Preamble
The purpose of this Privacy Policy is to inform you regarding data security, the processing of data in connection with the use of our websites and your rights with regard to the processing of data. The Institute of Business Sustainability (hereinafter ‘IBS’, as well as ‘we’ and ‘us’) feels exceptionally committed to the protection of personal data.
This Privacy Policy is subject to Swiss law. In areas where the IBS performs no sovereign functions, the Federal Law on Data Protection (DSG) applies. Where applicable, the provisions of the European Union (EU) are taken into consideration, especially the EU General Data Protection Regulation (GDPR).
The purpose of this Privacy Policy is to inform you regarding data security, the processing of data in connection with the use of our websites and your rights with regard to the processing of data.
1. Scope
The IBS collects and processes personal data primarily for educational, research, administrative or similar purposes. This Privacy Policy applies exclusively to the protection of personal data in connection with our websites, and not to the processing of personal data, for example, in the context of study or further education at the IBS.
The Privacy Policy therefore applies to all websites that are available under certificate-business-sustainability-cas.ch and its subdomains and that are hosted on the systems managed by the IT department. These internet sites may have their own privacy policies. If they do, this policy shall apply on a subsidiary basis.
In some cases, the IBS refers to third-party websites as part of its online presence. The IBS accepts no liability for any legal deficiencies (regarding data protection) on such websites.
2. Responsible parties and contact persons
Unless otherwise specified individually, the party responsible for the data processing described here is:
The Institute for Business Sustainability IBS
Alpenquai 22, CH-6005 Lucerne
Switzerland
E-Mail katrin@theibs.net
3. Type, collection and processing of personal data
Personal data means all information relating to a specific or identifiable person.
Within the scope of its online presence, the IBS collects data via various online forms, e.g. for enrolment in a degree course, for ordering documents or for registering to receive newsletters. In addition, your use of our website causes our system to generate data that may enable you to be identified (log files and cookies).
In particular, the collection and processing of personal data is carried out by yourself by voluntarily filling out online forms. The log files and cookies are generated without your active involvement.
4. Purpose and legal basis of data processing
When collecting and processing personal data, we comply with the legal requirements of the applicable data protection laws.
The data you voluntarily disclose is made available for the evident or declared purpose for which it was collected. The data generated without your involvement is intended to make our website (cookies) more convenient for you to use or to enable reliable operation and to protect against misuse (log files).
With regard to the provisions of the GDPR in particular, data processing by the IBS is fundamentally based on a statutory legal basis. Therefore, we only process personal data in the following cases:
- If legal regulations require us to;
- If the processing is in the public interest;
- If we have the consent of the person concerned. Once consent is granted, it can be revoked at any time, but this has no effect on data already processed;
- If this is necessary to fulfil a contractual obligation with the person concerned or to initiate and conclude a contract with the person concerned;
- If this is essential to protect the vital interests of the person concerned or another natural person;
- If this serves to safeguard the legitimate interests of the or third parties.
5. Duration of storage of personal data
As soon as the legal reason for processing specific data ceases or the collected data no longer serve the specific purpose, the data is deleted, provided that the deletion does not conflict with legal or contractual obligations. (cf. section 6).
Web-related personal data is stored as follows:
- Data in teampages: As long as the person is employed at the IBS.
- Data in galleries created by the CMS author: As long as the person is not actively deleted.
- Data in web forms: As long as the CMS author does not actively delete the list of sent forms.
- Data from Google Analytics: As long as the Analytics account exists or an admin does not delete all the data.
- Data for specially closed areas with login (very few): As long as the CMS admin does not delete the created users.
6. Rights of persons affected by data processing
You have certain rights with regard to your personal data in the context of the applicable data protection law and insofar as provided therein. Namely, you have a right to
- Information, in particular whether your personal data is processed by us and, if so, what kind of data is involved and what data is stored.
- Correction and, if necessary, completion of your personal data.
- Deletion of your personal data.
- Restriction of data processing.
- Objection to data processing.
- Withdrawal of previously granted consent.
Please note that we reserve the right, for our part, to enforce the statutory restrictions, for example, if we are required to retain or process certain data, have an overriding interest in doing so (insofar as we are entitled to invoke it) or require it for the assertion of claims. If you incur costs, we will inform you in advance.
To exercise the rights listed above you are generally required to unequivocally prove your identity (for example, by providing a copy of your ID in cases where your identity is otherwise unclear or cannot be verified). To assert your rights, you can contact us using the contact details provided in section 2.
7. Obligation to provide personal information
You generally have no legal obligation to provide us with data when visiting our website. However, we wish to point out that the website cannot be used unless certain information (such as IP address) is disclosed in order to safeguard the data traffic.
8. General data collection (log files)
Our websites collect a series of data with each query. This general data and information is stored in the log files. The following data is collected:
- IP address,
- Date and time of the query,
- Time zone difference to GMT,
- Contents of the request,
- Access status/http status code,
- Amount of data transferred,
- Web page from which the request originates,
- Browser (including language and version),
- Operating system.
This general data is not assigned to a specific person when used. Collection of this data is necessary for technical reasons in order to display our website to you and to ensure its stability and security.
9. Contact and the contact form
If you contact us using the specified email address and/or the contact form provided, we will always comply with the applicable data protection regulations when handling the data you send us. The data you provide is used solely to process your request. Please note that the data you enter via our contact form is transmitted unencrypted.
10. Cookies and other technologies in connection with the use of our website
The IBS’s websites use cookies for the following purposes:
Functional cookies: To recognise login information or personal settings.
Performance cookies: To determine anonymous information on website usage.
Targeting/marketing cookies: When integrating cookies used by third parties.
Specifically, the following cookies are used on the IBS websites:
Functional cookies: Checking the user’s login; checking the user’s display language.
Performance cookies: Checking which of the two web servers for displaying the websites is less busy and redirecting the user to that one.
Google:
Targeting/marketing cookies: Google Tag Manager stores anonymised data about the behaviour of users on the IBS’s websites. For more information, visit this page.
Google Maps: When you use Google Maps on our website, information about the use of the website (including IP address) is transmitted to Google in the United States. For more information, visit this page.
Youtube.com: Targeting/marketing cookies: When videos are embedded, YouTube stores data about user behaviour. For more information, visit this page.
Pinterest: No cookies.
Instagram: No cookies.
Facebook: No cookies.
Twitter: No cookies.
11. Web tracking
Our website uses Google Analytics, a web analytics service provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (‘Google’). Google Analytics uses cookies that enable analysis of website usage. The information generated by the cookie about your use of the website is transferred in anonymised form to a Google server in the United States and stored there. Thanks to anonymisation, this data cannot be linked to a specific person. Google processes this information in order to evaluate your use of the website, to compile reports on user activities and to provide other services related to website and internet usage. Google may transfer this information to third parties.
You can prevent the data generated by the cookie about your use of the website (including your IP address) from being sent to and processed by Google by downloading and installing the browser plug-in available at the following link.
Google is certified under the Privacy Shield Agreement and therefore guarantees a level of data protection equivalent to Swiss and European data protection law.
For more information about data processing by Google, please refer to Google’s privacy policy.
12. Social media plug-ins and tools
We currently use the social media plug-ins and tools listed in the following table. When visiting our websites, the data listed in section 8 of this Policy can be transmitted to the plug-in provider without confirmation. The plug-in provider stores the data collected about you as usage profiles and uses it for purposes of advertising, market research and/or to customise the design of its website.
We have no control over the collected data or the data processing operations of the plug-in providers. These are subject to the privacy policies of the third parties. For more information on the purpose and scope of the data collection and the processing of the data by the plug-in provider, please refer to the providers’ privacy statements listed below.
Plug-in Privacy Policy
Facebook
Google+
Instagram
LinkedIn
Pinterest
Twitter
XING
YouTube
13. Newsletter
By granting your consent you can subscribe to our newsletter, which contains information about our latest interesting offers. We use what is known as the ‘double opt-in process’ when subscribing users to our newsletter. This means that after you subscribe we send an email to the specified email address asking you to confirm that you want to receive the newsletter. The only information you have to enter to receive the newsletter is your email address, which we save after you subscribe.
You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. This revocation or cancellation can be declared by clicking the link provided in every newsletter or via the contact information in section 2 of this Policy.
Furthermore, we can send you our newsletter as part of your user or contractual relationship. You can unsubscribe from the newsletter at any time by clicking the link provided in every newsletter or via the contact information in section 2 of this Policy.
14. Blog
In some cases, we offer blogs on our websites where we publish various articles on topics related to our activities. Certain blogs allow you to leave public comments, which can be published with your username. We encourage you to use a pseudonym rather than your real name as a username. You are required to enter your username and email address; all other entries are voluntary. When you submit a comment, we store your IP address so that we can defend against liability claims in the event that unlawful content is published. Comments are not reviewed prior to publication. However, we reserve the right to remove comments after publication at our sole discretion if we consider them to contain offensive or unlawful content.
15. Profiling and automated decisions
When users visit the IBS’s websites, no personal data is collected or even brought together centrally to build up a profile and make this data available to certain individuals for evaluation. The Intranet and StudentWeb require every user to log in with a personal account, but this is only for authentication purposes; the Sitecore CMS does not store this or any other data associated with the person in a linked manner. The integrated Google Analytics only stores anonymous clicks, without linking to or passing on user data (e.g. account name or the like).
Personal data such as first name, last name and address are stored in a user account, which is required for logging on to the Intranet/StudentWeb. This data is captured and stored in the IBS’s User Management System. The profile is only accessible to the authenticated user themselves. This data is not stored on the websites; it is only output (including in the Intranet/StudentWeb).
16. Data transfer and data transmission abroad
All the data for the operation of the CMS and the delivery of the websites is held by the Swiss hosting provider ‘Aspectra’ and is therefore stored in Switzerland. In addition, services provided by the IBS on its systems are queried and integrated. No data is transferred abroad, except in the cases indicated.
17. Data security
We employ reasonable technical and organizational security measures to protect your personal data from unauthorized access and misuse. For example, we use SSL encryption when transmitting IBS website data from the server to the visitor’s browser. In addition, Intranet and StudentWeb pages are protected by ADFS (Active Directory Federation Service) and are therefore only accessible to authenticated users from the IBS.
18. Amendments
We may amend this Privacy Policy at any time without prior notice. The current version published on our website applies.