Privacy Policy

 

1. Controller 

Global Alliance – Cities for Children
Sihlquai 253
8005 Zurich
info@cities4children.org

2. Data processing by the cities4children.org website 

2.1. Visiting our website
Our server temporarily records every visit to our website in a log file. Until the log file is automatically deleted, it records, among other things, the IP address from which you visited our site, the date and time of your visit, the name and URL of the file you viewed, the website from which you came (referrer URL), your computer’s operating system, the type and version of your browser as well as the country from which you visited our website.
These data are generally collected and processed in anonymised form and without personal reference for the purpose of enabling you to visit our website (connection establishment), ensuring sustained security and stability of the system and optimising our online service as well as for internal statistical purposes. The above-mentioned information is neither linked nor stored together with personal data.
It is only in the event of an attack on our network’s infrastructure or if we suspect any other prohibited or improper use of our website that a users’ IP addresses may be analysed for intelligence and defence purposes and, if necessary, used in criminal proceedings for identification as well as for civil and criminal actions against the users in question.
Our legitimate interest lies in the above-mentioned purposes according to Art. 6 Para. 1 lit. f) GDPR.

2.2 Contact
If you contact us (e.g. via the contact form, blog submission form, email, social media), your user data are used to process your contact request according to Art. 6 Para. 1 lit. b) (contractual or precontractual relationships) and Art. 6 Para. 1 lit. f) (other requests) GDPR. User data may be stored in a customer relationship management system (CRM system) or a comparable request management system. The statutory storage obligations apply.

2.3 Cookies
This website uses cookies to improve your experience while you navigate through the website. Cookies are small files stored on your computer by your browser. Several types of information can be recorded in a cookie. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyse and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
If you do not wish to have cookies stored on your device, you can deactivate the corresponding setting options in your browser’s system settings. Stored cookies can also be deleted in your browser’s system settings. If you prevent or restrict the installation of cookies, not all of the functions on our site may be fully usable.

2.4. Newsletter
2.4.1. Newsletter dispatch
The information below refers to the content of our newsletter, the procedures for subscription, dispatch and statistical analysis as well as your right to object. By subscribing to our newsletter, you agree to receiving the newsletter and to the procedure described below. We dispatch newsletters, emails and other electronic messages containing advertisement information (hereinafter “newsletter”) only with your explicit consent or with legal permission. If the content of the newsletter is explicitly described in the subscription process, it is relevant for your consent. Furthermore, our newsletters contain information about our services and about us. Subscriptions to our newsletter are logged so that we can prove that the subscription process was carried out according to the legal provisions. This includes storage of the subscription and confirmation emails as well as your IP address. To subscribe to our newsletter, you only need to provide your email address. You also have the option to provide a name, country of residence, organisation and position so that we can address you personally in our newsletter. Dispatch of our newsletter and the corresponding performance measurement are executed on the basis of your consent according to Art. 6 Para. 1 lit. a) and Art. 7 GDPR. The subscription procedure is logged on the basis of our legitimate interest according to Art. 6 Para. 1 lit. f) GDPR. Our interest is focused on employing a user-friendly and secure newsletter system which serves our business interest whilst also complying with your expectations and allowing us to prove your consent. You can unsubscribe from our newsletter, that is, revoke your consent, at any time. There is a link for unsubscribing from the newsletter at the end of every newsletter. On the basis of our legitimate interest, we may store unsubscribed email addresses for up to three years before deleting them, in order to be able to prove a formerly given consent. Processing of these data is restricted to potential defence against claims. It is possible to make an individual deletion request if you confirm that consent had previously been given.

2.4.2 Newsletter dispatch provider: Mailchimp
You can find the provider’s data protection regulations here: https://mailchimp.com/legal/?_ga=2.234239966.1350642087.1617109986-1743459370.1599728911 The email marketing provider is employed on the basis of our legitimate interest according to. Art. 6 Para. 1 lit. f) GDPR and a processing contract according to Art. 28 Para. 3 (1) GDPR.

2.5 Hosting and email dispatch: HostPoint
You can find the provider’s data protection regulations here: https://www.hostpoint.ch/en/hostpoint/contact-gtc.html
The hosting services we use provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, email dispatch, security services as well as technical maintenance services, which we use to operate this online service. We and/or our hosting service provider process inventory data, contact data, content data, contractual data, usage data, meta and communication data of clients, interested parties and visitors to this online service on the basis of our legitimate interest in efficient and safe provision of this online service, according to Art. 6 Para 1 lit. f) GDPR, in conjunction with Art. 28 GDPR (conclusion of processing contract).

2.6 Collection of access data and log files
On the basis of our legitimate interest according to Art. 6 Para.1 lit. f) GDPR, we and/or our hosting service provider collect data on every access to the server on which this service is hosted (so-called server log files). The access data include the name of the accessed website, the file, the date and time at which you accessed the site, the data volume transmitted, a notification about successful access, the type and version of your browser, your computer’s operating system, the referrer URL (the website from which you came), your IP address and the provider from which you visited our site. Log file information is stored for a maximum of 7 days for security reasons (e.g. to investigate misuse or fraud) and is deleted afterwards. Data which need to be stored for a longer period of time for evidence purposes are exempt from deletion until the incident has been conclusively clarified.

2.7 Integration of third-party services and contents
On the basis of our legitimate interest (i.e. interest in the analysis, optimisation and economical operation of our online service according to Art. 6 Para. 1 lit. f) GDPR), we access third-party content or service offers within our online service to integrate their content and services, e.g. videos or fonts (hereinafter collectively referred to as “content”). This requires that the third-party providers of such content read your IP address, since they cannot send content to your browser without the IP address. Your IP address is thus required to display such content. We endeavour only to use content of providers which use your IP address merely to deliver said content. Third-party providers may also use so-called pixel tags (invisible graphics, also called web beacons) for statistical or marketing purposes. By using pixel tags, the providers can analyse information such as visitor traffic on the pages of this website. This pseudonymised information may also be recorded in cookies on your device and may contain, inter alia, technical information on your browser and operating system, referring websites, time of access as well as further information on your use of our online service, and may also be linked to information of this sort from other sources.

2.7.1 Google Analytics
On the basis of our legitimate interest (i.e. interest in the analysis, optimisation and economical operation of our online service according to Art. 6 Para. 1 lit. f) GDPR), we use Google Analytics, a web analysis service by Google LLC (“Google”). Google uses cookies. The information that the cookie records about your use of our online service is usually transmitted to and stored on a Google server in the USA. Google is certified under the Privacy Shield Framework and thus guarantees compliance with the European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). Google will use the above-mentioned information on our behalf to analyse visitors’ use of our online service, to compile reports on the activities within our online service, and to provide us with further services related to the use of this online service and the internet. This may include the creation of pseudonymised usage profiles on the basis of the processed data. We only use Google Analytics with active IP anonymisation. This means that Google truncates your IP address within EU member states or in other contracting member states of the European Economic Area. Only in exceptional cases will your complete IP address be transmitted to a Google server in the USA and be truncated there. Google does not merge the IP address transmitted by your browser with any other data. You can prevent storage of cookies by setting the corresponding preferences in your browser software. You can also refuse transmission of the data relating to your use of our online service, which are collected by the cookie, to Google as well as processing of these data by Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de. You can find further information on data use by Google, as well as settings and opt-out options, in Google’s privacy policy (https://policies.google.com/technologies/ads) and in Google’s ads settings (https://adssettings.google.com/authenticated). Your personal data are deleted or anonymised after 14 months.

2.7.2 Google Universal Analytics
We use Google Analytics in the Universal Analytics version. Universal Analytics is a version of Google Analytics which conducts user analysis on the basis of pseudonymised user IDs and thus creates a pseudonymised user profile with information from your use of different devices (so-called cross-device tracking).

2.7.3 Facebook Pixel, Custom Audiences and Facebook Conversion
Based on our legitimate interest in and for the purpose of analysis, optimisation and economical operation of our online service, we employ within our online service the so-called Facebook pixel of the social network Facebook, operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are resident in the EU, by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter “Facebook”). Facebook is certified under the Privacy Shield Framework and thus guarantees compliance with the European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active). With the help of the Facebook pixel, Facebook can add the visitors of our online service to certain target groups for ad display (so-called Facebook Ads). Accordingly, we use the Facebook pixel to display our Facebook ads only to those Facebook users who have shown interest in our online service or whose profiles have certain characteristics (e.g. interest in certain topics or products, as deduced from the websites they visited), which we transmit to Facebook (so-called Custom Audiences). With the help of the Facebook pixel, we would also like to ensure that our Facebook ads correspond to your potential interests and do not annoy you. The Facebook pixel furthermore helps us to trace the effect of Facebook ads for statistical and market analysis purposes by telling us whether you were referred to our website after clicking on a Facebook ad (so-called Conversion). Data processing by Facebook is based on Facebook’s data policy. You can find the corresponding general information about the display of Facebook ads in Facebook’s data policy: https://www.facebook.com/policy.php. Detailed information on the Facebook pixel and its function is available in Facebook’s help section: https://www.facebook.com/business/help/651294705016616. You can refuse data collection by the Facebook pixel and use of your data for the display of Facebook ads. To set your preferences regarding the types of ads displayed within Facebook, you can go to the Facebook settings site and follow the instructions on setting your preferences for usage-based ads: https://www.facebook.com/settings?tab=ads. These preferences are set independently of the platform used, i.e. they are adopted for all your devices such as desktop computers and mobile devices.

2.7.4 YouTube
We integrate videos from the platform YouTube by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, into our online service. Privacy policy: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.

2.7.5 Facebook social plugins
On the basis of our legitimate interest (i.e. interest in the analysis, optimisation and economical operation of our online service according to Art. 6 Para. 1 lit. f) GDPR), we use social plugins (“plugins”) from the social network facebook.com, operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). These plugins can display interaction elements or content (e.g. videos, graphics or texts), and you can recognise them by one of the Facebook logos (a white “f” in a blue square, the expression “like” or the “thumbs up” sign) or by the labelling “Facebook Social Plugin”. You can find a list of the Facebook social plugins including their appearance here: https://developers.facebook.com/docs/plugins/. Facebook is certified under the Privacy Shield Framework and thus guarantees compliance with the European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active). If you access a function of this online service that contains such a plugin, your device establishes a direct connection to the Facebook servers. The content of the plugin is directly transmitted to your device, and your device integrates it in the online service. This may include the creation of a pseudonymised usage profile on the basis of the processed data. We do not have any influence over the amount of data that Facebook collects with the help of this plugin and thus inform you in accordance with our level of knowledge. By integrating the plugins, Facebook receives the information that you accessed the corresponding site of our online service. If you are logged into Facebook, Facebook can link your visit of our website to your Facebook account. If you interact with plugins, for example by clicking the like button or leaving a comment, the corresponding information is transmitted directly to Facebook by your device and is recorded there. Even if you are not a Facebook member, Facebook may find out your IP address and record it. According to Facebook, Facebook only records anonymised IP addresses in Germany. You can read more about the purpose and extent of data collection as well as further processing and usage of data by Facebook and about the corresponding rights and settings options regarding protection of your privacy in Facebook’s privacy policy: https://www.facebook.com/about/privacy/. If you are a member of Facebook and do not want Facebook to collect data about you via this online service and to link it to your account data recorded with Facebook, you need to log out of Facebook before you access our online service and delete your cookies. You can set further preferences and opt out of data usage for advertising purposes in your Facebook account settings: https://www.facebook.com/settings?tab=ads or via the US site http://www.aboutads.info/choices/, or on the EU site http://www.youronlinechoices.com/. These preferences are set independently of the platform used, i.e. they are adopted for all your devices such as desktop computers and mobile devices.

2.7.6 Twitter
Functions and content of the service Twitter, operated by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, may be integrated in our online service. This may include, for example, content such as images, videos, texts and buttons with which users can share content from this online service on Twitter. If you are a member of the Twitter platform, Twitter can link your use of the above-mentioned content and functions to your Twitter profile. Twitter is certified under the Privacy Shield Framework and thus guarantees compliance with with the European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active). Privacy policy: https://twitter.com/de/privacy, opt-out: https://twitter.com/de/privacy.

2.7.7 Instagram
Functions and content of the service Instagram, operated by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA, may be integrated in our online service. This may include, for example, content such as images, videos, texts and buttons with which users can share content from this online service on Instagram. If you are a member of the Instagram platform, Instagram can link your use of the above-mentioned content and functions to your Instagram profile. Instagram’s privacy policy: http://instagram.com/about/legal/privacy/.

2.7.8 LinkedIn
Functions and content of the service LinkedIn, operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, may be integrated in our online service. This may include, for example, content such as images, videos, texts and buttons with which users can share content from this online service on LinkedIn. If you are a member of the LinkedIn platform, LinkedIn can link your use of the above-mentioned content and functions to your LinkedIn profile. LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy. LinkedIn is certified under the Privacy Shield Framework and thus guarantees compliance with the European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active). Privacy policy: https://www.linkedin.com/legal/privacy-policy, opt-out: https://twitter.com/de/privacy.

3. Online presence in social media

We maintain online presences within social networks and on platforms to communicate with our clients, interested parties and users who are active there and to inform them about our services. If you access the networks and platforms, the terms and conditions as well as the data handling policies of the respective providers apply. Unless stated otherwise in our privacy policy, we process your user data if you communicate with us within social networks and on platforms, e.g. if you post on our online presences or send us messages.

4. Collaboration with processors and third parties

If we disclose or transmit your data to third persons and companies (processors or third parties) within our processing procedures or grant them access to your data otherwise, this is carried out solely on the basis of legal authorisation (e.g. if the transfer of data to third parties such as payment service providers is necessary for the performance of a contract according to Art. 6 Para. 1 lit b) GDPR), if you have given your consent, if a legal provision stipulates this, or on the basis of our legitimate interest (e.g. if we employ representatives, web hosts etc.). If we contract third parties to process data based on a so-called processing contract, this is based on Art. 28 GDPR.

5. Transfer to third countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs due to our employment of third-party services or disclosure and/or transmission of data to third parties, this only happens if it is carried out for the performance of our (pre)contractual obligations, based on your consent, due to a legal requirement or based on our legitimate interest. Subject to legal or contractual permissions, we only process data, or have them processed, in third countries if special conditions according to Art. 44 et seq. GDPR apply. This means that the data are processed, for example, on the basis of special guarantees such as the officially recognised establishment of an EU-appropriate level of data protection (e.g. for the USA by the Privacy Shield) or considering officially recognised special contractual obligations (so-called standard contractual clauses).

6. Security measures

In accordance with Art. 32 GDPR and taking into account the state of the art, the cost of implementation, the nature, scope, context and purposes of processing as well as the risks of varying likelihoods and severity for the rights and freedoms of natural persons, we implement appropriate technical and organisational measures to provide a level of protection that is appropriate for the risk. These measures include, in particular, safeguarding confidentiality, integrity and availability of data by controlling physical access to the data as well as controlling access, input, and transfer of said data, securing data availability, and the separation of data. Moreover, we have established procedures to guarantee that data subjects can exercise their rights, that data are deleted and that we can react if data are at risk. We furthermore consider the protection of personal data already when developing or choosing hardware, software and procedures, according to the principle of data protection by technical design and by privacy-friendly default settings (Art. 25 GDPR).

7. Deletion of data

The data we process are deleted or their processing is limited in accordance with Art. 17 and Art. 18 GDPR. Unless explicitly stated otherwise in this data protection policy, we delete the data recorded once they cease to be required for their intended purpose and if no statutory storage obligations apply which contradict their deletion. If the data are not deleted because they are required for other, legally permissible purposes, their processing is restricted. This means that the data are locked and are not processed for other purposes. This applies, for instance, to data which need to be stored for commercial or fiscal reasons.

8. Rights of the data subjects

You have the right to obtain confirmation as to whether your personal data are being processed and to obtain information on these data as well as further information and a copy of the data according to Art. 15 GDPR. According to Art. 16 GDPR, you have the right to demand completion of incomplete personal data or rectification of inaccurate personal data. In accordance with Art. 17 GDPR, you have the right to obtain immediate erasure of your personal data, or alternatively, in accordance with Art. 18 GDPR, to obtain restriction of processing. You have the right to receive your personal data which you have made available to us according to Art. 20 GDPR and to demand transmission of these data to other controllers. You furthermore have the right to lodge a complaint with a supervising authority according to Art. 77 GDPR.

8.1 Withdrawal of consent
You have the right to withdraw your given consent according to Art. 7 Para. 3 GDPR, taking effect for future processing.

8.2 Right to object
You can object future processing of your personal data at any time, according to Art. 21 GDPR. In particular, you have the right to object to processing for direct marketing purposes.

 

Read our Terms and Conditions

Last update: March 2021