Privacy Notice 
The Foundation in Support of the World Health Organization (the Foundation), also known as the WHO Foundation, is a Swiss Foundation with a vision of a world in which all people attain the highest level of health. To achieve its vision the Foundation works with individuals around the world to mobilize resources, build partnerships and invest in programs. In all the Foundation’s work, it profoundly values privacy and personal data protection for everyone.
The Foundation wants you to know and understand if, when, how and why the Foundation processes your personal data. You will find relevant information below. If the Foundation has missed something or you have a question, feel free to contact the Foundation using the details in Section 1 below.
The Foundation’s Privacy Notice is, and will remain, available to you at all times on the Foundation’s website. The Foundation will amend and update it, if necessary, and may do so without any specific notification to you.
1. What is personal data?
Personal data is any information relating to an (directly) identifiable individual or from which an individual can be (indirectly) identified.
2. Who controls and is processing your personal data?
The Foundation is processing your personal data; it determines the purposes and means of said processing and is referred to as the “Controller” or “Data Controller”. You can contact the Foundation at:
- Address: Chemin des Mines 2, 1202 Geneva, Switzerland
- Email: email@example.com
3. Who does this Privacy Notice apply to?
This Privacy Notice relates to you, as an external person who interacts with the Foundation, and your related persons.
This includes donors and partners and their employees, prospective donors and partners, impact investing stakeholders, service providers, fiduciary partners, event attendees, users of the Foundation’s website, and organizations the Foundation funds. Your “Related Persons” includes an individual or entity whose information you or a third party provides to the Foundation and/or information that the Foundation becomes aware of in connection with your relationship with the Foundation.
The Foundation has an Internal Privacy Notice that applies to team members and job applicants, please speak to your contact at the Foundation if the Internal Privacy Notice is relevant to you.
4. What categories of personal data does the Foundation process?
The Foundation collects, stores and uses personal data relating to contact details, financial and fundraising-related information, information gathered conducting due diligence, transaction information, professional information, impact stories, and information about diversity, equity, and inclusion markers.
The Foundation processes each category when it is relevant to your relationship with the Foundation and the related task the Foundation is carrying out.
Some of this personal data might be combined to give the Foundation a deeper understanding of your profile. For example, from your personal data the Foundation may infer your preferences in relation to fundraising activities and may act upon it to send you information related to campaigns most relevant to you. This is more complete than stand-alone personal data, but does not amount to sensitive personal data.
5. Does the Foundation collect sensitive personal data?
Sensitive personal data is information that relates to an identifiable person about their race, ethnic origin, political opinions, religious or philosophical beliefs, sexual orientation, sex life, genetic data, health-related data, or trade union membership.
In general, the Foundation does not need to and does not process sensitive personal data in relation to your relationship with the Foundation. The Foundation will inform you if this changes in the future.
In some cases, for example owners of suppliers the Foundation works with, information relating to diversity and inclusion markers, such as race or ethnic origin are collected. This is to ensure that as an organization the Foundation is embedding diversity, equity, and inclusion into its operations. The Foundation will always highlight when it may be collecting this information and will always offer a clear option to opt out of this process.
6. Where does the Foundation collect your personal data?
The Foundation primarily collects your personal data from you, in the context of your relationship and engagement with the Foundation. The Foundation may also gather some data indirectly from third parties, from publicly available sources, and online tools to provide background and due diligence information.
- Event attendees: information you provide when you sign up to attend an event, information you provide when you communicate with the Foundation, or by the Foundation recording an event or taking photographs at an event.
- Partners and their employees: information you provide when you communicate with the Foundation, information you provide to enter into an agreement, and information from the Foundation’s networks.
- Prospective donors and partners: information from the Foundation’s networks, publicly available sources, and online tools providing background and due diligence information.
- Service providers: publicly available resources, information you provide when you communicate with the Foundation, and information you provide to enter into an agreement.
- Organizations funded by the Foundation: information you provide when you communicate with the Foundation, information you provide to enter into an agreement, and information from the Foundation’s networks.
- Impact investment stakeholders: information you provide when you communicate with the Foundation, information you provide to enter into an agreement, and information from the Foundation’s networks.
7. Why does the Foundation process your personal data?
The Foundation processes personal data to carry its activities as a foundation to support global public health needs. The Foundation may use your data as follows:
- Donors: processing and accounting your payment, sending you information about the impact of your gift, events, updates regarding campaigns you have donated to and new campaigns, sending you a tax certificate for any donations you have made, contacting you if your donation was not completed, carrying out due diligence for donations over CHF10,000 to ensure the Foundation can accept your gift in reference to our Gift Acceptance Policy, and, for donations over CHF100,000, to include your details in the Foundation’s transparency report.
- Event attendees: sending information about the event, sending marketing materials about future events, the Foundation’s impact and campaigns, recording online events, editing short videos, and sending a follow up email about the event if you did or did not attend.
- Partners and their employees: sending information about any agreement you are entering into with the Foundation, sending marketing materials about future events, the Foundation’s impact and campaigns or editing short films.
- Prospective donors and partners: identifying and sharing information that might be of interest to you.
- Service providers: agreeing, and sending a contract for the services provided.
- Organizations funded by the Foundation: sending your team members information about the Foundation’s impact, agreeing, and sending a grant agreement.
- Impact investment stakeholders: sending you information about the Foundation’s engagement in impact investment activities, or to invite you to events.
Under certain circumstances, your objection or restriction to the processing of your personal data could prevent the Foundation from performing the actions necessary to achieve the purposes set out above.
8. Does the Foundation also (in addition to Section 7) send marketing material? Can you change your mind and stop receiving it?
The Foundation may send you marketing information, in an electronic or paper format, in relation to your relationship with the Foundation. The Foundation will systematically give you an easy way to change your mind and stop receiving any such information.
9. What security measures does the Foundation apply when processing your personal data?
The Foundation keeps personal data on hard copy files and in password protected electronic files and record systems. Access to personal data at the Foundation is restricted and for the above mentioned purposes. These access rights are periodically reviewed. The Foundation’s team members receive IT security training and have access to a channel to immediately report any issues they may encounter. Relevant team members have been made aware of the importance of personal data and the Foundation’s obligations under relevant data protection legislation.
10. What happens to your personal data when you click on a third party link on the Foundation’s website?
If you click on a third party link on the Foundation’s website, for example, to make a donation through a third party service provider such as FundraiseUp or Benevity for the purpose of campaigns launched by the Foundation, some of your personal data may be collected by those service providers.
These providers process your personal data if and to the extent required to provide their fundraising services and comply with applicable regulations, such as financial regulations. You will need to read their privacy notices to understand precisely how they treat your personal data. The Foundation would like to make you aware that some of these service providers may be located outside of Switzerland or the European Union (EU) in jurisdictions that may not necessarily offer an equivalent level of personal data protection.
11. Does the Foundation share your personal data with third parties?
In most circumstances, the Foundation processes personal data itself. However, there are specific circumstances in which the Foundation may share your personal data. These are:
- When applicable, with grantees to ensure compliance with any donation or funding mechanism and regulatory requirements.
- When required, to share details with the Foundation’s auditors.
- When required by law or if the Foundation has a good faith belief that disclosure is necessary to (i) investigate, prevent, or take action regarding suspected or actual illegal activities or to assist government enforcement agencies; (ii) enforce the Foundation’s agreements with you, (iii) investigate and defend the Foundation against any third-party claims or allegations, or (iv) protect the security or integrity of the Foundation’s website.
12. For Swiss and EU residents, does the Foundation transfer your personal data abroad, including outside the EU (internationally)?
Yes, the Foundation may do so. For example, when some of the Foundation’s staff or Board Members are located outside Switzerland and the EU and connect to the Foundation’s secure work environment (see Section 9 for security measures); or when the Foundation needs to use a service provider outside of the EU.
If the Foundation transfers your personal data to a State which is not a Member State of either the EU or the European Economic Area, or deemed adequate by the European Commission and/or the Swiss Federal Data Protection and Information Commissioner, the Foundation ensures appropriate safeguards are in place, such as standard contractual clauses, approved Codes of Conduct, or approved certification mechanism. The Foundation may also do so with your prior explicit consent or if the transfer is necessary for the performance of the Foundation’s contract with you.
13. How long does the Foundation keep and retain your personal data?
The Foundation will retain your personal data for as long as needed in accordance with the purpose for which it was collected. The Foundation may also retain and use your information to comply with its legal obligations, resolve disputes, and prevent abuse.
When the Foundation no longer needs your personal data, it will be deleted.
14. What are your rights?
In addition to the right to be informed about what personal data the Foundation holds and how it is used (as described in this Privacy Notice) you are also entitled to:
- access your personal data;
- rectify inaccurate or incomplete personal data;
- request deletion of your personal data (subject to the below mentioned limitation);
- restrict processing of your personal data (subject to the below mentioned limitations);
- obtain and reuse your personal data; and
- object to particular processing(s) of your personal data subject to the below mentioned limitations).
For further information on these rights, please contact the Foundation (see Section 1 above).
Your rights are not absolute and in certain circumstances can be limited. For example, the Foundation may have to keep processing your personal data and decline your request to delete it immediately to comply with the law (see section 13 above) or assert or defend against legal claims.
The Foundation will of course inform you with transparency on any limitation to you exercising your rights in its response to your request.
15. How and to whom can I ask questions or file concerns or complaints?
Your privacy and personal data protection are important to the Foundation. If you have any questions, concerns, or complaints about the Foundation’s personal data practices or this Privacy Notice, you are encouraged to get in touch with the Foundation by using the contact information in Section 1 above. Also, if you are an E.U. resident and believe you have suffered harm due to a breach of your rights by the Foundation under this Policy, and the Foundation has not handled your complaint in a reasonably sufficient manner, you may also file a complaint with the competent supervisory authority.
 As of 8 January 2024
 “team members” means everyone working to achieve the Foundation’s Mission including employees, board members, consultants, interns, freelancers and volunteers.