We use this privacy policy to inform you about which personal data we process in connection with our activities and operations. In particular, we inform you about what personal data we process, for what purpose, how, and where. We also provide information about the rights of individuals whose data we process.

Additional privacy policies and other legal documents, such as general terms and conditions (GTC), terms of use, or participation conditions, may apply to specific or additional activities and operations.

We are subject to Swiss data protection law, as well as any applicable foreign data protection laws. The European Commission recognizes that Swiss data protection law ensures an adequate level of data protection.

​

1. Contact Addresses
Responsible for the processing of personal data:
Verein YWAM Olten
Reiserstrasse 89
CH-4600 Olten
ywamolten@gmail.com
 

Data Protection Officer
We have appointed the following Data Protection Officer as a point of contact for affected individuals and as a liaison for supervisory authorities regarding data protection inquiries:
Samara Loosli
Verein YWAM Olten
Reiserstrasse 89
CH-4600 Olten
samara.loosli@yahoo.com

 

2. Terms and Legal Basis

2.1 Terms
Personal data refers to any information relating to an identified or identifiable person. A data subject is a person about whom personal data is processed.

Processing includes any handling of personal data, regardless of the methods or means used, in particular storing, disclosing, obtaining, collecting, deleting, saving, modifying, destroying, and using personal data.

 

2.2 Legal Basis
We process personal data in accordance with Swiss data protection law, in particular the Federal Act on Data Protection (FADP) and the Ordinance to the Federal Act on Data Protection (OFADP).

To the extent that the General Data Protection Regulation (GDPR) is applicable, we process personal data based on at least one of the following legal grounds:

• Art. 6(1)(b) GDPR – for the necessary processing of personal data to perform a contract with the data subject and to carry out pre-contractual measures.

• Art. 6(1)(f) GDPR – for the necessary processing of personal data to protect the legitimate interests of ourselves or third parties, provided that the fundamental freedoms, rights, and interests of the data subject do not override them. Legitimate interests include, in particular, our interest in conducting and communicating our activities in a continuous, user-friendly, secure, and reliable manner, ensuring information security, preventing misuse, enforcing our legal claims, and complying with Swiss law.

• Art. 6(1)(c) GDPR – for the necessary processing of personal data to comply with a legal obligation to which we are subject under applicable law of European Economic Area (EEA) member states.

• Art. 6(1)(e) GDPR – for the necessary processing of personal data to perform a task carried out in the public interest.

• Art. 6(1)(a) GDPR – for the processing of personal data based on the consent of the data subject.

• Art. 6(1)(d) GDPR – for the necessary processing of personal data to protect the vital interests of the data subject or another natural person.

 

3. Type, Scope, and Purpose
We process personal data that is necessary to carry out our activities and operations in a continuous, user-friendly, secure, and reliable manner. Such personal data may, in particular, fall into categories such as master and contact data, browser and device data, content data, metadata, usage data, location data, sales data, and contract and payment data.

We process personal data for the duration necessary for the respective purpose(s) or as required by law. Personal data that is no longer necessary for processing will be anonymized or deleted.

We may have personal data processed by third parties. We may process personal data jointly with third parties or transmit it to third parties. These third parties include, in particular, specialized service providers whose services we utilize. We ensure data protection even with such third parties.

We process personal data only with the consent of the data subject, unless processing is permitted for other legal reasons. Processing without consent may, for example, be permissible to fulfill a contract with the data subject and for related pre-contractual measures, to protect our overriding legitimate interests, if the processing is apparent from the circumstances, or after prior information.

Within this framework, we particularly process information that a data subject voluntarily provides when contacting us—e.g., via postal mail, email, instant messaging, contact form, social media, or telephone—or when registering for a user account. Such information may be stored, for example, in an address book, a Customer Relationship Management (CRM) system, or comparable tools. If we receive data about other persons, the submitting persons are responsible for ensuring data protection toward these individuals and for verifying the accuracy of the personal data.

We also process personal data that we obtain from third parties, acquire from publicly accessible sources, or collect during the exercise of our activities, insofar as such processing is legally permitted.

 

4. Applications
We process personal data of applicants to the extent necessary to assess suitability for training programs or volunteering work. The necessary personal data is derived, in particular, from the requested information. We also process personal data that applicants voluntarily provide or publish, particularly as part of cover letters, resumes, other application documents, or online profiles.

To the extent that the General Data Protection Regulation (GDPR) is applicable, we process personal data of applicants particularly in accordance with .

 

5. Personal Data Abroad
We generally process personal data in Switzerland. However, we may also export or transmit personal data to other countries, in particular for processing or having it processed there.

We may export personal data to any country or territory on Earth or elsewhere in the universe, provided that, according to the assessment of the Swiss Federal Data Protection and Information Commissioner (FDPIC) or by decision of the Swiss Federal Council, adequate data protection is ensured, and—if the GDPR is applicable—adequate data protection is ensured according to a decision by the European Commission.

We may transfer personal data to countries whose laws do not provide adequate data protection, provided that data protection is ensured by other means, in particular on the basis of standard contractual clauses or other suitable safeguards. Exceptionally, we may export personal data to countries without adequate or suitable data protection if the special data protection requirements are met, for example, the explicit consent of the data subjects or a direct connection with the conclusion or execution of a contract. We will gladly provide information to data subjects upon request about any safeguards in place or supply a copy of such safeguards.

 

6. Rights of Data Subjects
Data subjects whose personal data we process have rights under Swiss data protection law. These include the right to access their personal data as well as the right to correct, delete, or block processed personal data.

To the extent that the General Data Protection Regulation (GDPR) is applicable, data subjects may request, free of charge, confirmation as to whether we are processing their personal data. In this case, they may request access to the processing of their personal data, restrict processing, exercise their right to data portability, and have their personal data corrected, deleted (“right to be forgotten”), blocked, or completed.

To the extent that the GDPR is applicable, data subjects may withdraw any consent previously given at any time with effect for the future and may object at any time to the processing of their personal data.

Data subjects whose personal data we process also have the right to lodge a complaint with the competent supervisory authority. In Switzerland, the supervisory authority for data protection is the Federal Data Protection and Information Commissioner (FDPIC).

 

7. Data Security
We implement appropriate technical and organizational measures to ensure data security proportionate to the respective risk. However, we cannot guarantee absolute data security.

Access to our website is secured via transport encryption (SSL/TLS, in particular using Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers indicate transport encryption with a padlock in the address bar.

Our digital communications are subject—as is generally the case with all digital communications—to mass surveillance without cause or suspicion, as well as other monitoring by security authorities in Switzerland, across Europe, in the United States of America (USA), and in other countries. We have no direct influence over the corresponding processing of personal data by intelligence services, police authorities, or other security agencies.

 

8. Use of the Website

8.1 Cookies
We may use cookies. Cookies—both first-party cookies (our own) and third-party cookies (from services we use)—are data stored in the browser. Such stored data is not necessarily limited to traditional text-based cookies.

Cookies may be stored temporarily as “session cookies” or for a specific period as so-called permanent cookies. Session cookies are automatically deleted when the browser is closed. Permanent cookies have a defined storage period. Cookies enable, for example, recognizing a browser upon a subsequent visit to our website, which can help measure the reach of our website. Permanent cookies may also be used, for instance, for online marketing.

Cookies can be disabled or deleted entirely or partially in the browser settings at any time. Without cookies, our website may not be fully available. We actively request explicit consent for the use of cookies, at least insofar as necessary.

For cookies used for performance, reach measurement, or advertising, many services provide a general opt-out via AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance), or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).

 

8.2 Server Log Files
For each access to our website, we may record the following information, provided it is transmitted by your browser to our server infrastructure or can be determined by our web server: date and time including time zone, Internet Protocol (IP) address, access status (HTTP status code), operating system including user interface and version, browser including language and version, the specific subpage accessed including data volume transmitted, and the last webpage visited in the same browser window (referrer).

We store such information, which may also constitute personal data, in server log files. This information is necessary to provide our website in a continuous, user-friendly, and reliable manner and to ensure data security, particularly the protection of personal data—including by third parties or with the help of third parties.

 

8.3 Tracking Pixels
We may use tracking pixels on our website, also called web beacons. Tracking pixels—including those from third parties whose services we use—are small, usually invisible images automatically retrieved when visiting our website. Tracking pixels allow the collection of the same information as server log files.

 

9. Social Media
We maintain a presence on social media and other online platforms to communicate with interested individuals and inform them about our activities. In connection with such platforms, personal data may also be processed outside Switzerland and the European Economic Area (EEA).

The terms and conditions, privacy policies, and other provisions of the respective platform operators also apply. These provisions provide information on the rights of data subjects directly with the platform, including the right to access data.

For our presence on Facebook, including so-called Page Insights, we are—where the GDPR is applicable—jointly responsible with Meta Platforms Ireland Limited (Ireland). Meta Platforms Ireland Limited is part of the Meta group (including in the USA). Page Insights provide information on how visitors interact with our Facebook presence. We use Page Insights to ensure our Facebook presence is provided effectively and user-friendly.

Further information on the type, scope, and purpose of data processing, the rights of data subjects, as well as the contact details of Facebook and its Data Protection Officer, can be found in Facebook’s privacy policy. We have concluded the so-called “Controller Addendum” with Facebook, agreeing that Facebook is responsible for ensuring the rights of data subjects. Details on Page Insights can be found on the page “About Page Insights,” including “About Page Insights Data.”

 

10. Third-Party Services
We use services from specialized third parties to carry out our activities and operations in a continuous, user-friendly, secure, and reliable manner. These services allow us, among other things, to embed functions and content into our website. When embedding such content, the services used may, for technically necessary reasons, temporarily collect the Internet Protocol (IP) addresses of users.

For necessary security-related, statistical, and technical purposes, third parties whose services we use may process data related to our activities and operations in an aggregated, anonymized, or pseudonymized form. This may include performance or usage data, for example, to provide the respective service.

We use, in particular:

• Google services: Providers: Google LLC (USA) / Google Ireland Limited (Ireland) for users in the European Economic Area (EEA) and Switzerland; general privacy information: “Privacy & Security Principles,” Privacy Policy, “Google is committed to complying with applicable data protection laws,” “Privacy Guide for Google Products,” “How we use data from websites or apps where our services are used” (information from Google), “Types of cookies and other technologies used by Google,” “Personalized advertising” (activation / deactivation / settings).

• Microsoft services: Providers: Microsoft Corporation (USA) / Microsoft Ireland Operations Limited (Ireland) for users in the EEA, the United Kingdom, and Switzerland; general privacy information: “Privacy at Microsoft,” “Privacy (Trust Center),” Privacy Policy.

​

10.1 Audio and Video Conferences
We use specialized services for audio and video conferences to communicate online. This allows us, for example, to hold virtual meetings or conduct online classes and webinars. Participation in audio and video conferences is also subject to the legal texts of the respective services, such as privacy policies and terms of use.

Depending on your situation, we recommend muting your microphone by default and using a blurred or virtual background when participating in audio or video conferences.

We use, in particular:

• Zoom: Video conferencing; provider: Zoom Video Communications Inc. (USA); privacy information: Privacy Policy, “Privacy at Zoom,” “Compliance Center.”

• WhatsApp: Platform for messaging, audio, and video communication; provider: WhatsApp Inc. (USA); privacy information: Privacy Policy, “Privacy and Security on WhatsApp.”

 

10.2 Digital Audio and Video Content
We use services from specialized third parties to enable the direct playback of digital audio and video content, such as music or podcasts.

We use, in particular:

• YouTube: Video platform; provider: Google; YouTube-specific privacy information: “Privacy & Security Center,” “My Data on YouTube.”

 

11. Final Provisions
We may amend or supplement this privacy policy at any time. We will inform users of such amendments and supplements in an appropriate manner, in particular by publishing the current version of the privacy policy on our website.