The Foundation in Support of the World Health Organization (the Foundation), also known as the WHO Foundation, is a Swiss Foundation with a vision of a world in which all people attain the highest level of health. To achieve its vision the Foundation works with individuals around the world to mobilize resources, build partnerships and invest in programs. In all the Foundation’s work, it profoundly values privacy and personal data protection for everyone.
The Foundation wants you to know and understand if, when, how and why the Foundation processes your personal data. You will find relevant information below. If the Foundation has missed something or you have a question, feel free to contact the Foundation using the details in Section 1 below.
The Foundation’s Privacy Notice[1] is, and will remain, available to you at all times on the Foundation’s website. The Foundation will amend and update it, if necessary, and may do so without any specific notification to you.
Personal data is any information relating to an (directly) identifiable individual or from which an individual can be (indirectly) identified.
The Foundation is processing your personal data; it determines the purposes and means of said processing and is referred to as the “Controller” or “Data Controller”. You can contact the Foundation at:
This Privacy Notice relates to you, as an external person who interacts with the Foundation, and your related persons.
This includes, where applicable law includes these parties, donors and partners and their employees, prospective donors and partners, impact investing stakeholders, service providers, fiduciary partners, event attendees, users of the Foundation’s website, and organizations the Foundation funds. Your “related persons” includes an individual or entity whose information you or a third party provides to the Foundation and/or information that the Foundation becomes aware of in connection with your relationship with the Foundation.
The Foundation collects, stores and uses personal data relating to contact details, financial and fundraising-related information, information gathered conducting due diligence, transaction information, professional information, impact stories, and information about diversity, equity, and inclusion markers.
The Foundation processes each category when it is relevant to your relationship with the Foundation and the related task the Foundation is carrying out.
Some of this personal data might be combined to give the Foundation a deeper understanding of your profile. For example, from your personal data the Foundation may infer your preferences in relation to fundraising activities and may act upon it to send you information related to campaigns most relevant to you. This is more complete than stand-alone personal data, but does not amount to sensitive personal data.
Sensitive personal data includes specific types of personal data and may include, depending on the particular jurisdiction, information that relates to an identifiable person about their race, ethnic origin, political opinions, religious or philosophical beliefs, sexual orientation, sex life, genetic data, biometric data for the purpose of uniquely identifying a natural person, health-related data, trade union membership, personal data of a child, precise geolocation data, citizenship or immigration status and/or an individual’s status as a victim of a crime.
Presently, the Foundation processes certain information relating to diversity and inclusion markers, such as race or ethnic origin, in connection with suppliers and other entities with whom the Foundation interacts. This is to ensure that as an organization the Foundation is embedding diversity, equity, and inclusion into its operations. The Foundation will always highlight when it may be collecting this information and will always offer a clear option to opt in to this process.
The Foundation primarily collects your personal data from you, in the context of your relationship and engagement with the Foundation. The Foundation may also gather some data indirectly from third parties, from publicly available sources, and online tools to provide background and due diligence information. The personal data may be collected as follows:
Supporters and donors: information you provide to the Foundation when you make a donation, sign up to the Foundation’s newsletter, sign up to attend an event, or communicate with the Foundation. If you are giving via a Donor Advised Fund or other entity, if you agree, and their data privacy policy allows, they may provide your information to the Foundation.
The Foundation processes personal data to carry its activities as a foundation to support global public health needs, which includes processing certain personal data to provide services to you, including to allow you to access and use our services; providing updates regarding our services; to contact you, when you have opted in to receive newsletters or other email messaging; to contact you, when you have enrolled in any of the Foundation’s events and for other general business purposes as permitted by applicable law such as conducting audits, financial calculations and tax reporting, administering the Foundation’s business and operations, evaluating and maintaining the Foundation’s systems, security and fraud prevention and monitoring.
In addition, the Foundation strives to improve the Foundation’s offerings and effectiveness, and in order to do so, the Foundation analyzes interactions with its services and the Foundation’s marketing, reactions, other history and user behavior. The Foundation may use a range of tools available, including spreadsheets and databases, algorithms, and technologies like artificial intelligence and machine learning.
More specifically, the Foundation may process your data for the following purposes:
Under certain circumstances, your objection or restriction to the processing of your personal data could prevent the Foundation from performing the actions necessary to achieve the purposes set out above for your benefit.
The Foundation may use your personal data to send you marketing information, in an electronic or paper format, in relation to your relationship with the Foundation. The Foundation will give you an easy way to change your mind and stop receiving any such information.
The Foundation keeps personal data on hard copy files and in password protected electronic files and record systems. Our processes and systems are intended and designed to restrict access to personal data at the Foundation to the above mentioned purposes. These access rights are periodically reviewed. The Foundation has an IT Acceptable Use Policy setting out how IT tools and data should be used. The Foundation’s Team Members also receive IT security training and have access to a channel to immediately report any issues they may encounter. Relevant Team Members have been made aware of the importance of personal data and the Foundation’s obligations under relevant data protection legislation through data protection training and ongoing awareness raising.
If you click on a third-party link on the Foundation’s website, for example, to make a donation through a third-party service provider, such as FundraiseUp or Benevity, for the purpose of campaigns launched by the Foundation, some of your personal data may be collected by those service providers.
Those third-party websites and services are not operated or controlled by the Foundation. These service providers process your personal data, if and to the extent required, to provide their services and as otherwise provided in their privacy notices. You will need to read their privacy notices to understand precisely how they treat your personal data. Some of these service providers may be located outside of Switzerland or the European Union (EU) in jurisdictions that may not necessarily offer an equivalent level of personal data protection.
The Foundation processes your personal data internally and also works with other parties, including service providers and its affiliates, who process your personal data.
Affiliates. The Foundation may disclose certain personal data to the Foundation’s affiliates that are involved in the delivery of services or the Foundation’s overall operations.
Service Providers. The Foundation provides your personal data to service providers who the Foundation engages to help operate the Foundation and provide services (e.g., transaction processing and analysis, fraud detection and identity verification, information technology and computing support, customer relations management systems (CRM), operations, managing marketing and promotions and research).
Other Parties. The Foundation may also disclose personal data to certain other parties, including:
Yes, the Foundation may transfer your data outside Switzerland, the EU and the UK. This may happen as some of the Foundation’s staff or Board Members are located outside Switzerland, the EU and the UK, and connect to the Foundation’s secure work environment (see Section 9 for security measures); or when the Foundation uses service providers based outside of the EU and Switzerland.
If you are an EU or Swiss resident and the Foundation transfers your personal data to a jurisdiction that is not a Member State of either the EU or the European Economic Area, or deemed adequate by the European Commission and/or the Swiss Federal Data Protection and Information Commissioner, the Foundation ensures appropriate safeguards are in place, such as standard contractual clauses, approved Codes of Conduct, or approved certification mechanism. The Foundation may also do so with your prior explicit consent or if the transfer is necessary for the performance of the Foundation’s contract with you.
The Foundation will retain your personal data for as long as needed in accordance with the purpose for which it was collected. The Foundation may also retain and use your information to comply with its legal obligations, resolve disputes, and prevent abuse.
When the Foundation no longer needs your personal data, it will be deleted or anonymized.
In addition to the right to be informed about what personal data the Foundation holds and how it is used (as described in this Privacy Notice) you are also entitled to:
For further information on these rights, please contact the Foundation (see Section 1 above).
Your rights are not absolute and in certain circumstances can be limited. For example, the Foundation may have to keep processing your personal data and decline your request to delete it immediately to comply with the law (see section 13 above) or assert or defend against legal claims. The Foundation will inform you of any limitation to you exercising your rights in its response to your request.
The Foundation will not unlawfully discriminate nor retaliate against you for exercising the rights under this section.
Your privacy and personal data protection are important to the Foundation. If you have any questions, concerns, or complaints about the Foundation’s personal data practices or this Privacy Notice, you are encouraged to get in touch with the Foundation by using the contact information in Section 1 above.
If you are an E.U., Swiss or UK resident and believe you have suffered harm due to a breach of your rights by the Foundation under this Notice, and the Foundation has not handled your complaint in a reasonably sufficient manner, you may also file a complaint with the competent supervisory authority.
If you are a U.S. resident, under the laws of certain jurisdictions, you may have the right to appeal the Foundation’s decision not to act on your request to exercise certain of the rights described above. To appeal the Foundation’s decision if you are in an eligible jurisdiction, please email the Foundation at dataprotection@who.foundation with the subject line, “Individual Rights Request Appeal“.
[1] As of 18 March 2024
[2] “team members” means everyone working to achieve the Foundation’s Mission including employees, board members, consultants, interns, freelancers and volunteers.