THE ANDAN FOUNDATION
Website Privacy Policy
We ask that you read this website privacy policy carefully as it contains important information with regards to who we are, how and why we collect, store, use and share personal data, your rights in relation to your personal data and as to how to contact us and supervisory authorities in the event you have a complaint.
WHO WE ARE
The website is operated by the Andan Foundation, a Swiss non-profit public benefit organisation with its headquarters located c/o BDO, Kernserstrasse 31, 6060 Sarnen, Switzerland. Our mission is to protect and assist displaced persons and refugees worldwide and to seek durable solutions to their plight.
We collect, use and are responsible for certain personal data about you. Personal data within the meaning of Art. 3 of the Swiss Federal Data Protection Act ( DSG) is all information relating to a specific or identifiable person, e.g. name, address, email etc. This definition of personal data is equivalent to that in Art. 4 of the General Data Protection Regulation of the European Union.
Since our website is operated by a Swiss non-profit public benefit organisation outside the European Union ( EU) and European Economic Area ( EEA), the provisions of the General Data Protection Regulation ( GDPR) will not generally apply unless certain factors apply, for example if you are accessing the Site from within EU or the EEA. Nonetheless we are committed to applying the highest possible standards of good practice in terms of respecting the confidentiality and security of personal data and we therefore intend to treat all personal data collected by us as though the GDPR applies whether or not the GDPR technically applies in any particular situation. We are responsible as ‘controller’ of your personal data for the purposes of the DSG and GDPR.
CONTACT INFORMATION OF CONTROLLER
Andan Foundation
c/o BDO AG
Kernserstrasse 31
6060 Sarnen
Switzerland
Email: info@andanfoundation.org
Please contact us, if you have any questions about this privacy policy or the data we hold about you.
OUR WEBSITE
This privacy policy relates to your use of our website which can be accessed at andan.org and andanfoundation.org
Throughout our website we may link to other websites owned and operated by certain trusted third parties. These other third-party websites may also gather personal data about you in accordance with their own separate privacy policies. For privacy information relating to these other third-party websites, please consult their privacy policies as appropriate.
DONATIONS VIA DONORBOX (THIRD-PARTY WEBSITE)
Our work is financed by donations of people like you. Thank you!
You cannot make donations directly on our website, but we have placed links (“DONATE”, “DONATE NOW” and similar) that will redirect you to a sub-site of the website Donorbox specifically set up for donations to the Andan Foundation. Please note that by clicking on such a link, you will be leaving our website and enter a third-party website where the third-party’s privacy policy applies.
Donorbox is a service provided by Donorbox Corporation, a California Corporation, with offices located at 5 3rd St, Suite 900, San Francisco, CA 94103, USA. This company is not certified for the US-European data protection agreement "Privacy Shield".
You can find their privacy policy here.
For the transactions, the services PayPal (privacy policy here) and Stripe (privacy policy here) are provided.
OUR COLLECTION AND USE OF YOUR PERSONAL DATA
This website collects personal data to power our site analytics, including:
Information about your browser, network, and device
Web pages you visited prior to coming to this website
Your IP address
This information may also include details about your use of this website, including:
Clicks
Internal links
Pages visited
Scrolling
Searches
Timestamps
We share this information with Squarespace, our website analytics provider, to learn about site traffic and activity.
OUR LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA
When we use your personal data we are required to have a legal basis for doing so. There are various different legal bases upon which we may rely, depending on what personal data we process and why.
The legal bases we may rely on include:
consent: where you have given us clear consent for us to process your personal data for a specific purpose
contract: where our use of your personal data is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract
legal obligation: where our use of your personal data is necessary for us to comply with the law (not including contractual obligations)
legitimate interests: where our use of your personal data is necessary for our legitimate interests or the legitimate interests of a third party (unless there is a good reason to protect your personal data which overrides our legitimate interests)
WHO WE SHARE YOUR PERSONAL DATA WITH
We will only use your personal data for internal purposes and will not pass it onto third parties unless you have given your prior consent or we are required to share the information with law enforcement or other authorities by applicable law.
LOG FILES
This website is hosted on a server in Zurich, Switzerland operated by Henley & Partners. Henley & Partners is a company with offices located at Henley & Partners Switzerland AG, Klosbachstrasse 110, 8024 Zurich, Switzerland.
This website collects a series of general data and information each time the website is accessed by an individual or an automated system. These general data and information are stored in the log files of the server. The (1) browser types and versions used can be recorded, (2) the operating system used by the accessing system, (3) the website from which an accessing system accesses our website (so-called referrer), (4) the sub-sites which are accessed via an accessing system on our website, (5) the date and time of an access to the website, (6) an internet protocol address (IP address), (7) the internet service provider of the accessing system and (8) other similar data and information which serve to avert danger in the event of attacks on our information technology systems.
When using this general data and information, Andan Foundation does not draw any conclusions about the person concerned. Instead, this information is required to (1) correctly deliver the contents of our website, (2) optimise the contents of our website and the advertising for them, (3) ensure the long-term operability of our information technology systems and the technology of our website and (4) provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyber attack. This anonymously collected data and information is therefore evaluated by the Andan Foundation both statistically and with the aim of increasing data protection and data security in order to ultimately provide an optimum level of protection for the personal data processed by us. The anonymous data of the server log files are stored separately from all personal data provided by the person concerned.
COOKIES AND SIMILAR TECHNOLOGIES
This website uses cookies and similar technologies, which are small files or pieces of text that download to a device when a visitor accesses a website or app. For information about viewing the cookies dropped on your device, visit About the cookies Squarespace uses.
These functional and required cookies are always used, which allow Squarespace, our hosting platform, to securely serve this website to you.
These analytics and performance cookies are used on this site, as described below, only when you acknowledge our cookie banner. We use analytics cookies to view site traffic, activity, and other data.
Each internet browser differs in the way it manages cookie settings. This is described in the help menu of each internet browser, which explains how you can change your cookie settings. These can be found for each internet browser under the following links:
Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Chrome: http://support.google.com/chrome/bin/answer.py?hl=en&hlrm=en&answer=95647
You can also manage cookies that are used for online advertising using the tools developed in many countries as part of self-regulation programmes, such as https://www.aboutads.info/choices/, which is based in the USA, or http://www.youronlinechoices.com/uk/your-ad-choices, which is based in the EU.
CONTACT FORM
You have the possibility of contacting us via contact form on our website. Within the scope of contacting us via contact form, personal data is collected. Which data is collected in the case of the contact form, is apparent from the text boxes of the respective contact form.
These data are stored and used exclusively for the purpose of answering your request or for establishing contact and the associated technical administration.
Your data will be deleted after final processing of your enquiry; this is the case if it can be inferred from the circumstances that the facts in question have been conclusively clarified and provided that there are no legal storage obligations to the contrary.
MARKETING
We may offer you the opportunity to sign up for online or postal newsletters and other information regarding the work we are doing and how you might support us. Within the scope of these information services, we collect personal data provided to us by the user, such as your name, address, email, phone number as well as other personal data that you provide to us.
We will only send you this if you expressly consent to this by ticking a relevant box on our website. By consenting in this way, you agree that we may contact you by post, email, telephone, text message (SMS) or automated call.
If you have previously agreed to being contacted in this way, you can unsubscribe at any time by:
—contacting us at hello@andanfoundation.org
—using the ‘unsubscribe’ link in emails or ‘STOP’ number in texts
It may take up to five working days for this to take place.
For more information on your rights in relation to marketing, see 'Your rights’ below.
TOOLS
1 Google Web Fonts
This website uses web fonts, provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"), for the uniform display of fonts. When you access a page, your browser loads the web fonts you need into its browser cache to display text and fonts correctly.
To do this, the internet browser you are using must connect to Google's servers. This enables Google to know that your IP address has been used to access our website. The use of Google Web Fonts is in the interest of a uniform and appealing presentation of our online services. If your internet browser does not support web fonts, a standard font will be used by your computer.
Google LLC, headquartered in the USA, is certified for the US-European data protection agreement "Privacy Shield", which guarantees compliance with the data protection level applicable in the EU.
More information about Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy: https://www.google.com/policies/privacy/
2 Google Tag Manager
This website uses Google Tag Manager. Google Tag Manager is a solution provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google") that allows marketed website tags to be managed using an interface. The Tag Manager tool itself (which implements the tags) is a cookie-less domain and does not register personal data.
The tool causes other tags to be activated which may, for their part, register data under certain circumstances. Google Tag Manager does not access this information. If recording has been deactivated on domain or cookie level, this setting will remain in place for all tracking tags implemented with Google Tag Manager.
Google LLC, headquartered in the USA, is certified for the US-European data protection agreement "Privacy Shield", which guarantees compliance with the data protection level applicable in the EU.
More information about Google Tag Manager can be found at https://marketingplatform.google.com/intl/en_uk/about/tag-manager/ and in Google's privacy policy: https://www.google.com/policies/privacy/
3 Pipedrive
In order to process and answer your requests and messages as quickly as possible, we have connected our contact form with our customer relationship management tool (CRM tool) Pipedrive. The data transmitted when filling out the form will be transmitted to Pipedrive and stored there on Pipedrive servers. We also use Pipedrive to manage our funding pipeline as well as our contacts database.
We use the Pipedrive CRM system provided by Pipedrive OÜ on the basis of our legitimate interests (efficient and fast processing of user enquiries, management of our funding pipeline and contacts database). Pipedrive is an Estonian company with offices located at Mustamäe tee 3a, 10615 Tallinn, Estonia, and a subsidiary called Pipedrive Inc. in the USA. This US subsidiary is certified for the US-European data protection agreement "Privacy Shield", which guarantees compliance with the data protection level applicable in the EU.
Your data will be deleted in our CRM tool Pipedrive when we have processed your enquiry and the purpose of storage has ceased to apply and there are no other legal exceptions to the contrary. You can make a request at any time what personal data about you is stored.
Overview of data protection: https://support.pipedrive.com/hc/de/articles/360000335129-Pipedrive-und-DSGVO
Privacy policy: https://www.pipedrive.com/en/privacy
YOUR RIGHTS
Under the General Data Protection Regulation you have a number of important rights free of charge. In summary, those include rights to:
fair processing of information and transparency over how we use your use personal data
access to your personal data and to certain other supplementary information that this Privacy Policy is already designed to address
require us to correct any mistakes in your information which we hold
require the erasure of personal data concerning you in certain situations
receive the personal data concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
object at any time to processing of personal data concerning you for direct marketing
object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
object in certain other situations to our continued processing of your personal data
otherwise restrict our processing of your personal data in certain circumstances
claim compensation for damages caused by our breach of any data protection laws
If you would like to exercise any of your rights, please:
inform us under one of the addresses mentioned under ‘Contact information of Controller’ hereinabove, preferably via email;
let us have enough information to identify you for example your full name and email address;
let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill); and
let us know the information to which your request relates and which right or rights you wish to exercise
IN PARTICULAR YOUR RIGHT TO OBJECT AND REVOKE REGARDING THE PROCESSING OF YOUR PERSONAL DATA
If you have given your consent to the processing of your personal data, you can revoke it at any time. Such a revocation affects the permissibility of the processing of your personal data after you have expressed it to us.
If we base the processing of your personal data on a weighing of interests, you may object to the processing. This is the case if the processing is in particular not necessary for the fulfilment of a contract with you. In the event of such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and either discontinue or adapt the data processing or point out our legitimate interests worthy of protection on the basis of which we will continue the processing.
Of course, you can object to the processing of your personal data for marketing and data analysis purposes at any time. You can inform us of your objection and/or revocation under the addresses mentioned under ‘Contact information of Controller’ hereinabove.
KEEPING YOUR PERSONAL DATA SECURE
We have appropriate security measures in place to prevent personal data from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal data to those who have a genuine need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
HOW TO COMPLAIN
We hope that we can resolve any query or concern you raise about our use of your personal data.
The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the EU or EEA state where you work, normally live or where any alleged infringement of data protection laws occurred. If we are unable to resolve your complaint we will provide you on request with the contact details for the supervisory authority in your relevant jurisdiction. If you do not live or work within the EU or EEA and you should look to the supervisory authority in your home country.
The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter, EDÖB): http://www.edoeb.admin.ch
CHANGES TO THIS WEBSITE PRIVACY POLICY
This website privacy policy was published on [24.04.2019] and last updated on [24.04.2019].
We may change this website privacy policy from time to time.