the State Data Protection Commissioner of the federal state in which our company is based. A list of data protection officers and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html. In Switzerland, there is no right of appeal to a supervisory authority. Persons in Switzerland may report a data protection violation to the Federal Data Protection and Information Commissioner.

Your insight into our work and endeavours

Subscribe to our quarterly newsletter and find out how we are working together for the University of St.Gallen.

By subscribing to our newsletter, you declare that you agree to our data protection regulations.

Optimally connected

Welcome to the HSG Foundation! Be part of our community online and get even more insight into what happens in front of and behind the scenes of the HSG Foundation.