As of: July 2018
Data protection is top priority at UNICEF!
We know that the careful handling of your personal information is important to you. That’s why we appreciate your trust that UNICEF conscientiously handles this information.
Below we inform about the collection of personal data when using our website. Personal data is any data personally available to you, e.g. Name, address, e-mail addresses, user behaviour. We have taken extensive technical and operational protection measures to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security procedures are regularly reviewed and adapted to technological progress.
1. Responsible for data processing
Responsible acc. Article 4 (7) of the EU General Data Protection Regulation (GDPR) is:
Committee for UNICEF Switzerland and Liechtenstein
Phone: +41 (0) 44 317 22 66
2. Contact of the Data Protection Officer
You can reach our data protection officer at data_protection(at)unicef.ch or at our postal address with the addition «the data protection officer».
3. Data processing via the website www.unicef.ch
3.1. When visiting our website
When visiting the website, the server temporarily stores each access in a log file. Until automated deletion, the IP address of the requesting computer, the date and time of access, the name and URL of the retrieved file, the web page from which the access was made, automatically become the operating system of the computer used by the user and the browser used by the user and the country from which the user accessed.
The collection and processing of this data is generally done anonymously without personal reference for the purpose of enabling the use of the website (connection establishment), to ensure the long-term security and stability of the system and to optimize the internet offer, as well as for internal statistical purposes. The above-mentioned information is not linked or stored with personal data.
Only in case of an attack on the network infrastructure of UNICEF or in case of suspicion of another unauthorized or improper use of the website, the IP address will be evaluated for clarification and defence and, where appropriate, in criminal proceedings for identification and civil and criminal proceedings against the used by the relevant user.
In the aforementioned purposes, our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.
3.2. When using the contact form
When you contact us by e-mail or through a contact form, the information you provide (your e-mail address, your name and telephone number if applicable) will be stored by us to answer your questions.
When contacting via contact form the following data are requested:
- First and last name*
- Street / No.*
- Birth date
- Customer No.
- E-mail address*
The information marked with * must be specified.
If we use our contact form to request entries that are not required for contacting us, we have always marked these as optional. This information serves to concretize your request and to improve the handling of your request. A statement of this information is expressly provided on a voluntary basis. As far as this information about communication channels (eg e-mail address, telephone number), we may also contact you via this communication channel to answer your request.
We use this information to answer the questions you have asked or to provide the services you request. In processing your contact request, our legitimate interest within the meaning of Art. 6 para. 1 lit. f EU-GDPR. You can object to this data processing at any time.
3.3. With a donation or assumption of a sponsorship
You can donate on our website directly for various projects or sponsorships.
For this we ask the following data:
- First and last name*
- Company donation
- Street / No.*
- E-mail address*
- Donation amount and frequency*
- Payment method*
The information marked with * must be specified.
We use this data to carry out your desired donation or sponsorship. Our legal basis is the fulfilment of a contract you have requested or the provision of a service requested by you within the meaning of Art. 6 para. 1 lit. b GDPR.
3.4. When shopping in our shop
You have the opportunity to buy products online in our online shop on the website.
When shopping in the shop we ask the following data:
- First and last name*
- Companies Donate
- Street / No.*
- E-mail address*
- Payment method and payment information*
The information marked with * must be specified.
In connection with your orders in the online shop, with the processing of your orders and the provision of the services you require, we also collect, store and process the following data:
- Information about the ordered products
- Information about the ordered services
- Data on your order, shopping and payment behaviour
Cookies help in many ways to make your visit to our website easier, enjoyable and meaningful. Cookies are information files that your web browser automatically saves to your computer’s hard drive when you visit our website. Cookies neither damage the hard disk of your computer nor are personal data of the user transmitted to us by these cookies.
Most internet browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a note always appears when you receive a new cookie. Disabling cookies may mean that you can not use all features of our website.
Information on disabling cookies can be found at the following links:
- Microsoft Edge: https://privacy.microsoft.com/en-US/windows-10-microsoft-edge-and-privacy
- Internet Explorer ™: http://windows.microsoft.com/en-US/windows-vista/Block-or-allow-cookies
- Safari ™: https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471
- Chrome ™: http://support.google.com/chrome/bin/answer.py?hl=en&hlrm=en&answer=95647
- Firefox ™: https://support.mozilla.org/en/kb/cookies-allow-and-dispose
- Opera ™: http://help.opera.com/Windows/10.20/en/cookies.html
3.6. Google Analytics
For the purpose of customizing and continually optimizing our pages, we use the Google Analytics web analytics service provided by Google LLC, a company of the holding company Alphabet Inc. In this context, pseudonymised usage profiles and small text files stored on your computer are created («Cookies»). The information generated by the cookie about your use of our websites such as
- Browser type / version
- Operating system used
- Referrer URL (the previously visited page)
- Host name of the accessing computer (IP address)
- Time of the server request
are transmitted to Google servers in the US and stored there. The IP address will be shortened by activating the IP anonymization («anonymizeIP») on our web pages prior to transmission within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area or Switzerland. The anonymized IP address provided by Google Analytics as part of Google Analytics will not be merged with other Google data. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. In these cases, we provide contractual guarantees to ensure that Google maintains a sufficient level of data protection.
The information is used to evaluate the use of our websites, to compile reports on website activity, and to provide other services related to website activity and internet usage for the purpose of market research and customization of these websites. This information may also be transferred to third parties if required by law or if third parties process this data in the order. According to Google Inc., the IP address will in no case be associated with other data concerning the user.
Users can prevent the collection of the data (including the IP address) generated by the cookie and related to the website use by the respective user to Google as well as the processing of this data by Google by the user using the browser plug-in available under the following link Download and install: https://tools.google.com/dlpage/gaoptout
The legal basis for this data processing lies in our legitimate interest in the optimization of our website and in the improvement of our services within the meaning of Art. 6 para. 1 lit. f GDPR. You can object to this data processing at any time. How to do this has been shown in the preceding paragraph.
For the sake of completeness, we note that under US legislation, the US authorities may carry out surveillance measures that allow the general storage of all data transferred from the European Union to the US. This is done without distinction, restriction or exclusion based on the objective pursued and without objective criteria that would allow the US authorities to access personal data and its subsequent use for specific, strictly limited purposes that would justify access to that data to restrict.
For users residing in EU Member States, we point out that, from the point of view of the European Union, the US does not have sufficient data protection levels, partly because of the topics mentioned in this section. To the extent we have explained in this privacy statement that recipients of data (such as Google) are based in the US, we will either be governed by contractual arrangements with these companies or by ensuring their certification under the EU US Privacy Shield Make sure that your data is protected at an appropriate level by our partners.
3.7. Google Tag Manager
3.8. Processing personal data for marketing purposes
On various pages of the website you will find a link to subscribe to our newsletter. You can reach this via the link to the newsletter entry mask. The following data is requested there:
- First and last name*
- E-mail address*
The information marked with * must be specified.
We will use your data for newsletter delivery until you withdraw your consent. You can revoke your consent at any time. In addition, you will find a unsubscribe link in all newsletter emails.
Please note that we contact our e-mail addresses for which we have a declaration of consent and which cannot be assigned to a specific person without any doubt (e.g. «info@» addresses or addresses used by families) until our newsletter is revoked to ship. If any of the users of this e-mail address revoke their consent to the newsletter, we will no longer send newsletters to this address.
To send our newsletter, we use services provided by Salsa Labs, 7200 Wisconsin Ave Suite 200, Bethesda, MD 20814, USA. The data is hosted on a server in the Netherlands.
Our newsletter may contain a so-called web beacon (counting pixel) or similar technical means. A web beacon is a 1 x 1 pixel, non-visible graphic that is related to the user ID of each newsletter subscriber.
For each newsletter sent, there is information about the address file used, the subject and the number of sent newsletters. In addition, it can be seen which addresses have not yet received the newsletter, to which address was sent and at which addresses the delivery failed. It is also clear which addresses have opened the newsletter. Last but not least the information, which addresses took place. We use this data for statistical purposes and to optimize the content and structure of the newsletter. This allows us to better align the information and offers in our newsletter with the individual interests of the recipients. The counting pixel is deleted when you delete the newsletter.
In order to stop the use of the Web Beacon in our newsletter, please, if this is not already the case by default, set your mail program so that no HTML is displayed in messages. On the following pages you will find explanations on how to make this setting for the most common e-mail programs.
- Microsoft Outlook: https://support.microsoft.com/en-ch/help/831607/how-to-view-all-e-mail-messages-in-plain-text-format
- Mail for Mac («Download Remote Content to Messages»): https://support.apple.com/en-ch/guide/mail/cpmlprefview/mac
By registering, you give us your consent to process the data provided for the regular sending of the newsletter to the address you have specified and for the statistical evaluation of the user behaviour and the optimization of the newsletter. This consent constitutes, within the meaning of Art. 6 para. 1 lit. a GDPR is our legal basis for the processing of data for the newsletter.
18.104.22.168. Google Ad Manager and Google Marketing Platform
UNICEF uses so-called re-targeting technologies on the website. Here, the user behavior is analyzed on the website, in order to be able to offer the user customized advertising tailored to the user on partner websites. User behavior is recorded pseudonymically.
Google will use this information for the purpose of evaluating the use of the website in relation to the advertisements to be displayed, compiling reports on the website activities and advertisements for the website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties, if required by law or as far as third parties process this data on behalf of Google. However, Google will never associate the IP address of users with other data provided by Google.
Users can prevent re-targeting at any time by rejecting or disabling cookies in the menu bar of the web browser (see section 3.5 above).
For more ways to disable third-party cookies, visit http://optout.networkadvertising.org/?c=1. We point out that this only blocks the advertisements displayed by the individual service provider. Overall, you can opt out of personalized advertising only by disabling cookies in your browser.
The legal basis for the aforementioned data processing is our legitimate interest in a personalized advertising in the sense of Art. 6 para. 1 lit. f GDPR. You can object to this data processing at any time. How to do this has been shown in the preceding paragraph.
22.214.171.124. Facebook Custom Audience
To show interest-based ads to visitors to our site while visiting Facebook, we use «Custom Audiences Pixel» from Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. We have implemented a pixel of Facebook on our websites.
As a result, users of the website may be shown interest-based advertisements («Facebook Ads») as part of their visit to the social network Facebook or other websites that also use the procedure. We are interested in showing you advertisements of interest to you in order to make our website more interesting to you.
Due to the marketing tools used, your browser automatically establishes a direct connection to the Facebook server. We have no control over the extent and the further use of the data, which are raised by the use of this tool by Facebook, and inform you therefore according to our knowledge level: By the integration of Facebook Custom Audiences Facebook receives the information that you have the appropriate website on our website or have clicked on an ad from us. If you are registered with a service of Facebook, Facebook can assign the visit to your account. Even if you are not registered with Facebook or have not logged in, there is a possibility that the provider will find out and store your IP address and other identifying features.
The deactivation of the function «Facebook Custom Audiences» is available at https://www.facebook.com/settings.
For more information about data processing through Facebook, please visit https://www.facebook.com/about/privacy.
We rely on a legitimate interest in this data processing in accordance with Art. 6 para. 1 lit. f GDPR. The possibility of contradiction or the opt-out was pointed out above.
3.9. Use of social plugins and links to social networks
This website uses social plugins of the providers
- Facebook (Operator: Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA)
- Twitter (Operator: Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA)
- Instagram (Operator: Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA)
Normally, these plugins collect data from you and send it to the servers of the respective provider. To protect your privacy, we have taken technical measures to ensure that your information can not be collected by the providers of the plug-in without your consent. When calling a page on which the plugins are integrated, these are initially deactivated. Only with a click on the respective symbol, the plugins are activated and you give your consent that your data will be transmitted to the respective provider. Our legal basis for this data processing therefore consists in your consent in accordance with Art. 6 para. 1 lit. a GDPR.
- Facebook: https://www.facebook.com/policy.php
- Twitter: https://twitter.com/privacy/
- Instagram: https://help.instagram.com/155833707900388
On our website, we have also incorporated links to our social media profiles on the following social networks:
- Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA
- Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, United States
- Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025
- YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA
If you click on the relevant social network icons, you will be automatically redirected to our profile on the relevant network. In order to use the functions of the relevant network there, you must partially log in to your user account for the relevant network.
When you open a link to one of our social media profiles, a direct connection is established between your browser and the server of that social network. This gives the network the information that you have visited our website with your IP address and called up the link. If you access a link to a network while logged in to your account on the relevant network, the contents of our page may be linked to your profile in the network, which means that the network can link your visit to our website directly to your user account. If you want to prevent this, you should log out before clicking on the appropriate links. An assignment takes place in any case when you log in to the relevant network after pressing the link.
4. Processes outside the website
4.1. Public Fundraising
Public fundraising involves private donors as well as participants in events. Amongst these persons we collect and process among other things the customer master data (e.g., address data, telephone number, e-mail addresses, relationships) and donation behaviour data (e.g., donor data, payment data, donation amount, subject / project, donation date, contact closures, contact history, and donation history). Participants in events are invitations and effective participation in events.
In connection with donation behaviour, we create profiles / scorings or characteristics based on the information available to us. A feature may e.g. to be charitable. When creating the profiles, no comprehensive or sophisticated calculations are made. These are not personality profiles.
The above-mentioned data are used for donation and related purposes (e.g., rewards and donation certificates). Our legal basis for this processing is the performance of a contract or the provision of a service within the meaning of Art. 6 para. 1 lit. b GDPR. In this context, the data is also used for donation reporting (evaluations, profiling, channel selection, shipping or contacting). Our legal basis here lies in the legitimate interest according to Art. 6 para. 1 lit. f GDPR. In addition, there is a legitimate interest in maintaining the address master.
The data is also used for marketing purposes, in particular the generation of donations and donor loyalty. Communication takes place via various channels (post, telephone, e-mail, SMS or even direct contact with street fundraising). Our legal basis here lies in sending emails with your consent in accordance with Art. 6 para. 1 lit. a GDPR (see also section 3.8.1), in the case of the other marketing measures in our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. You can contradict the latter marketing measures at any time.
The origin of the aforementioned data varies. Partly we obtain the data directly from the person concerned. However, we receive certain customer master data as well as features from third party sources. These third-party sources are address brokers, directory reconciliation, Corris AG / street fundraising and Post’s web service for address matching. Telephone numbers for telephone marketing are obtained from MS Direct AG in miles.
We will pass on the aforementioned data to third parties if they process the data on our behalf. The third parties are:
- KünzlerBachmann Directmarketing AG, St. Gallen: Letter shop for handling mailings
- gadPlus AG, Biel: Letter shop
- Post Switzerland: Sending postal mailings; web service for updating the address
- Corris AG, Zurich: Recording of contact and donation data during fundraising, measures for donor loyalty and settlement of LSV collection, evaluations of donation behaviour
- MS Direct AG, miles: Telemarketing, phone number delivery, call statistics
4.2. Institutional Fundraising
In addition to private donors, UNICEF also processes data from major donors, foundations and corporate donors. These donors collect and process the address data as well as the donation revenues. These data are processed for donor acquisition and fundraising as well as for donation reporting. Donors are contacted via various channels (by post, by e-mail, by telephone). Our legal basis for processing this data lies in the execution of a contract pursuant to Art. 6 para. 1 lit. b GDPR (implementation of the donation) or in our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR (for example, if the address data are obtained from public directories or if we receive contact information at events, and address maintenance is also a legitimate interest). For the sending of e-mails and the related procurement of the e-mail addresses, we rely on a consent within the meaning of Art. 6 para. 1 lit. a GDPR and, in the case of existing donors, a legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. The consent can be revoked at any time. Communication via other channels can also be denied at any time.
In addition to the donor data, we also collect and process data from buyers and resellers of our products (such as our Christmas card sets). We procure and process this data to process the purchases. Our legal basis for this data processing therefore lies in the fulfilment of a contract within the meaning of Art. 6 para. 1 lit. b GDPR.
We obtain the aforementioned data either directly from the data subjects or through public directories (for example, directories).
4.3. Participation in sweepstakes
If you participate in sweepstakes, we will collect data necessary to conduct the Sweepstakes. These are usually name and contact details. It may be that we pass on your data to our raffle partners, e.g. to give you the profit. The participation in the raffle and the associated data collection is of course voluntary.
Our legal basis for these data processing lies in the fulfilment of a contract (participation in the competition) in accordance with Art. 6 para. 1 lit. b GDPR.
You can apply electronically, especially via e-mail, with us. Of course, we will use your details exclusively for the processing of your application and will not pass them on to third parties. Please note that unencrypted e-mails are not transmitted protected against access.
Your personal data will be deleted immediately after completing the application process, or after a maximum of 6 months, unless you have explicitly given us your consent for a longer storage of your data or it has come to a contract.
Our legal basis for this data processing is the implementation of the application process within the meaning of Art. 6 para. 1 lit. b GDPR or in your consent pursuant to Art. 6 para. 1 lit. a GDPR.
You have the opportunity to register with us for specific actions to participate in these UNICEF actions. For the registration we collect and save from you the data required for the respective action. We use your data only to complete the registration so you can participate in the promotion.
Our legal basis for this processing of data lies in the provision of the services you request in accordance with Art. 6 para. 1 lit. b GDPR.
4.6. Personal data of suppliers
In addition to donation-related data processing, UNICEF also works with non-donor-related companies. These are suppliers of different goods and services.
In this context, UNICEF procures and processes the addresses and contract data as well as the name of the contact person. The purpose of the data acquisition and processing is the processing of orders. Our legal basis therefore lies in the fulfilment of a contract within the meaning of Art. 6 para. 1 lit. b GDPR.
5. General provisions
5.1. Storage in central databases
The aforementioned data are stored in central databases. Depending on the data category, the data is stored in different databases.
These include the following databases:
- Dialog Master (MS Direct): Here the donor master data and data on donation behavior are stored in connection with telephone marketing and donations. The call statistics are also stored here. The system is hosted by Amazon in Ireland.
- Funtrade: Storage of data from private and institutional donors as well as suppliers and buyers of our products. Funtrade is the central CRM system of UNICEF. This system is hosted on UNICEF servers in Switzerland.
- Salsa: Salsa is the online CRM. Salsa stores the data from online marketing, e.g. Click rates and other evaluation data from email marketing. There is an interface between Salsa and Funtrade. Also in salsa, data from P2P events by third parties, e.g. from sponsored runs, saved. This system is operated by Salsa Labs, 7200 Wisconsin Ave Suite 200, Bethesda, MD 20814, USA and hosted in the Netherlands.
5.2. Passing on the data to third parties
We only pass on personal data from users if the user has expressly consented to this, if there is a legal obligation to do so or if this is necessary for us to assert our rights and claims.
In addition, we disclose personal data from users to third parties, as far as this is necessary in the context of the use of the website and the answering of questions, the processing of inquiries or for the provision of services requested by the user. The use of this data by the third parties is strictly limited to the purposes mentioned.
In connection with online marketing, we cooperate with the agency Kampaweb, Hermetschloostrasse 70, 8048 Zurich. In addition, we work together with Arenae, Freiestrasse 18, 8032 Zurich, in connection with the CRM system Fundtrade. Arenae has developed the CRM system and now provides support and maintenance services. For remarketing on our website we cooperate with the agency Webrepublic AG, Bederstrasse 49, 8002 Zurich. For P2P actions, e.g. CYCLING FOR CHILDREN, we also work together with the agency Datasport AG, Bolacker 1, 4563 Gerlafingen.
For payment, we use various payment service providers, which are always identified and directly accept your entries and thus are recipients of your personal data collected in connection with the payment process. The storage for the purpose of payment is made for the duration of the payment.
5.3. Transfer of personal data abroad
We may also transfer personal information from users to third party companies and service providers abroad, if required for the purposes set out in Section 5.2 above. Of course, the legal regulations for the transfer of personal data to third parties are complied with.
These third parties are obliged to the same extent as we ourselves for data protection. If the level of data protection in a country does not comply with Swiss or EU data protection law, we contractually ensure that the protection of personal data at all times corresponds to that in Switzerland or the European Economic Area (EEA).
5.4. Right to information, rectification, erasure and restriction of processing; Right to data portability; Right to complain to supervisory authority
You have the right to receive information about the personal data that we store about you free of charge upon request. In addition, you have the right to correct inaccurate data and the right to delete your personal data, as far as there is no legal duty to retain or a permit that allows us to process the data.
You also have the right to reclaim from us the data that you have given us (right to data portability). On request, we also pass the data on to a third party of your choice. You have the right to receive the data in a common file format.
You can reach us for the aforementioned purposes via the e-mail address data_protection(at)unicef.ch. We may, at our sole discretion, require proof of identity to process your requests.
You also have the right to complain to a data protection supervisory authority at any time.
5.5. Data security
We use appropriate technical and organizational security measures to protect your personal data stored against us against manipulation, partial or total loss and against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
We also take corporate privacy very seriously. Our employees and the service companies commissioned by us have been obliged by us to secrecy and to comply with data protection regulations.
5.6. Storage of the data
We retain personal information only for as long as necessary to use the above tracking services and other processing within the scope of our legitimate interest. Contract data will be kept longer by us, as this is required by legal storage obligations. Retention requirements that oblige us to retain data arise from accounting and tax regulations. According to these regulations, business communication, closed contracts and accounting documents must be kept for up to 10 years. If we no longer need this data to perform the services for you, the data will be blocked. This means that the data may then only be used for accounting purposes and for tax purposes.
5.7. Information for minors
Anyone who signs up for the UNICEF Newsletter must be aware of the consequences of collecting, processing and storing their personal data and understand the importance of data processing and storage. Children or adolescents who are unsure of this should include their parents and ask them if they agree to sign up for the UNICEF Newsletter.
Anyone under the age of 14 or who does not fully understand the meaning of the collection, processing and storage of their personal data may not register.
We collect and process data from children if they are voluntarily provided to us during collection campaigns. The children can sign up for the children’s club. In this case you will receive a booklet by post for specific topics of importance to UNICEF.
The processing of the data of children takes place with the voluntary transfer of data and thus with their consent in accordance with Art. 6 para. 1 lit. a GDPR. The consent can be revoked at any time.
Safety for children
UNICEF is particularly concerned about the safety of children using the Internet. Please read the following notes carefully:
General risks, protective measures
Please note that unlawful content from pornography, racism, terrorism and much more can easily be accessed via the internet. You should therefore children under 16 years (subject to even higher statutory age limits) unattended access to the Internet or allow only with appropriate education. Help your child learn to handle the medium competently. Surf often with your child and rate the new pages.
Set up two e-mail addresses for your child: one for intimate, personal communication with people you know and one for new Internet contacts whose mailbox you are looking through.
Make sure that your children
- don’t pass on their name, address, personal e-mail address or phone number to people they meet online;
- show you the forms where they provide personal information;
- show you web pages that seem disturbing to them;
- if they want to meet someone they met online, the first time they go with an adult;
- don’t answer advertising e-mails and chain letters.
Please keep in mind that your children may also publish or redistribute illegal content on the Internet. Children are also often subject to the playful temptation to invade and/or damage protected areas and systems or render them temporarily unusable. As a rule, you can be held liable as a parent for the resulting damage.