Menu

Privacy Statement

This Privacy statement provides information on the processing of personal data in connection with our activities and operations including our website under the domain name switzerland2038.com. We explain, in particular, what the personal data is used for, as well as how and where it is processed. We also provide information on the rights of persons whose data we process (data subjects).

For individual or additional activities and operations, we may publish additional privacy statements or miscellaneous information on data protection.

We are subject to Swiss law as well as any applicable foreign law, such as, in particular, that of the European Union (EU) by way of the European General Data Protection Regulation (GDPR).

The European commission recognised, by way of the Ruling of 26 July 2000 that Swiss data protection legislation ensures appropriate data protection. The report dated 15 January 2024 by the European Commission confirmed this ruling on the appropriateness [of Swiss data protection].

1. Contact addresses

The body that is responsible for data protection is:

Olympic and Paralympic Winter Sports Association Switzerland 2038
c/o Swiss Olympic
Talgut-Zentrum 27
CH-3063 Ittigen

info[at]switzerland2038.com

In specific cases, third parties may be responsible for processing personal data, or joint responsibility may be held with third parties. Upon request, we will be pleased to provide information on the relevant responsibility.

2. Terms and legal framework

2.1 Terms

Data subject: Individuals whose personal data we process.

Personal data: All details that refer to a specific or identifiable individual.

Sensitive personal data Data: on union affiliation, political, religious or personal views and activities, health information, private life or the belonging to a ethnic group or race, genetic data, biometric data, that could categorically identify an individual, data on criminal and administrative sanctions or prosecutions, and data on welfare assistance.

Processing: Any handling of personal data, regardless of the means or procedures used, for example, retrieving, comparing, adapting, archiving, storing, recovering, disclosing, procuring, collecting, recording, erasing, publishing, structuring, organising, saving, modifying, disseminating, linking, destroying and using of personal data.

European Economic Area (EEA): Member states of the European Union (EU) and the Principality of Liechtenstein, Island and Norway.

2.2 Legal framework

We process personal data in accordance with Swiss law and in particular with the Federal Act on Data Protection (Data Protection Act, FADP) and the Data Protection Ordinance (Data Protection Ordinance, DSV).

We process – if, and to the extent that the European General Data Protection Regulation  (GDPR) is applicable – personal or person-related data ad minima in accordance with the following legal framework:

  • Article 6(1)(b) of the GDPR for the necessary processing of person-related data to comply with the fulfilment of an agreement with the data subject and in order to execute contractual measures.
  • Article 6(1)(f) of the GDPR for the necessary processing of person-related data to safeguard legitimate interests – including the legitimate interests of third parties –  provided these basic freedoms and fundamental right and interests of the data subject do not override them. Such interests, and in particular the enduring, humane, safe and reliable exercise of our activities and operations, the guarantee of information security, the protection from misuse, the implementation of our legal claims and compliance with Swiss law.
  • Art. 6(1)(c) of GDPR for the necessary processing of personal data to meet a legal obligation with which we must comply in accordance with any applicable laws of the Member States in the European Economic Area (EEA).
  • Art. 6 (1) (e) of GDPR for the necessary processing of personal data to perform a task that is in the public interest.
  • Art. 6 (1) (a) of GDPR for the processing of personal data with the consent of the data subject.
  • Art. 6 (1) (d) of GDPR for the necessary processing of personal data in order to protect the vital interests of the data subject or those of another individual.
  • Art. 9 (2) et seq of GDPR for the processing of categories of personal data, in particular with the consent of the data subjects.

The European General Data Protection Regulation (GDPR) refers to the processing of personal data as the processing of personal data, and the processing of particularly sensitive personal data as the processing of special categories of personal data (Art. 9 GDPR).

3. Type, scope and purpose of processing personal data

We process personal data that is required to carry out our activities and operations sustainably, humanely, securely and reliably. The processed personal data may come under the categories of browser and device data, content data, communication data, metadata, usage data, master data including inventory and contact data, location data, transaction data, contract data and payment data, in particular. Personal data may also cover sensitive personal data.

We also process personal data that we receive from third parties, obtain from publicly accessible sources or collect while carrying out our activities and operations, provided such processing is permitted.

If so required, we process personal data with the consent of the data subjects. In many cases, we may process personal data without consent, to fulfil legal obligations or to protect overriding interests, for example. We may ask the data subjects for their consent, even if their consent is not required.

We process personal data for the period that is required for the specific purpose. We anonymise or delete personal data, in particular to comply with statutory retention and limitation periods.

4. Disclosure of personal data

We may disclose personal data to third parties, have the data processed by third parties, or process it in collaboration with third parties. These third parties may be specialist providers whose service we call upon.

We may, for example, disclose personal data to banks and other financial service providers, authorities, educational and research institutions, consultants and lawyers, interest groups, IT service providers, cooperation partners, credit and business information agencies, logistics and shipping companies, marketing and advertising agencies, media, organisations and associations, social institutions, telecommunication companies, insurance companies and payment service providers.

5. Communication

We process personal data so we can communicate with individuals as well as with authorities, organisations and companies. In particular, we process data that a data subject sends to us when they contact us, for example by post or e-mail. We may store this data in an address book or by way of comparable tools.

Third parties that send us data about other people are obliged to ensure the protection of the data of the data subjects independently. They must, in particular, ensure that the said data is correct and may be passed on.

6. Applications

We process personal data about applicants, if necessary, to assess their suitability for an employment position or for the subsequent drawing up an employment contract. The required personal data comes, in particular, from the information requested. This may be, for example, following a job advertisement. We may publish job advertisements using suitable third parties, for example in electronic and printed media or on job website or platforms.

We also process the personal data that the applicants provide or disclose freely, in particular in their application letter, curriculum vitae and other application documents as well as via online profiles.

We process – provided and to the extent that the General Data Protection Regulation (GDPR) is applicable – personal data on applicants, in particular in accordance with Art. 9 (2) (b) of GDPR.

7. Data security

We take the suitable technical and organisational steps to ensure data security that is appropriate for the specific risk. These steps guarantee, in particular, the confidentiality, availability, traceability and integrity of the processed personal data, though it is not possible to ensure absolute data security.

Our website and other digital online services are accessed by way of point-to-point encryption (SSL / TLS, and in particular using the Hypertext Transfer Protocol Secure, abbreviated to HTTPS). Most browsers issue a warning if the user attempts to access a website that does not have point-to-point encryption.

Our digital communication – like all  digital communication – is subject to mass surveillance without any particular cause or suspicion by security authorities in Switzerland, the rest of Europe, the United States of America (USA) and other countries. We cannot directly influence processing of personal data in this manner by secret services, police forces and other security authorities. We cannot rule out data subjects being specifically monitored.

8. Personal data abroad

We process personal data in principle in Switzerland and in the European Economic Area (EEA). We may, however, also export or transfer personal data to other countries, in particular in order to process it or have it processed there.

We may export personal data to any countries in world and elsewhere in the universe provided that local legislation, in accordance with the Resolution of the Swiss Federal Council and – if and to the extent applicable, the General Data Protection Regulation (GDPR) – and the Resolution of the European Commission is applicable, and provides appropriate data protection.

We may transfer personal data to countries where laws do not guarantee adequate data protection, provided that data protection is guaranteed in other ways, and in particular based on standard data protection clauses or with other suitable guarantees. Exceptionally, we may export personal data to countries without adequate or appropriate data protection if special requirements under data protection law are met, for example with the express consent of the data subjects, or if there is a direct connection with concluding or fulfilling an agreement. We will be happy to provide data subjects with information on any guarantees upon request or provide a copy of any guarantees.

9. Rights of data subjects

9.1 Legal data protection claims

We grant data subjects all claims in accordance with the applicable law. Data subjects have, in particular, the following rights:

  • Information: Data subjects may ask whether we are processing personal data about them, and if so, which personal data is concerned. Data subjects may also obtain information that is required to ensure that they can assert their legal data protection claims and to guarantee transparency. This includes the actual processed personal data as well as information on the purpose for the processing thereof, the duration of storage, or whether the data is exported to other countries and the origin of the personal data.
  • Rectification and limitation: Data subjects may request that incorrect personal data be corrected, that incomplete data be completed and that the processing of their data be restricted.
  • Possibility of expressing one’s own views and human scrutiny: For decisions that are based exclusively on the automated processing of personal data and that have legal consequences for them or significantly affect them (automated individual decisions), data subjects may express their views and request a review by a human being.
  • Deletion and objection: Data subjects can have their personal data deleted (“right to be forgotten”) and object to their data being processing with effect from that point on.
  • Data output and transmission: Data subjects may request that their personal data be disclosed or transferred to another controller.

We may defer, restrict or refuse to exercise the rights of data subjects to the extent permitted by law. We may inform data subjects of any requirements that must be complied with so they can exercise their rights under data protection law. We may, for example, refuse to provide information in whole or in part, with reference to confidentiality obligations, overriding interests or the protection of other persons. We may also, for example, refuse to delete personal data in whole or in part, in particular with reference to statutory retention obligations.

We can in exceptional cases charge a fee for exercising such rights. We will inform the data subjects of any costs due beforehand.

We are obliged to identify – by way of appropriate means – data subjects who request information or who wish to exercise other rights. Data subjects are obliged to cooperate in this matter.

9.2 Legal protection

Data subjects have the right to exercise their data protection claims by way of legal recourse or to notify or lodge a complaint with the data protection monitoring authority.

The Data protection monitoring authority for private responsible persons and federal organisations in Switzerland is the Federal Data Protection and Information Commissioner (EDÖB).

The European data protection monitoring authorities are organised as members in the European Data Protection Board (EDPB). In some Member States in the European Economic Area (EEA), the data protection monitoring authorities are organised at federal level, in particular in Germany.

10. Use of the website

10.1 Cookies

We may use cookies. Cookies – our own cookies (first-party cookies) as well as cookies from third parties whose services we use (third-party cookies) – are data that is stored in the browser. This saved data must not be viewed merely as traditional text cookies.

Cookies may be stored in the browser temporarily as “session cookies”, or for a certain duration, the latter being referred to as permanent cookies. “Session cookies” are automatically deleted when the browser is closed. Permanent cookies are stored for a specific period of time. In particular, cookies are used to recognise a browser the next time our website is visited. This can, for example, measure the reach of our website. Permanent cookies may, however, for example, also be used for online marketing purposes.

Cookies may at any time be totally or partially deactivated, restricted or deleted via the browser settings. The browser settings can also often be programmed to automatically delete cookies and manage them in other ways. If cookies are not activated, our website can no longer be fully exploited. We actively request – at least and to the extent required by applicable law – express consent for cookies to be used.

For cookies that are used to measure success and reach or for advertising purposes, for many services, it is possible to opt out via AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) as well as Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).

10.2 Logging

We may log at least the following information each time our website and our other digital tools are accessed, provided that this information is sent to our digital infrastructure during the said access: Date and time, including the time zone, IP address, access status (HTTP status code), operating system, including the user interface and version, the browser including the language and the version, sub-websites of our website that are accessed, including the amount of data transferred, and the website that was accessed last in the same browser window (referrer or referer).

We log such data that can also include personal data in log files. This information is required so we can provide dour digital service durably, humanely and reliably. The details are also required to ensure data security – including by third parties or with the help of third parties.

10.3 Tracking pixels

We can incorporate tracking pixels into our digital presence. Tracking pixels are also referred to as web beacons. Tracking pixels – including those from third parties whose services we use – are usually small, invisible images or scripts written in JavaScript that are automatically retrieved when our digital presence is accessed. Tracking pixels can record, ad minima, the same details that found in log files.

11. Notifications and messages

11.1 Measurement of success and reach

Notifications and messages can contain weblinks or tracking pixels that record whether an individual message has been opened and which weblinks were clicked on. These weblinks and tracking pixels can record the usage of notifications and messages, including those that contain personal information. We need to record statistics on usage to measure the success and reach, so we can send notifications and messages based on the needs and reading habits of the recipients effectively, in a user-friendly, permanent, secure and reliable manner.

11.2 Consent and opposition

You must always give your consent for your e-mail address and your other contact addresses to be used, unless the use is permitted for other legal reasons. We can use the “double opt-in” procedure to obtain double-confirmation consent. In this case, you will receive a message with instructions on how to use double opt-in. We may only log consents obtained including IP address and timestamps on identification and security grounds.

You can always refuse to receive notifications and messages such as newsletters at any time. You can also refuse in the same manner to your data being recorded for statistical purposes to measure success and reach. We reserve the right to send the necessary notifications and messages in connection with our activities and operations.

12. Services by third parties

We used the services of specialist third parties to carry out our activities and operations sustainably, humanely, securely and reliably. These services enable us to incorporate, inter alia, other functions and content into our website. By incorporating such functions and content, the services used record, for imperative reasons, at least temporarily the IP addresses of the users.

Third parties whose services we call upon may process data in connection with our activities and operations in aggregated, anonymized or pseudonymized form. This is necessary on security, statistical and technical grounds. This may be, for example, performance or user data in order to offer the relevant service.

We use in particular:

Digital infrastructure

We call upon the services of specialised third parties so we can use the necessary digital infrastructure in connection with our activities and operations. This includes, for example, hosting and storage services by selected service providers.

We use in particular:

  • Mittwald: Hosting; service provider: Mittwald CM Service GmbH & Co. KG (Germany); information on data protection: Privacy Statement.

13. Measurement of success and reach

We attempt to measure the success and reach of our activities and operations. This also entails measuring or verifying the effect of referrals from third parties, such how various parts or versions of our digital presence are used (“A/B-test” method). We can, based on the results of these success and reach measurements, correct errors, increase the amount of popular content or make improvements.

To measure the success and reach, in most cases, the IP addresses of individual users will be recorded. IP addresses must always be shortened in such cases (“IP masking”) to comply with the principle of data minimisation by the use of pseudonymisation.

To measure success and reach, cookies may be used, and user profiles may be created. Any user profiles created may include individual pages visited or content viewed on our digital presence, information on the size of the screen or browser window and the location (an approximation thereof, at least). All user profiles must be created in pseudonymised form and not used to identify individual users. Individual services by third-party with which users are registered may be able to associate the use of our online offer with the user account or user profile of the respective service.

We use in particular:

14. Concluding indications on the privacy statement

We created this privacy statement with the data protection generator of Datenschutzpartner.

We may update this privacy statement at any time. We provide information on updates in an appropriate form, in particular by publishing the updated privacy statement on our website.