Status as at: September 2023
For UNICEF, data protection has top priority!
We understand that it is important to you that your personal information is handled with care. We therefore appreciate the trust you have in us that UNICEF will treat this information conscientiously.
The following provides information about the collection of personal data when our website is used. Personal data is all data that refers to your person, e.g. name, address, email address, user behavior. We have implemented wide-ranging technical and operational security measures to protect your data against coincidental or intentional manipulation, loss, destruction or access by unauthorized parties. Our security procedures are regularly reviewed and adjusted to meet the latest technological developments.
1. Data controller
The data controller pursuant to Art. 4 para. 7 of the EU's General Data Protection Regulation (GDPR) is:
Committee for UNICEF Switzerland and Liechtenstein
Tel.: +41 (0)44 317 22 66
2. Data protection officer
Our data protection officer is:
Prof. Simon Schlauri
Ronzani Schlauri Attorneys
He can be contacted by email at datenschutz(at)unicef.ch or via the following postal address:
Committee for UNICEF Switzerland and Liechtenstein
Data Protection Officer
3. Data processing via the website www.unicef.ch
3.1. When visiting our website
When you visit our website, the servers temporarily store each access in a log file. Until their automatic erasure, data such as the IP address of the requesting computer, the date and time of access, the name and URL of the retrieved file, the website from which access was made, the operating system of the user's computer, the user's browser and the country from which the user accessed the website is automatically recorded.
This data is generally collected and processed on an anonymous basis (so the identity of the person cannot be established) for the purpose of enabling the use of the website (establishing a connection), ensuring system security and stability over the long term, optimizing the internet offer and for internal statistical purposes. This information is not linked to or stored with any personal data.
It is only when UNICEF's network infrastructure is attacked or the impermissible or abusive use of the website is suspected that the IP address is evaluated for the purpose of clarification and defense and, if necessary, used in the context of criminal proceedings for the identification and instigation of civil and criminal proceedings against the users concerned.
This is our legitimate interest as defined by Art. 6 para. 1 (f) GDPR.
3.2. When using the contact form
When you contact us by email or via a contact form, we save the data provided by you (your email address and, if relevant, your name and phone number) in order to answer your questions.
The following data is requested when you contact us using a contact form:
- First name and surname
- Date of birth
- Client no.
- Email address
Any information we ask for in our contact form that is not necessary for establishing contact is always marked as optional. This information helps us to substantiate your query and improve the processing of your request. This information is explicitly provided voluntarily. If this data includes information on communication channels (e.g. email address, phone number), we may also contact you via this communication channel in order to answer your query.
We use this data to reply to your questions or to provide the services requested by you. Our legitimate interest in the sense of Art. 6 para. 1 (f) GDPR is the processing of your contact inquiry. You can object to this processing of your data at any time.
3.3. When making a donation or assuming sponsorship
You can donate money directly to a number of projects or assume sponsorships on our website.
To this end, we request the following data:
- First name and surname
- Company donation
- Email address
- Amount and frequency of donation
- Method of payment
Any information we ask for that is not absolutely necessary is always marked as optional.
We use this data to set up the donation or sponsorship requested by you. Our lawful basis for processing your data is the performance of a contract requested by you or the provision of a service requested by you in the sense of Art. 6 para. 1 (b) GDPR.
3.4. When making a purchase in our shop
You can buy products from the online shop on our website.
When you make a purchase in the shop, we request the following data:
- First name and surname
- Company donation
- Email address
- Payment method and payment information
Any information we ask for that is not absolutely necessary is always marked as optional.
We also collect, store and process the following data pertaining to your orders from the online shop, the processing of your orders and the provision of the services requested by you:
- Information about the ordered products
- Information about the ordered services
- Data on your order, purchasing and payment behavior
Cookies help in many ways to make your visit to our website easier, more enjoyable and more meaningful. Cookies are information files that your web browser automatically stores on your computer's hard drive when you visit our website. Cookies neither damage your computer's hard drive nor do they transmit any personal data concerning the user to us.
Our lawful basis for placing cookies lies in your consent pursuant to Art. 6 para. 1 (a) GDPR (for non-essential cookies) or in our legitimate interest (for essential cookies; more about these below). You can refuse to allow cookies to be placed when you visit the website. However, you may not be able to use all the features of our website in this case.
You can consult the following links for information about deactivating all cookies for all websites in your browser:
- Microsoft Edge: https://support.microsoft.com/en-US/windows/microsoft-edge-browsing-data-and-privacy-bb8174ba-9d73-dcf2-9b4a-c582b4e640dd (link is external)
- Safari™: https://support.apple.com/en-gb/guide/safari/sfri11471/mac (link is external)
- Chrome™: https://support.google.com/chrome/answer/95647?hl=en&hlrm=en&sjid=5890991124139230003-EU (link is external)
- Firefox™: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer?redirectslug=Cookies&redirectlocale=en-US (link is external)
- Opera™: https://help.opera.com/en/latest/web-preferences/#cookies (link is external)
If you agree to cookies, you can at any time object to the use of non-essential cookies or change your cookie preferences. You will find a footer at the bottom of each page with a "Cookie settings" link that takes you to the "Data privacy preference center". The revocation of consent does not result in the automatic erasure of cookies that were stored in your browser in the past (revocation does not have retroactive effect).
Figure 1, "Cookie settings" link at the bottom of the website
You can find more details about the cookies that are used at www.unicef.ch in the "Data privacy preference center". A list for each of the following categories is provided under "Cookie details".
Figure 2, "Cookie details" link under "Performance cookies"
3.5.1. Essential cookies and technologies
Without cookies, some features of the website, e.g. the storing of data protection settings and the use of the contact form, cannot be displayed or used properly.
These cookies are absolutely essential for the provision of our website offer and are in our legitimate interest as defined in Art. 6 para. 1 (f) GDPR. This interest lies in being able to provide the website and its core functions to users. This interest is overriding because processing is transparent and is also regularly initiated by the voluntary actions of the users.
3.5.2. Performance cookies
These cookies allow us to count the number of visits to our website and identify the channels from where they originate. This makes it possible for us to measure the performance of our website and improve it on an ongoing basis. They support us in responding to questions such as which pages are most popular, which are used most seldom, and how visitors to the website navigate. The information collected by these cookies is aggregated and is therefore anonymous.
3.5.3. Functional cookies and technologies
The cookies in this category are used for all functions that depend on the users. We use them, for example, to show one option to 50% of visitors and a slightly different option to the other 50% of visitors. This allows us to identify the option that works best and addresses users more directly, and we can then offer this option to all visitors. We use existing technologies provided by third parties to do such tests. They can also place cookies in this category.
3.5.4. Cookies and technologies for marketing purposes
You can find more details and a list of all the cookies that are currently used in the "Data privacy preference center" ("Cookie settings" link at the bottom of the website) under "Cookie details" for the relevant cookie category.
3.6. Google Analytics
We use the web analysis service of Google Analytics for the purpose of designing and continuously optimizing our website to meet your needs. Google Analytics is offered by Google LLC, a subsidiary of the holding company Alphabet Inc. In this context, pseudonymized user profiles are created and small text files stored on your computer ("cookies") are used. The information generated by the cookie about your use of our website, such as
- Browser type/version
- Operating system used
- Referrer's URL (the previous site visited by you)
- Host name of the requesting computer (IP address)
- Time of the server request
is transmitted to and stored on Google's servers in the US. Before the data is transmitted, the IP address is shortened by activating IP anonymization ("anonymizeIP") on our website within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area or Switzerland. The anonymous IP address transmitted by your browser as part of Google Analytics is not merged with other Google data. Only in exceptional cases is the full IP address transmitted to a Google server in the US and shortened there. In such cases, we use contractual guarantees to ensure that Google maintains an adequate level of data protection.
The information is used to evaluate the use of our website, to compile reports on website activities and to provide further services related to the use of the website and the internet for the purposes of market research and the demand-oriented design of these internet sites. This information may also be transferred to third parties where this is required by law or where third parties are responsible for processing this data. According to Google Inc., the IP address will under no circumstances be associated with other data concerning the user.
Users can prevent the capture of the data referring to the usage of the website (incl. the IP address) that is generated by the cookie by Google and the processing of this data by Google by downloading and installing the browser plug-in offered under the following link: https://tools.google.com/dlpage/gaoptout?hl=en (link is external).
As UNICEF Switzerland and Liechtenstein has activated Google Signals in Google Analytics, all current Google Analytics features and reports are updated and supplemented (e.g. reports on topics of interest and demographic criteria). We therefore receive condensed and anonymized reports containing your data if you have consented to personalized messages in your Google account and have given this information (e.g. your age) to Google.
The lawful basis for this data processing is our legitimate interest in the optimization of our website and the improvement of our services in the sense of Art. 6 para. 1 (f) GDPR. You can object to this processing of your data at any time. The previous section explains how you can do this.
For the sake of completeness, we would like to point out that the US authorities may implement surveillance measures under US legislation that generally allow the storage of all data transferred from the European Union to the US. This is done without differentiation, limitation or exception on the basis of the objective pursued and without objective criteria that would allow the US authorities to restrict access to personal data and its subsequent use to specific, strictly limited purposes that would justify access to this data.
3.7. Google Tag Manager
3.8. Google Optimize
unicef.ch uses Google Optimize for the purpose of continuously optimizing our website. This optimization tool is provided by Google Inc. (Google Ireland Limited).
3.9. Google Marketing Platform
The information generated by the cookies about your usage is usually transmitted to and stored on a Google server in the US. Google is a member of the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework. This ensures an adequate level of data protection even in the isolated instances that Google transmits personal data to the US.
Google will not associate the data transmitted by your browser through GMP with any other data held by Google.
You can prevent the placing of cookies by selecting the appropriate setting in your browser software. You can use a browser plug-in to deactivate the display of personalized advertising. You can install this plug-in here: https://www.google.com/settings/ads/plugin
You can also deactivate the display of personalized advertising here.
The lawful basis for using GMP to process data is provided by Art. 6 para. 1 (f) GDPR.
3.10. Xandr (formerly the Nexus app)
To improve its advertising campaigns, unicef.ch uses tracking solutions provided by the US company Xandr Inc. ("Xandr") on its website. To this end, a script is installed on the unicef.ch website that allows Xandr to analyze your use of this website. unicef.ch is not provided with any information that makes it possible to identify any users. According to Xandr, this information is stored in anonymized form so that users cannot be identified personally. You can prevent the processing of your data by Xandr by downloading the relevant opt-out cookie here: https://monetize.xandr.com/privacy-center/opt out).
We use conversion tracking solutions offered by some advertising networks used by us to obtain a better understanding of the success of our advertising campaigns. These include the advertising networks of Microsoft (Bing, Clarity etc.). The features used for this purpose are based on cookies (see section 3.5) that track the results of the visits attracted by advertising. They can also be used to monitor your behavior on our websites, which is also targeted by these tracking tools.
The data collected in this regard can be transmitted by Microsoft for evaluation to and stored on a server in the US. In case personal data is to be transmitted to the US as an exception, we have agreed standard contractual clauses with Microsoft that guarantee a suitable level of data protection outside of the EU. The lawful basis for this is provided by Art. 6 para. 1 (a) and (f) GDPR.
You can find the privacy statement of Microsoft (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA) here: https://privacy.microsoft.com/en-gb/privacystatement.
If you do not want Microsoft to use information about your behavior as described above, you can reject the setting of the required cookie, for example by changing your browser settings to generally block the setting of cookies. You can also prevent the capture of the data referring to your usage of the website that is generated by the cookie and the processing of this data by Microsoft by using the following link to raise an objection: https://account.microsoft.com/privacy/ad-settings/signedout?lang=en-EN.
3.13. Processing and use of personal data for marketing purposes
You will find a link for subscribing to our newsletter on various pages of the website. This link will take you to the newsletter subscription screen. The following data is collected:
- First name and surname*
- Email address*
The information marked with an asterisk is compulsory.
We will use your data to send you the newsletter until you revoke your consent. You can revoke your consent at any time. You will also find an unsubscribe link in all newsletter emails.
Please note that we will send our newsletter to email addresses for which we have a consent declaration and which cannot be clearly allocated to a specific person (e.g. "info@" addresses or addresses used by families) until the consent is revoked. Should one of the users of such an email address revoke their consent, we will no longer send any newsletters to this address.
We use the Marketing Cloud platform provided by Salesforce headquartered in San Francisco, USA, for sending out our newsletters. The data is hosted on a server located in Frankfurt, Germany.
Our newsletter can contain what is known as a web beacon (tracking pixel) or similar technical features. A web beacon is an invisible graphic of size 1x1 pixel that is linked to the user ID of the subscriber to the newsletter.
It provides information about the address file, subject and number of newsletters sent out for each newsletter. It also identifies the addresses that have not yet received a newsletter, the addresses to which a newsletter was sent and the addresses for which delivery failed. It also shows which addresses have opened the newsletter and which have unsubscribed to the newsletter. We use this data for statistical purposes and for optimizing the content and structure of the newsletter. This allows us to better tailor the information and offerings contained in our newsletter to the individual interests of the recipients. The tracking pixel is erased when you erase the newsletter.
If you wish to prevent the use of the web beacon in our newsletter, you have to prevent the display of HTML messages in your mail program (except if this is already the default setting). On the following pages, you will find explanations on how to configure this setting for the most common email programs.
- Microsoft Outlook: https://support.microsoft.com/en-us/office/change-the-message-format-... (link is external)
- Mail on Mac ("Loading remote content in messages"): https://support.apple.com/en-gb/guide/mail/cpmlprefview/mac (link is external)
By registering, you give us your consent to process the data provided for the regular delivery of the newsletter to the address you specify and for the statistical evaluation of user behavior and the optimization of the newsletter. This consent represents our lawful basis for the processing of your data for the newsletter as defined by Art. 6 para. 1 (a) GDPR.
UNICEF uses what is known as re-targeting technologies on its website. This means that user behavior on the website is analyzed so that users can also be offered advertising tailored to their interests on partner websites. User behavior is captured on a pseudonymized basis.
184.108.40.206. Google Ad and Google Marketing Platform
Google will use this information for the purpose of evaluating the use of the website in order to assess the advertising to be shown, compile reports on website activity and advertising for website operators and provide other services relating to website activity and internet usage. Google may also forward this information to third parties to the extent required by law or if they process this data on behalf of Google. Google will never associate users' IP addresses with any other data held by Google.
Users can prevent re-targeting at any time by rejecting or deactivating the relevant cookies in the menu bar of the web browser (see section 3.5).
More options for deactivating third-party cookies can be found at http://optout.networkadvertising.org/?c=1 (link is external). Please note that this will only block the advertisements loaded by the individual service providers. You can only prevent all personalized advertising by deactivating cookies in your browser.
The lawful basis for the above data processing lies in our legitimate interest in addressing users with personalized advertising within the meaning of Art. 6 para. 1 (f) GDPR. You can object to this processing of your data at any time. The previous section explains how you can do this.
220.127.116.11. Facebook Custom Audience
To offer visitors to our website interest-based advertising when they use Facebook, we use the Custom Audience pixel provided by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. For this, we have implemented a Facebook pixel on our website.
When visiting the social media network Facebook or other websites that employ this procedure, users of this website can also be presented with interest-based advertising (Facebook ads). This pursues our interest in presenting you with advertising that is of relevance to you in order to make our website more attractive to you.
Because of the marketing tools used, your browser automatically sets up a direct connection to Facebook's servers. We have no influence over the scope and further use of the data that is collected by Facebook via this tool, and therefore provide you with the information available to us: through Facebook Custom Audience, Facebook is informed that you have called up the relevant website of our internet offer or have clicked on one of our advertisements. If you are registered for a Facebook service, Facebook can link the visit to your account. Even if you are not registered with Facebook or are not logged in to Facebook, it may be possible for the provider to find out and store your IP address and other identifying features.
You can deactivate the Facebook Custom Audience feature at https://www.facebook.com/settings (link is external).
More information about data processing by Facebook is provided at https://www.facebook.com/about/privacy (link is external).
This data processing is based on our legitimate interest pursuant to Art. 6 para. 1 (f) GDPR. The right of objection or opt-out was referred to above.
3.14. Use of social plug-ins and links to social networks
This website uses social plug-ins of the providers
- Facebook (operator: Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA)
- X – formerly Twitter (operator: Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA)
- Instagram (operator: Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA)
- TikTok (operator: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland)
These plug-ins usually capture your data as a standard procedure and transmit this data to the servers of the relevant provider. To protect your privacy, we have implemented technical measures that ensure your data cannot be captured by the providers of the relevant plug-ins without your consent. When calling up a page with integrated plug-ins, these plug-ins are initially deactivated. The plug-ins are only activated when you click on the relevant symbol, by which action you give your consent that your data may be transmitted to the provider in question. The lawful basis for this data processing lies in your consent pursuant to Art. 6 para. 1 (a) GDPR.
- Facebook: https://www.facebook.com/policy.php
- Twitter: https://help.twitter.com/en/privacy
- Instagram: https://help.instagram.com/155833707900388
- TikTok: https://www.tiktok.com/legal/privacy-policy-eea?lang=de
Our website also provides links to our social media profiles on the following social networks:
- Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA
- Twitter Inc.,1355 Market Street, Suite 900, San Francisco, CA 94103, USA
- Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025
- YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA
- TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland.
If you click on the symbols for these social networks, you are automatically referred to our profile with the network in question. To use the functions of this network, you sometimes have to log into your user account with the network.
If you call up a link to one of our social media profiles, a direct connection is established between your browser and the server of the relevant social network. This sends the information to the network that you visited our website with your IP address and called up the link. If you call up a link to a network while you are logged into your account with this same network, the contents of our pages can be linked to your profile with this network. This means that the network can directly attribute your visit to our website to your user account. If you wish to prevent this, you should log out of your account before clicking on any links. Attribution always takes place if you log into the network in question after clicking on the link.
4. Processing outside the website
4.1. Individual fundraising
Public fundraising affects private donors as well as participants in events. From these people, we collect and process, among others, the customer master data (e.g. address data, phone number, email addresses, relationships) and data on their donor behavior (e.g. donation data, payment data, donation amount, topic/project, date of donation, blocks on establishing contact, contact and donation history). For participants in events, this concerns invitations to and the actual participation in events.
With regard to donation behavior, we use the information available to us to prepare profiles/scorings or features. A feature can be the willingness to donate, for example. No wide-ranging or challenging calculations are carried out when preparing these profiles. This does not concern high-risk profiling.
The data mentioned above is used for the processing of donations and related purposes (e.g. thank-you letters and donation certificates). Our lawful basis for processing this data is the performance of a contract or the provision of a service in accordance with Art. 6 para. 1 (b) GDPR and Art. 31 para. 2 (a) FADP. In this context, the data is also used for donation reporting (assessments, profiling, channel selection, delivery and establishment of contact). The lawful basis in this case is our legitimate interest pursuant to Art. 6 para. 1 (f) GDPR and Art. 31 para. 1 FADP. We also have a legitimate interest in maintaining our address database.
In addition, the data is used for marketing purposes, in particular for generating donations and ensuring donor loyalty. Communication takes place via a number of channels (post, telephone, email, SMS or direct communication during street fundraising campaigns). Our lawful basis for email delivery lies in your consent pursuant to Art. 6 para. 1 (a) GDPR and Art. 31 para. 1 FADP, and for the other marketing measures in our legitimate interest pursuant to Art. 6 para. 1 (f) GDPR and Art. 31 para. 1 FADP. You can object to the latter marketing measures at any time.
This data comes from various sources. Some of the data is collected directly from the data subject. However, we also receive some customer master data and features from third-party sources, including address brokers, telephone directory matching and the web service of the post office for address matching. We obtain phone numbers for telephone marketing from DialogWorld AG in St. Gallen.
We forward this data to third parties who process such data on our behalf. These third parties include:
- KünzlerBachmann Directmarketing AG, Zürcherstrasse 601, 9015 St. Gallen: letter shop for sending out bulk mailshots
- gadPlus AG, Eckweg 8, 2504 Bienne: letter shop
- Post CH AG, Wankdorfallee 4, 3030 Bern: delivery of postal mailshots; web service for address updates
- Corris AG / Lazoona LTD, Hardturmstrasse 261, 8005 Zurich: recording of contact and donation data during fundraising campaigns, measures to promote donor loyalty and processing of direct debits, analyses of donor behavior
- DialogWorld AG, Fürstenlandstrasse 35, 9001 St. Gallen: telephone marketing, supply of phone numbers, call statistics
- Wesser und Partner, Stansstaderstrasse 88, 6370 Stans: recording of contact and donation data during fundraising campaigns, measures to promote donor loyalty, and analyses of donor behavior
4.2. Partnerships & philanthropy
In addition to private donors, UNICEF also processes the data of large donors, foundations and company donors. The address data and donation revenue from these donors are collected and processed. This data is processed for the purpose of recruiting donors, processing donations and reporting on donations. Various communication channels are used for donor recruitment (post, email, telephone). Our lawful basis for the processing of this data lies in the performance of a contract pursuant to Art. 6 para. 1 (b) GDPR (processing of the donation) or in our legitimate interest pursuant to Art. 6 para. 1 (f) GDPR (e.g. if the address data is collected from public foundation directories or if we collect contact data at events; address maintenance is also a legitimate interest). For the delivery of emails and the related procurement of email addresses, our lawful basis is consent provided in the sense of Art. 6 para. 1 (a) GDPR and, for existing donors, a legitimate interest pursuant to Art. 6 para. 1 (f) GDPR. The consent can be revoked at any time. Objection to communication via other channels can also be raised at any time.
In addition to the donor data, we also collect and process the data of the buyers and sellers of our products (e.g. our Christmas card sets). We collect and process this data to handle the purchase transactions. Our lawful basis for processing this data is the performance of a contract in the sense of Art. 6 para. 1 (b) GDPR.
We collect the aforementioned data either directly from the persons concerned, from public directories (e.g. foundation directories) or on the basis of publicly available information such as Wealth-X (UK) Limited, 4 Bouverie Street, London, England, EC4Y8AX.
4.3. Participation in competitions
If you take part in a competition, we collect the data that is needed for the execution of the competition. This is usually your name and contact data. We sometimes have to pass your data to our competition partners, e.g. so that they can send your prize to you. Participation in the competition and the related collection of data is always voluntary.
Our lawful basis for processing this data lies in the performance of a contract (participation in a competition) in the sense of Art. 6 para. 1 (b) GDPR.
You can send your job application to us electronically, in particular via email. We will naturally only use your information to process your application and will never forward this data to third parties. Please note that unencrypted emails are not protected against unauthorized access.
Your personal data is immediately erased at the end of the application procedure or after a maximum of six months, unless you have given us your explicit consent to store your data for a longer period or a contract has been concluded.
Our lawful basis for the processing of this data lies in the completion of the application procedure as defined in Art. 6 para. 1 (b) GDPR as well as in your consent pursuant to Art. 6 para. 1 (a) GDPR.
You can register with us if you wish to participate in specific UNICEF campaigns. When you register, we collect and store your data that is required for the campaign in question. We use the data provided by you exclusively for carrying out the registration process to allow you to participate in the campaign.
Our lawful basis for processing this data lies in the provision of services requested by you in the sense of Art. 6 para. 1 (b) GDPR.
4.6. Personal data of suppliers
In addition to the processing of data relating to donations, UNICEF also works with companies that are not involved in the donation business. These include the suppliers of different goods and services.
In this context, UNICEF collects and processes the addresses, contract data and names of the contact persons. The purpose of the data collection and processing is the execution of orders. Our lawful basis is therefore the performance of a contract as defined in Art. 6 para. 1 (b) GDPR.
We process personal data of delegates for UNICEF as a legally organized association. The data is used exclusively for the relevant purposes.
In this context UNICEF collects and processes the addresses, names and roles of the delegates. The collection and processing of the data serve UNICEF as a legally organized association. Our lawful basis is therefore the performance of a contract as defined in Art. 6 para. 1 (b) GDPR.
5. General provisions
5.1. Storage in central databases
The aforementioned data is stored in central databases. The data is stored by data category in different databases.
The following are worth mentioning:
- Dialog Master (DialogWorld AG): Donor master data and data concerning donation behavior in the context of telephone marketing and donations is stored here. Call statistics are also stored here. The system is hosted by Amazon in Ireland.
- Salesforce: Storage of data pertaining to private and institutional donors with the help of FinDock as payment platform, online marketing (e.g. click rates and other evaluation data from email marketing) and the suppliers and buyers of our products. Salesforce is the central CRM system of UNICEF. UNICEF uses different products provided by Salesforce, such as the Salesforce Marketing Cloud. The system is hosted on servers of Salesforce in Frankfurt, Germany.
- Wikando: For P2P events hosted by third parties, UNICEF uses the Fundraisingbox program offered by Wikando GmbH, Schiessgrabenstrasse 31, 86150 Augsburg, Germany. There is an interface between Fundraisingbox and Salesforce.
5.2. Passing on of data to third parties
In the context of our business activities and purposes we also disclose personal data to third parties if this is permitted, if you have given us your consent, if there is a legal obligation to do so, if this is required in order to enforce rights and claims, and if it seems appropriate to us to do so, either because they process this data for us or collect the data for their own purposes. This applies to the following in particular:
- Service providers mandated by us to process your data (e.g. banks, insurance companies, debt collection companies, printers, distribution partners, logistics companies, IT service providers and payment platforms such as FinDock)
- Government authorities, offices or courts
- UNICEF International scrutinizes some donor data more carefully.
We also forward the personal data of users to third parties if this is required for the use of the website and for responding to questions, processing queries or providing services requested by the user. Data forwarded to third parties may only be used for the identified purposes.
For online marketing, we work with the agency MD Systems GmbH, Hermetschloostrasse 77, 8048 Zurich.
We use different providers of payment services for the processing of payments who are always identified by name. As they receive your orders directly, they are the recipients of your personal data collected in connection with the payment transaction. This data is only stored for the purpose of processing the payment and for the duration of the processing of the transaction.
5.3. Acquisition of data
We can update or supplement your data by using databases of third-party providers. We can also obtain personal data from third parties and add this data to our donor database.
5.4 Updating of addresses
When we receive notice that an address (email or postal address) is no longer valid, we proceed as follows:
- If our registered contact is a company, we use the contact data of the successor with the same position in the company.
- If our registered contact is a private individual and we are unable to find a new address, the data set is deleted, unless there are other reasons for further processing in accordance with this section.
5.5. Transmission of personal data abroad
We are authorized to forward the personal data of users to third-party companies and service providers abroad if needed for the purposes listed in section 5.2. In doing so, we always comply with the statutory provisions regarding the forwarding of personal data to third parties.
These third parties are obligated to ensure data protection to the same extent as we ourselves. If the level of data protection in a country does not correspond to the data protection legislation in Switzerland or Europe, we contractually ensure that the personal data enjoys the same level of protection as in Switzerland or the European Economic Area (EEA) at all times.
5.6. Right of access, rectification, erasure and limitation of processing; right to data portability; right of appeal to a supervisory authority
You have the right to request information about the personal data we store about you free of charge. In addition, you have the right to demand the rectification of incorrect data and the deletion of your personal data, insofar as this does not contravene legal storage obligations or permission to process the data.
You also have the right to demand that we return the data you have provided to us (right to data portability). Upon request, we will also forward the data to a third party of your choice. You have the right to receive the data in a common file format.
You can reach us for the aforementioned purposes via the email address datenschutz(at)unicef.ch. We may, at our discretion, require proof of your identity before processing your requests.
You also have the right to complain to a data privacy supervisory authority at any time.
5.7. Storage of data
We only store personal data for as long as required to use the above tracking services and carry out further processing in the context of our legitimate interest. Contract data will be stored by us for a longer period as this is prescribed by statutory storage obligations. Obligations to preserve records that compel us to store data arise from accounting principles and tax law. According to these regulations, business communication, concluded contracts and accounting vouchers must be kept for up to ten years. If we no longer need this data to provide the services to you, the data will be blocked. This means that the data may then only be used for accounting and tax purposes. For technical reasons, we also reserve the right to store your data on backup media although we have erased them from our active systems.
5.8. Information for minors
Persons who subscribe to the UNICEF newsletter should be aware of the consequences of the collection, processing and storage of their personal data and understand the importance of data processing and storage. Children or young people who are uncertain about this should involve their parents and ask for their permission to subscribe to the UNICEF newsletter.
Children younger than 14 or those who do not completely understand the importance of the collection, processing and storage of their personal data may not subscribe to the newsletter without the consent of their parents.
We collect and process data relating to children that is provided to us voluntarily during donation campaigns. Children can register with the Children's Club and will receive a brochure on certain topics important to UNICEF by post.
The processing of the data of children is based on the voluntary provision of data and consent pursuant to Art. 6 para. 1 (a) GDPR. The consent can be revoked at any time.
Safety for children
As a Children's Fund, UNICEF attaches the greatest importance to the safety of children who use the internet. Please read the following information carefully:
General risks, safety measures
Please note that illegal content relating to pornography, racism, terrorism and many other topics can be called up easily on the internet. You should therefore only allow children younger than 16 years (subject to higher age limits under the law) to access the internet under supervision or after giving them the explanations they need. Help your child to learn how to handle this medium competently. Regularly surf the internet together with your child and assess any new sites.
Set up two email addresses for your child: one for the personal exchange of emails with persons they know and one for new internet contacts that you monitor yourself.
Make sure that your child
- Does not reveal their name, address, personal email address or phone number to anyone they meet online;
- Shows you all forms in which they provide personal data;
- Shows you websites that make them feel uncomfortable;
- Is accompanied by an adult the first time they want to meet someone they met online;
- Does not reply to advertising emails and chain letters.
Duty of supervision
Please remember that your children could also potentially publish or disseminate illegal content on the internet. Children are also often prone to the temptation to hack into protected areas and systems and/or to damage or temporarily render them unusable. As a general rule, you as the parent can be held liable for any resulting damage.