The Anugerah Association (hereinafter referred to as “Anugerah”) takes the protection of your personal data very seriously. This privacy policy informs you about the type, scope and use of personal data by Anugerah. Anugerah treats your personal data confidentially and in accordance with the statutory data protection regulations and the data protection declaration below.

Changes

Due to the fact that the new EU Data Protection Regulation does not provide any precise measures, there is still a wide scope for interpretation when it comes to compliance with the regulation. Furthermore, the Swiss Data Protection Act is also undergoing a revision and will come into force in spring 2019 at the earliest. Anugerah endeavors in any case to comply with the new legislation in the area of data protection law and decides in any case to protect personal data. However, we reserve the right to make changes to this Privacy Policy. We therefore recommend that you read this data protection declaration at regular intervals.

Responsible

Anugerah Association
Müntschemiergasse 22
3232 Ins
Switzerland

President: Frank Baumann
E-mail address: baumann@atelier-mausklick.ch

A. Data processing:

1. Administration, financial accounting, office organization, contact management
   We process data as part of administrative tasks in compliance with legal obligations, such as archiving. In doing so, we process the same data that we process as part of the provision of our contractual services. The purpose and our interest in the processing lies in the administration, financial accounting, office organization, archiving of data, i.e. tasks that serve to maintain our business activities, perform our tasks and provide our services.
2. Business analyses and market research
   We analyze the data available to us in order to operate our business economically and to identify market trends and the wishes of contractual partners, customers and donors. The analyses serve us alone and are not disclosed externally.
3. Contacting
   When contacting us (e.g. by contact form, email, telephone or via social media), the user’s details are processed to handle the contact request and process it. The user’s details may be stored in a customer relationship management system (“CRM system”) or comparable inquiry organization.
4. Address correction
   Due to relocation, a postal or address error, errors may occur in the delivery of our monthly magazine. In such cases, we use an address research service to prevent further incorrect deliveries and thus save unnecessary postage costs. For such manual address updates, we add the e-mail address, telephone number and date of birth to the contact details of our subscribers. This enables us to contact you in special cases and to send you age-specific information.

B. General data protection information

1. What is personal data and what data do we process?
   Personal data is information that can be used to identify you. Anugerah processes the following data:
   – Inventory data (names, addresses)
   – Contact data (e-mail, telephone numbers)
   – Content data (messages, letters, contact journal)
   – Contract data (invoices, delivery bills)
   – Donation and payment data (bank details, payment history)
   As a donor, customer, visitor or user of our online offer, personal data is therefore stored and processed by us.
2. What do we store and use personal data for?
   Anugerah stores and uses personal data for the following reasons:
   – Provision of contractual services
   – Communication and customer care
   – Provision of the online offering, its functions and content
   – Security measures
   – Reach measurement, marketing and advertising
3. What is the legal basis for our data processing?
   If we process data of users from the EU/EEC, the legal basis of the GDPR applies. Otherwise, we process the data on the basis of Swiss law.
4. How do we protect your personal data?
   We take the necessary measures to ensure an appropriate level of protection for your data, taking into account the state of the art, the implementation costs and the varying probability of occurrence and severity of the risk. These measures include, in particular, protection against unauthorized access by third parties. In the event of a security breach in our system, we will inform the persons concerned and the competent authorities.
   In the case of new hardware and software, we take the protection of personal data into account as early as the evaluation stage, and the aim of every commissioning of such systems is to achieve data protection-friendly default settings.
5. With whom do we share your personal data?
   If we transfer data to other persons and companies as part of our processing or otherwise grant them access to the data, this will only take place on the basis of legal permission (e.g. if the transfer of data to third parties, such as payment service providers, is necessary to fulfill the contract), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).

5.1 Is data also transferred to companies outside the CH/EU?
If we process data in a third country (i.e. outside Switzerland, the EU or the EEA), this is only done on the basis of special guarantees, such as the officially recognized determination of a level of data protection corresponding to the EU (e.g. for the USA through the “Privacy Shield”) or compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”).

6. What rights do I have as soon as my data is processed by Anugerah?
   – You have the right to object to future processing of your data and to revoke your consent informally at any time.
   – You have the right to request confirmation as to whether the data in question is being processed.
   – You have the right to request the completion of data concerning you or the correction of incorrect data concerning you.
   – You have the right to demand that the data in question be deleted or, alternatively, to demand that the processing of the data be restricted.
   – You have the right to request to receive the data concerning you that you have provided to us and to request its transmission to other controllers.
   – You also have the right to lodge a complaint with the competent supervisory authority.
7. Will my personal data be completely deleted in any case?
   If the data cannot be deleted because it is required for other and legally permissible purposes, its processing will be restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.

C. Data protection in connection with our online offering

1. Cookies
   Cookies are pieces of information that are transferred from web servers to users’ web browsers and stored there for later retrieval. Cookies can be small files or other types of information storage.
   We use “session cookies”, which are only stored for the duration of the current visit to our online presence (e.g. to enable the storage of your login status or the shopping cart function and thus the use of our online offer at all). A randomly generated unique identification number, a so-called session ID, is stored in a session cookie. In addition, a cookie contains information about its origin and the storage period. These cookies cannot store any other data. Session cookies are deleted when you have finished using our online offer and, for example, log out or close the browser.
   If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Saved cookies can be deleted in the browser’s system settings. The exclusion of cookies can lead to functional restrictions of our online offers.
   You can object to the use of cookies used for online marketing via the deactivation page of the Network Advertising Initiative(http://optout.networkadvertising.org/) and additionally the US website(http://www.aboutads.info/choices) or the European website(http://www.youronlinechoices.com/uk/your-ad-choices/).
2. Order processing in the online store and user account
   We process the data of our customers as part of the ordering processes in our online store in order to enable them to select and order the selected products and services, as well as their payment and delivery, or execution.
   The processed data includes inventory data, communication data, contract data, payment data and the persons affected by the processing include our customers, interested parties and other business partners. The processing is carried out for the purpose of providing contractual services in the context of operating an online store, billing, delivery and customer services.
   Users can optionally create a user account, in which they can view their orders in particular. As part of the registration process, users are provided with the required mandatory information. User accounts are not public and cannot be indexed by search engines. If users have terminated their user account, their data will be deleted with regard to the user account, unless their retention is necessary for commercial or tax law reasons.
3. Integration of third-party services and content
   We use content or service offers from third-party providers within our online offer on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer) in order to make their content and services, such as videos or fonts, available to the user. This always assumes that the third-party providers of this content are aware of the user’s IP address, as they would not be able to send the content to the user’s browser without the IP address. We endeavor to only use content whose respective providers only use the IP address to deliver the content.
   The following overview shows the third-party services used as part of our online offering.
   – External fonts, maps from the “Google Maps” service, videos from the “YouTube” platform of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
   – Videos from the “Vimeo” platform of Vimeo Inc., Attention: Legal Department, 555 West 18th Street New York, New York 10011, USA
   – Audios from the “Soundcloud” platform of SoundCloud Limited, Rheinsberger Str. 76/77, 10115 Berlin, Germany
   – External code of the JavaScript framework “jQuery”, provided by the third-party provider jQuery Foundation, https://jquery.org
4. Newsletter
   By subscribing to our newsletter, you agree to receive it and to the procedures described. We only send newsletters and other electronic notifications with advertising information (hereinafter “newsmail”) with the consent of the recipient.
   Registration for our newsmail takes place using the double opt-in procedure. This means that after registering, you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that no one can register with other people’s e-mail addresses. Subscriptions to Newsmail are logged so that the registration process can be verified in accordance with legal requirements.
   To register for Newsmail, it is sufficient to enter your e-mail address. Optionally, we ask you to enter a name in the newsmail so that we can address you personally.
   The newsmail and the associated performance measurement are sent on the basis of the recipient’s consent or, if consent is not required, on the basis of our legitimate interests in direct marketing.
   Cancellation/revocation – You can cancel the receipt of our newsmail at any time, i.e. revoke your consent. You will find a link to unsubscribe from the newsletter at the end of each newsletter. We may store the unsubscribed email addresses for up to three years before deleting them in order to be able to prove that consent was previously given.
   4.1 Newsmail – Mailchimp
   The newsmail is sent using the mailing service provider “MailChimp”, a newsletter mailing platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. You can view the privacy policy of the mailing service provider here: https://mailchimp.com/legal/privacy/. The Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with the European level of data protection.
   The mailing service provider may use the data of the recipients in pseudonymous form, i.e. without assignment to a user, to optimize or improve its own services, e.g. for the technical optimization of the dispatch and presentation of the newsmail or for statistical purposes. However, the mailing service provider does not use the data of our newsmail recipients to write to them itself or to pass the data on to third parties.

4.2 Newsmail – measuring success
The Newsmail contains a so-called “web-beacon”, i.e. a pixel-sized file that is retrieved from our server when the Newsmail is opened or, if we use a mailing service provider, from their server. As part of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and time of retrieval, is initially collected.
This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined using the IP address) or the access times. Statistical surveys also include determining whether the newsmail is opened, when it is opened and which links are clicked. For technical reasons, this information can be assigned to individual newsmail recipients. However, it is neither our intention nor, if used, that of the mailing service provider to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

5. Collection of access data and log files
   We, or our hosting provider, collect data about every access to the server on which this service is located (so-called server log files) on the basis of our legitimate interests. The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.
   log file information is stored for a maximum of 7 days for security reasons (e.g. to investigate misuse or fraud) and then deleted. Data whose further storage is required for evidentiary purposes is excluded from deletion until the respective incident has been finally clarified.
6. Google Analytics
   We use Google Analytics, a web analysis service of Google LLC, on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer). Google uses cookies. The information generated by the cookie about the use of the online offer by the user is usually transmitted to a Google server in the USA and stored there.
   Google is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law. Google will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on the activities within this online offer and to provide us with further services associated with the use of this online offer and the use of the Internet. Pseudonymous user profiles can be created from the processed data.
   We only use Google Analytics with activated IP anonymization. This means that the IP address of users is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there.
   The IP address transmitted by the user’s browser is not merged with other Google data. Users can prevent the storage of cookies by setting their browser software accordingly; users can also prevent the collection of data generated by the cookie and related to their use of the online offer to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
   For more information about Google’s use of data, setting and objection options, please refer to Google’s privacy policy(https://policies.google.com/technologies/ads) and the settings for the display of advertisements by Google(https://adssettings.google.com/authenticated).
7. Google AdWords and conversion measurement
   We use the online marketing process Google “AdWords” to place ads in search results in the Google advertising network (e.g. in search results, in videos, on websites, etc.) so that they are displayed to users who are presumed to be interested in the ads. This allows us to display ads for and within our online offering in a more targeted manner in order to present users only with ads that potentially match their interests. If, for example, a user is shown ads for products that they have shown an interest in on other online offers, this is referred to as “remarketing”. For these purposes, when our and other websites on which the Google advertising network is active are accessed, a code from Google is executed directly by Google and so-called (re)marketing tags (invisible graphics or code, also known as “web beacons”) are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on the user’s device (comparable technologies can also be used instead of cookies). This file records which websites the user has visited, which content they are interested in and which offers the user has clicked on, as well as technical information about the browser and operating system, referring websites, visiting time and other information about the use of the online offer.
   We also receive an individual “conversion cookie”. The information collected with the help of the cookie is used by Google to create conversion statistics for us. However, we only receive the anonymous total number of users who clicked on our ad and were redirected to a page with a conversion tracking tag. However, we do not receive any information with which users can be personally identified.
   User data is processed pseudonymously within the Google advertising network. This means that Google does not store and process the user’s name or email address, for example, but processes the relevant data in relation to cookies within pseudonymous user profiles. This means that, from Google’s perspective, the ads are not managed and displayed for a specifically identified person, but for the cookie owner, regardless of who this cookie owner is. This does not apply if a user has expressly allowed Google to process the data without this pseudonymization. The information collected about the user is transmitted to Google and stored on Google’s servers in the USA.
   Further information on the use of data by Google, setting and objection options, can be found in Google’s privacy policy(https://policies.google.com/technologies/ads) and in the settings for the display of advertisements by Google(https://adssettings.google.com/authenticated).
8. Online presence in social media
   We maintain online presences within social networks and platforms in order to communicate with customers, interested parties and users active there and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply.
   Unless otherwise stated in our privacy policy, we process users’ data if they communicate with us within the social networks and platforms, e.g. write posts on our online presences or send us messages.