This Data Privacy Statement is aligned with the Federal Act on Data Protection (FADP) and the General Data Protection Regulation (GDPR) of the European Union (EU). However, the application of these laws depends on each individual case. The European Commission recognises that Swiss data protection legislation provides an adequate level of protection. This Data Privacy Statement is not necessarily a comprehensive description of our data processing. For specific or additional services, special, supplementary or further data privacy statements as well as other legal documents such as terms of use or participation requirements may apply.
1. Contact addresses
Controller of the processing of personal data:
Swiss 3RCC Directorate
c/o University of Bern
Hochschulstrasse 6
CH-3012 Bern
Email: info@swiss3rcc.org
2. Processing of personal data
2.1 Legal framework
We process personal data in accordance with Swiss data protection law and in particular with the Federal Act on Data Protection (FADP) and the Ordinance on Data Protection (DPO) and the GDPR.
In instances where the GDPR applies, we process personal data in accordance with at least one of the following legal principles:
- Article 6 paragraph 1 letter a GDPR for processing personal data with the affected person’s consent.
- Article 6 paragraph 1 letter b of the GDPR for the necessary processing of personal data to fulfil a contract with the affected person, and to conduct pre-contractual measures.
- Article 6 paragraph 1 letter c GDPR for the necessary processing of personal data to fulfil any legal obligations we may have with respect to applicable laws of the European Union or the Swiss Confederation.
- Article 6 paragraph 1 letter d GDPR for personal data processing that is necessary for safeguarding vital interests of the affected person or another natural person.
- Article 6 paragraph 1 letter e of the GDPR for the necessary processing of personal data to perform tasks that are in the public interest.
- Article 6 paragraph 1 letter f GDPR for the necessary processing of personal data to protect our valid interests or those of third parties in cases where the fundamental freedoms and basic rights and interests of the affected persons do not take precedence. Valid interests are, in particular, our interest in providing, and if necessary, advertising, our services sustainably, securely, reliably and in a user-friendly format; information security and protection against misuse and unauthorised use; assertion of our own legal claims; and compliance with Swiss law.
2.2 Nature, scope and purpose
Within this framework, we process in particular data that affected persons send us themselves and of their own volition, for example using postal mail, email, contact forms, social media, telephone, or in response to a call for proposals. We may store such data for example in an address book or in a customer relationship management (CRM) system or using comparable tools. If you transmit personal data about third parties, you will be obliged to ensure such data are protected and correct.
If you provide us with personal data of other persons (such as family members, work colleagues), please make sure the respective persons are aware of this Data Privacy Statement and only provide us with their data if you are allowed to do so and such personal data is correct.
Such personal data may, in particular, fall into the data categories of inventory data, registration data, contact and communication data (in particular email address, address, telephone number), browser and appliances data, content data, metadata or peripheral data as well as usage data, location data and contractual and payment data.
We process the personal data that are required so that we can provide our services sustainably, securely, reliably and in a user-friendly format. We primarily use collected data in order to conclude and process communication and contracts with our clients as well as in order to comply with our domestic and foreign legal obligations. In addition, in line with applicable law and where appropriate, we may process personal data and personal data of third parties for the following purposes, which are in our (or, as the case may be, any third parties’) legitimate interest, such as:
- providing and developing our products, services and websites, apps and other platforms, on which we are active;
- advertisement and marketing (including organizing events), provided that you have not objected to the use of your data for this purpose (if you are part of our customer base and you receive our advertisement, you may object at any time and we will place you on a blacklist against further advertising mailings);
- ensuring our operation, including our IT, our websites, apps and other appliances.
In principle, we always obtain the consent of the affected persons, unless the processing is permissible for other legal reasons, for example due to legal requirements to honour a contract entered into with the affected person and for the purpose of taking corresponding pre-contractual measures; to protect our overriding legitimate interests; because the data processing is obvious in the given circumstances; or after the affected person has been informed in advance.
If affected persons have given us their consent to process their personal data for certain purposes (for example when registering to our website portal), we will process the personal data within the scope of and based on this consent, unless we have another legal basis, provided that we require one. Consent given can be withdrawn at any time, but this does not affect data processed prior to withdrawal.
In addition, we process personal data that we receive from third parties, obtain from publicly accessible sources or collect while fulfilling our tasks, to the extent that such processing is legally permissible. Apart from data affected persons provided to us directly, the categories of data we receive about affected persons from third parties may include, but are not limited to, information in connection with their professional role and activities, information about them in correspondence and discussions with third parties, information from other business partners for the purpose of ordering or delivering services to them or by them (e.g., payments made, previous bookings), information about them found in the media or internet (insofar as indicated in the specific case), your address (for marketing purposes), data in connection with their use of our websites (e.g., IP ad-dress, MAC address of your smartphone or computers, information regarding your device and settings, cookies, date and time of your visit, sites and content retrieved, applications used, referring website, localization data).
We process and retain personal data as long as required for the performance of our contractual obligation and compliance with legal obligations or other purposes pursued with the processing. Personal data may be retained for the period during which claims can be asserted against our company or insofar as we are otherwise legally obliged to do so or if legitimate business interests require further retention (e.g., for evidence and documentation purposes). As soon as personal data are no longer required for the above-mentioned purposes, they will be deleted or anonymized, to the extent possible. In general, shorter retention periods of no more than twelve months apply for operational data (e.g., system logs).
In the context of our business relationship you must provide us with any personal data that is necessary for the conclusion and performance of a business relationship and the performance of our contractual obligations (as a rule, there is no statutory requirement to provide us with data). Without this information, we will usually not be able to communicate or enter into or carry out a contract with you (or the entity or person you represent). In addition, the website cannot be used unless certain information is disclosed to enable data traffic (e.g. IP address).
Personal data from job applications are processed only to the extent necessary to evaluate someone’s employability or in view of any subsequent employment contract. The personal data needed to conduct an application process are derived from the data requested or provided, for example within the scope of a job description. Applicants have the option to transmit further data linked to their application.
2.3 Processing of personal data by third parties, including abroad
We may have personal data processed by third parties or process such data together with them or with their aid or transmit them to third parties. Such third parties are, in particular, providers whose services we use and contractual partners including customers, for example, event organisers and hosts. We guarantee an adequate level of protection for data made available to such third parties.
Such third parties are in principle based in Switzerland or in the European Economic Area (EEA). However, they may also be located in any other country worldwide, provided their data protection laws according to the assessment of the Federal Data Protection and Information Commissioner (FDPIC) and, where the GDPR applies, according to the assessment of the European Commission guarantee an adequate level of data protection, or if an appropriate level of data protection is guaranteed for other reasons, e.g. based on a corresponding contractual agreement, notably on the basis of standard contractual clauses, or through a corresponding certification. In exceptional cases, such a third party may be located in a country that does not offer an adequate level of data protection, provided the corresponding legal data protection requirements, e.g. obtaining the express consent of the affected person, are met.
2.4 Newsletter
If you subscribe to our newsletter, you will receive an email containing a hyperlink immediately after signing up. By clicking on said link you confirm your subscription (double opt-in process). If you do not click on the link we will delete your email address from our temporary list and no subscription will be made.
If you confirm your subscription, you give us permission to save your email address including the date and time of signing up, your IP address as well as the selected newsletters. We only use your email address and personal data to manage and send the selected newsletter in the selected periodicity.
Our newsletters may contain visible or hidden counters, third party ads or links to external websites that are not directly connected to the content in the newsletter.
Each newsletter contains a reference on how to unsubscribe from the newsletter.
2.5 Contact form
If you fill out a contact form, send us an email or another form of electronic message, your data will only be used to process your inquiry and possible further questions you might have.
We will delete your personal data after completing your inquiry.
2.6 Website Portal
If you subscribe to our event portal you will receive an email containing a hyperlink immediately after signing up. By clicking on said link you confirm your subscription (double opt-in process). If you do not click on the link we will delete your email address from our temporary list and no subscription will be made.
If you confirm your subscription you give us permission to save your email address, contact information including the date and time of signing up, your IP address as well as the selected events. We only use your email address and personal data to manage and our events.
You can delete your account in the settings after logging in.
3. Rights of affected persons
Affected persons whose personal data we process have specific rights under Swiss data protection law. This includes the right of information and the right of correction, deletion or blocking of the processed data.
Affected persons whose data we process may – if and insofar as the GDPR applies – demand confirmation as to whether we process their personal data and, if we do, demand information about the processing of their personal data, limit the processing of their personal data, assert their right to data transmission and correct, delete (“right to be forgotten”), block or complete their personal data.
Affected persons whose personal data we process may – if and insofar the GDPR applies – revoke their consent at any time with effect for the future and raise objections against the processing of their personal data at any time.
Affected persons whose personal data we process have a right of appeal before a responsible regulatory body. The regulatory body for data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC)
4. Data Security
We take appropriate and suitable technical and organisational measures to guarantee data protection and, in particular, data security. Despite these measures, however, the processing of personal data on the internet is prone to security breaches. Therefore, we cannot guarantee absolute data security.
Access to our websites is via transport encryption (SSL/TLS, specifically with the Hypertext Transfer Protocol Secure, abbreviated as HTTPS). Most browsers display a padlock icon in the address bar to indicate transport encryption.
5. Using our websites
5.1 Cookies
We may use cookies and similar techniques for our websites, which allow for an identification of your browser or device. Cookies – both our own (first-party cookies) and those of third parties whose services we use (third-party cookies) – consist of data in text form that are saved in your browser. Cookies cannot execute any programmes, nor can they transmit malware such as trojans or viruses.
When you visit one of our websites, cookies as “session cookies” may be saved temporarily in your browser or for a specified period as “permanent cookies”. Session cookies are automatically deleted when you close your browser. Permanent cookies enable recognition of returning visitors to our websites, thereby also measuring their reach, for example. Permanent cookies may also, for example, be used for saving user configuration, in order to understand how you use our services and content and for online marketing.
You can deactivate or delete cookies in your browser settings at any time fully or partially. Without cookies you may not be able to make full use of our websites. We will proactively ask for your consent for the use of cookies if and insofar as this is necessary.
For cookies used to measure success and reach, or for advertising purposes, an overall “opt out” is possible via the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).
Our website might use cookies related to third-party services (forms, interactive maps, e-commerce, multilingual site, etc.). You can control the cookies used via cookie-script.com.
5.2 Server log files
Each time one of our websites is accessed, we may register the following data should they be transmitted to our server infrastructure by your browser or should they be identifiable via our web browsers: data and time including time zone, IP address, HTTP status code, operating system including user interface and version, browser including language and version, individual pages opened on our websites including amount of data transmitted, and website last visited in the current browser window (referrer).
We save such data, which may also constitute personal data, in server log files. These data are necessary to ensure that our websites remain user-friendly and reliable, and to guarantee data security, notably the protection of personal data – also through third parties or with the aid of third parties.
6. Notifications and messages
We send notifications and messages, for example newsletters and by email.
6.1 Measuring success and reach
Notifications and messages may contain weblinks or tracking pixels which record whether a specific message was opened and which weblinks were clicked. Such weblinks can also collect personalised information about the use of notifications and messages. We need these usage statistics to measure our success and reach so that we can effectively, sustainably, securely and reliably offer user-friendly notifications and messages based on the needs and reading habits of the recipients.
6.2 Consent and objection
We in principle request your express consent to the use of your email address and other contact addresses, unless their use is permitted on other legal grounds. If permission is required for the receipt of emails, we use the “double opt-in” process, i.e. you receive an email with a weblink which you have to click as confirmation in order to prevent any misuse by unauthorised third parties. We may keep a record of any consent you have given, including the IP address and the date and time as evidence and for security reasons.
You may in principle cancel your registration for notifications and messages, for example newsletters. Notifications and messages that we require to provide our services remain reserved. By cancelling your registration, you can in particular object to your user data being used for statistical purposes linked to the measurement of success and reach.
7. Social media
We use social media platforms and other online platforms to communicate with interested parties and to inform them about our services. This may involve data processing outside Switzerland and the EEA.
Moreover, the general terms and conditions (GTCs), terms of use and other provisions of the individual operators of such online platforms apply. In particular, these provisions provide information regarding the rights of affected persons, notably their right to information.
8. Third-party services
Our website might use cookies related to third-party services (forms, interactive maps, e-commerce, multilingual site, etc.). You can control the cookies used via cookie-script.com. In accordance with User Rights, you can contact the Website Owner to claim the right to access, rectify, delete your data, or oppose their processing. In the case of a third-party service, Holographisme Sàrl will contact them to have your data deleted. Such services may be based outside Switzerland and the EEA, provided an adequate level of data privacy is guaranteed.
Third parties whose services we use may, for their own security-relevant, statistical and technical purposes, process data in connection with our websites as well as from other sources – cookies, log files and tracking pixels, in particular – in aggregated, anonymised or pseudo-anonymised form.
8.1 Contact options
We may use the services of third parties to improve our communication with them and other persons. We guarantee that such third parties provide an adequate level of data privacy.
8.2 Social media functions and social media content
We use services for social media content as well as social media plug-ins that allow you to share the content of our websites on social media or other online platforms as well as to use other social media functions such as LinkedIn, X and Youtube. This is visible for you (typically based on the respective symbols). The operators of the respective social networks may record that you are on our website and where on our website you are exactly and may use this information for their own purposes. This processing of your personal data lays in the responsibility of the respective operator and occurs according to its data protection regulations. We do not receive any information about you from the respective operator.
This may involve the use of cookies. We guarantee an adequate level of data privacy for these services and plug-ins.
8.3 Media
We use YouTube to host videos on our websites. This may involve the use of cookies. YouTube is an American website that belongs to Google LLC in the USA. Google Ireland Limited is responsible for the service vis-à-vis users in the EEA and Switzerland. Further information on the nature, scope and purpose of the data processing can be found in Google’s Our Privacy and Security Principles and Privacy Policy, in the Google Product Privacy Guide (including YouTube), in How Google Uses Data From Sites Or Apps That Use Our Services and in How Google uses cookies. In addition, users can opt out of personalised advertising.
8.4 Fonts
We use third-party services so that we can include selected fonts on our websites. No cookies are generally used in this context. We guarantee an adequate level of data privacy.
8.5 Success and reach measurement
We use third-party services in order to determine the success and reach of our websites. Cookies may be used in this context. We guarantee that such services provide an adequate level privacy, notably by anonymising and pseudo-anonymising data.
8.6 Google Analytics
We may use Google Analytics or similar services on our website. These are services provided by third parties, which may be located in any country worldwide (in the case of Google Analytics Google Ireland Ltd. (located in Ireland), Google Ireland relies on Google LLC (located in the United States) as its sub-processor (both «Google»), www.google.com) and which allow us to measure and evaluate the use of our website (on an anonymized basis). For this purpose, permanent cookies are used, which are set by the service provider. We have configured the service so that the IP addresses of visitors are truncated by Google in Europe before forwarding them to the United States and then cannot be traced back. We have turned off the «Data sharing» option and the «Signals» option. Although we can assume that the information we share with Google is not personal data for Google, it may be possible that Google may be able to draw conclusions about the identity of visitors based on the data collected, create personal profiles and link this data with the Google accounts of these individuals for its own purposes. If you have registered with the service provider, the service provider will also know your identity. In this case, the processing of your personal data by the service provider will be conducted in accordance with its data protection regulations. The service provider only provides us with data on the use of the respective website (but not any personal information of you).
9. Final Provisions
This Data Privacy Statement is effective as of 01.08.2025. We may update it from time to time and will publish any changes on this page. We will inform you about changes and additions in suitable form, in particular by publishing the latest version of the Data Privacy Statement on our website.
30 July 2025