Overview
This Data Protection Policy (hereinafter referred to as the “Policy”)
describes how the Foundation in support of WHO (hereinafter referred to
as the “Foundation”) as data controller,
collects, manages, uses and protects Personal Data received in compliance
with applicable privacy laws and regulations, including the EU General
Data Protection Regulation and the Swiss Federal Act on Data Protection
and its ordinance. The regulations cover all aspects of Personal Data and
the obligations on the Foundation to clearly identify what Personal Data
the Foundation has, where it is obtained, why the Foundation has it, how
the Foundation may use it, how Personal Data is stored and with whom it
may be shared and under what circumstances.
Personal Data types
In essence, “Personal Data” is any information relating
to an identifiable individual or from which an individual can be identified.
The Foundation collects Personal Data that is limited to the kind of information
that is necessary as part of the Foundation activities such as for example
but not exclusively, name, gender, date and place of birth, nationality,
postal address, email address, phone number, relevant charitable foundation
or private office contact details, source of fortune, main company ownership
and affiliation, professional information, wealth information, philanthropy
information, reason for selection, current directorships, current trusteeships.
Sources of Personal Data
The Foundation processes Personal Data that is voluntarily or upon request
provided to the Foundation in the course of a recruitment process, employment,
donations, an agreement for the performance of work or any other contract.In
some instances, the Personal Data will be supplemented by information retrieved
from public sources, such as online media and certain Personal Data may
be automatically recorded, notably through the use of Cookies, for system
administration, statistical, storage and security reasons, when an individual
visits the Foundation’s website or a website hosted by the Foundation,
without opting-out.
Personal Data of third parties
If you provide Personal Data to the Foundation about someone else, you
must ensure that you are entitled to disclose that Personal Data to the
Foundation and that the Foundation can legally process such Personal Data
without having to take any further steps.
Purpose of the processing of Personal Data
The Foundation processes Personal Data in the conduct of its activities
as a foundation as described in its Statutes and for the achievement of
its statutory purpose.
Safeguards of Personal Data
Personal Data is stored on a Foundation server in Switzerland. Personal
Data held by the Foundation is kept on hard copy files and in password
protected electronic files and record systems. Access at the Foundation
is restricted to a “need-to-know” basis and for the above
mentioned purposes exclusively. The concerned Foundation’s staff
have been made aware of the importance of Personal Data and the Foundation’s
obligations under relevant data protection legislation. These obligations
mean that Personal Data is always securely processed and transmitted, protected
against unlawful processing and accidental loss and uncontrolled change,
amongst other requirements.
Online payments
If a payment is made through one of the Foundation online tools, a third
party provider, such as stripe.com, will process Personal Data for the
purpose of the payment. The third party provider shall be the only party
responsible, if its services or system are located within the United States
or other countries outside Switzerland, for implementing appropriate safeguards
mechanisms for such transfer. Therefore, the present data privacy policy
may not apply to information that you may submit to us offline or to websites
maintained by other companies or organizations to which we may link. In
addition, the Foundation will not collect, acces, store or process any
credit card or other payment system information.
Personal Data sharing
Unless disclosure of your Personal Data is required by applicable law
or a competent authority, your Personal Data is held in confidence and
is never provided to any third party outside of the Foundation, with the
exception, where applicable, of the World Health Organisation that may
require access to Personal Data to ensure compliance with its donation
mechanism.
Should the Foundation provide a third party with any of your Personal
Data, the Foundation will conclude written agreements with any such third
party imposing data protection obligations in order to ensure an adequate
level of protection for your Personal Data and compliance with the legal
requirements.
Personal Data transfers outside the EU
This section shall apply to any Personal Data collected by the Foundation
from EU and Swiss residents.
If the Foundation transfers your Personal Data to a State which is not
a Member State of either the European Union or the EEA, or deemed adequate
by the European Commission and/or the Swiss Federal Data Protection and
Information Commissioner, for example to Members of the Foundation Board
located in such State, the Foundation will only conduct such transfer if
there are suitable safeguards in place, such as binding corporate rules,
standard contractual clauses, approved Codes of Conduct, or approved certification
mechanism.
Retention period of Personal Data
As an organisation operating and governed by Swiss Law, the Foundation
is obliged to keep a record of all operational relevant information for
a period of ten (10) years. The Foundation will therefore keep your Personal
Data for a period of ten (10) years from the time your Personal Data is
no longer useful for the performance of its activities, subject to any
potential proceedings, requests or investigations that may extend beyond
that period. The Foundation will however process your Personal Data exclusively
for the above mentioned purposes.
Personal Data owner’s rights and preferences
In addition to the right to be informed about the Personal Data the Foundation
holds and the use the Foundation makes of it (as described in this Policy)
you are also entitled to:
● access your Personal Data;
● rectify inaccurate or incomplete Personal Data;
● request deletion of your Personal Data (subject to the below
mentioned limitation);
● restrict processing of your Personal Data (subject to the below
mentioned limitations);
● obtain and reuse your Personal Data;
● object to particular processing(s) of your Personal Data subject
to the below mentioned limitations).
For further information on these rights, please contact us (see contact
details below).
Please note that your objection or restriction to the processing of your
Personal Data could prevent the Foundation from performing the actions
necessary to achieve the purposes set out above. Please also note that
the above rights can be limited. For example, the Foundation may need your
Personal Data to comply with the law (e.g. see the “Retention period
of Personal Data” section above) or assert or defend against legal
claims. The Foundation may therefore be able to continue processing your
Personal Data even after you have requested, for example, the deletion
of your Personal Data, to the extent required or permitted by law.
Modifications
Any modifications made to the present data protection policy will be published
on the Foundation website. The published data protection policy on the
Foundation’s website is the applicable and most up-to-date data
protection policy.
Questions, concerns or complaints
If you have any questions, concerns, or complaints about the Foundation’s
Personal Data practices or this Policy, we encourage you to get in touch
with the Foundation by using the contact information below. Also, if you
believe you have suffered harm due to a breach of your rights by the Foundation
under this Policy, and the Foundation has not handled your complaint in
a reasonably sufficient manner, any EU resident may also file a complaint
with the competent supervisory authority.
Contact information: info@who.foundation