Legal Notice and Data Protection Statement

Welcome to the Swiss Federation of Jewish Communities SIG website. We strive to provide you with comprehensive information on the Jewish communities in Switzerland, Jewish culture and religion and, of course, on the fields of work of our association. We invite you to take a closer look at the content of our website and visit us regularly. We are constantly working on the content and information of our website and would like to keep you up to date with our latest news and newsletter.

As a user of our website and our online services, we understand that it is within your interest to know whether and how your data is collected and processed. The aim of this data protection statement is to give you the opportunity to learn more about how we process data and information. Data protection is very important to the SIG.

We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection statement. This data protection statement applies to the services and use of the SIG’s website and newsletter. You can also use our website without providing any personal data. In this case, only the technical data (see Section 4) about your visit to the website is collected.

If you wish to use any services specific to our federation via our website, this may require the processing of personal data. If this is the case, we generally obtain the consent of the data subject – unless we have a justification or legal basis for data processing. For information that you provide in forms or for registration for events (see Section 8), we always assume that you consent to the corresponding processing.

The SIG is organised as a registered society (‘Verein’) and is based in Switzerland. Swiss data protection law therefore applies to the processing of personal data by the SIG in connection with this website. Switzerland and the European Union have mutually recognised their respective data protection legislation as equivalent. In certain cross-border cases, some data processing may also be subject to EU law, in particular the General Data Protection Regulation (GDPR).

The processing of personal data, such as the name, address, email address or telephone number of a user, is always performed in accordance with the applicable data protection law. The SIG is the data controller. We use all the necessary technical and organisational measures to ensure the utmost protection of personal data processed via these websites. However, internet-based data transmission can in principle be subject to security gaps, meaning that absolute protection cannot be guaranteed. For this reason, each data subject is free to provide personal data to us by alternative means, for example by telephone.

As a responsible organisation, we do not use automatic decision-making or profiling. This data protection statement therefore does not explain these forms of processing.

1. Definitions of terms

The data protection statement of the SIG is based on commonly used terms that are consistent with the Swiss Data Protection Act and EU law (GDPR). In this data protection statement, we use the following terms, amongst others:

a) Personal data

Personal data means any information relating to an identified or identifiable natural person (hereinafter the ‘data subject’). An identifiable natural person is a natural person who can be identified, directly or indirectly, in particular with reference to an identifying feature such as a name, an identification number, location data, an online identifier or one or more specific characteristics about the physical, physiological, genetic, psychological, economic, cultural or social identity of said natural person. For reasons of simplicity, the term ‘data’ also refers to personal data.

b) Data subject

A data subject is any identified or identifiable natural person whose personal data is processed by the controller.

c) Data processing

Data processing (also referred to as ‘processing’ in EU law) means any operation or series of operations carried out, with or without the aid of automated means, relating to personal data, such as the gathering, collection, organisation, sorting, storage, adaptation or modification, reading, retrieval, use, disclosure by transmission, dissemination or other form of provision, comparison or linking, restricting or deleting.

d) Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of limiting its future processing.

e) Pseudonymisation

Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable data subject.

f) Controller or person responsible for processing

The person responsible for processing is the natural or legal person, entity or other body that, alone or jointly with others, decides on the purposes and means of the processing of personal data. Where the purposes and means of the processing result directly from the applicable law, the latter may also determine responsibility.

g) Processor

A processor is a natural or legal person, authority, establishment or other body that processes personal data on behalf of the controller.

h) Recipient

A recipient is a natural or legal person, authority, establishment or other body to whom personal data is disclosed, regardless of whether it is a third party or not. However, authorities which may receive personal data under European Union or Member State law under a particular investigation mandate are not considered to be recipients.

i) Third parties

Third parties are natural or legal persons, authorities, establishments or other bodies other than the data subject, the controller, the processors and the persons who, under the direct responsibility of the controller or processor, are authorised to process personal data.

j) Consent

Consent is any freely given, informed and unambiguous indication of the data subject’s intention in the form of a declaration or other clear affirmative action, by which the data subject indicates that they agree to the processing of their personal data.

2. Name and address of the controller

The controller within the meaning of data protection law is:

Swiss Federation of Jewish Communities SIG

Gotthardstrasse 65
P.O. Box
8027 Zurich
Switzerland

Tel. +41 43 305 07 77
info@swissjews.ch
swissjews.ch

3. Cookies

The SIG website uses cookies. Cookies are text files that are placed and stored on a computer system via an internet browser.

Numerous websites and servers use cookies. Many cookies contain what is known as a cookie ID. A cookie ID is a unique identifier for the cookie. It consists of a string of characters by which websites and servers identify the specific internet browser in which the cookie was stored. This enables the websites and servers visited to distinguish the individual browser of the data subject from other internet browsers that contain different cookies. A specific internet browser can be recognised and identified via the unique cookie ID.

Cookies enable the SIG to provide the users of this website with more user-friendly services that would not be possible without the use of cookies. Cookies can be used to optimise the information and offers on our website to make them more relevant to the interests of the user. Cookies enable the software behind our website to recognise its users, making it easier for them to use our website. Examples of this are cookies that simplify registration for an event or inputting information into forms by ‘remembering’ the information you have already provided, even if you leave the page in between visits.

The data subject can prevent cookies being placed on their device by our website at any time by enabling the corresponding setting in the internet browser they are using, which objects to cookies in the long term. Cookies that have already been placed may also be deleted at any time using an internet browser or other software programs. All common internet browsers allow for the deletion of cookies. If the data subject deactivates consent to cookies in the internet browser they are using, it may not be possible to use all the functions of our website to their full extent.

4. Collection of general data and information

The SIG website collects a series of general data and information when a data subject or automated system accesses the website. This general data and information is stored in the server’s log files. This may include (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (referrer), (4) the sub-websites on our website visited via an accessing system, (5) the date and time of access to the website, (6) an internet protocol address (IP address), (7) the internet service provider of the accessing system and (8) other similar data and information that serve to protect against threats in the event of attacks on our IT systems.

When using this general data and information, the SIG does not draw any conclusions about the data subject. Rather, this information is required to (1) deliver the content of our website correctly, (2) optimise the content of our website and its promotion, (3) ensure the long-term functionality of our IT systems and the technology of our website, and (4) provide law enforcement authorities with the information they need to make a prosecution in the event of a cyberattack. For these purposes, the SIG analyses anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our organisation, and to ensure the highest level of protection for the personal data we process. The anonymous data of the server log files is stored separately from all personal data provided by data subjects.

5. Subscription to our newsletter

On the SIG website, users are given the opportunity to subscribe to our association’s newsletter. The input screen used for this purpose determines which personal data is transmitted to the controller when subscribing to the newsletter.

The SIG regularly informs its subscribers about the latest news, events and offers of the association through its newsletter. In principle, the newsletter of our association can only be received by the data subject if (1) the data subject has a valid email address and (2) the data subject subscribes to receive the newsletter. When subscribing for the newsletter for the first time or again, a confirmation email is sent to the registered email address as part of the double opt-in procedure. This confirmation email is used to check whether the owner of the email address has authorised the newsletter subscription.

When subscribing for the newsletter, we also store the IP address assigned by the internet service provider (ISP) of the computer system used by the data subject at the time of registration, as well as the date and time of registration. The collection of this data is necessary in order to be able to trace the any misuse of the email address at a later point in time and therefore serves our legal protection.

The data collected when subscribing to the newsletter will only be used to send our newsletter. Subscribers to the newsletter may also be informed by email if this is necessary for the operation of the newsletter service or subscription, for example in the event of changes to the newsletter service or technical conditions. The data collected for the purpose of sending the newsletter will not be passed on to third parties. Users who receive our newsletter may cancel their subscription at any time or withdraw their consent to the storage of the relevant data (by clicking on the unsubscribe link in each newsletter).

6. Newsletter tracking

The SIG newsletter contains tracking pixels. A tracking pixel is a thumbnail image embedded in emails sent in HTML format to record and analyse a log file. This enables statistical analysis of the success or failure of online campaigns. With the embedded tracking pixel, the SIG can detect whether and when an email was opened and which links in the email were accessed.

We store and analyse such data in order to optimise the sending of our newsletter and to tailor the content of future newsletters to make it more suitable to the interests of our subscribers. This data will not be passed on to third parties. Consent to this is granted by subscribing to the newsletter and can be withdrawn by unsubscribing. After a user unsubscribes, we will delete their data.

7. Making contact via contact details

Due to legal requirements, the SIG website contains a postal address and an email address. If someone contacts us by email, the personal data transmitted by that person is stored automatically. Such personal data voluntarily transmitted to us is stored for the purpose of processing or contacting the data subject. It will not be passed on to third parties.

8. Filling out contact forms on the website

Various forms are used on the SIG website to provide information on specific issues. This information is always provided voluntarily and at the sole responsibility of the person filling out the forms. In any case, we assume that – without prejudice to possible legal grounds or justifications – said person has provided their consent to the processing of the relevant data for the respective purposes of the request. The services for which such forms are intended may be amended or extended at any time. In particular, this may include:

• Subscription to the SIG newsletter (see Sections 5 and 6).
• Registration for events. This is where we collect the information required for the organisation of events and to guarantee security, compliance with safety measures and protection against misuse. This information may vary depending on the event.
• A form for reporting anti-Semitic incidents. We have to rely on the reporting of such incidents to be accurate and responsible. In this case, we ask for the following contact information of the person reporting the incident: first name, surname and email address. The report, including attachments, and the data subject’s contact details are stored on our server. The report will then be recorded, analysed and classified by us. If anything is unclear or there are any questions, we will get back in touch with you by email. In any case, you will always receive a feedback or confirmation message. The incident is entered into a database in anonymised form after it has been verified. The incident is then included in the statistics of our annual anti-Semitism report on the basis of the report provided. The anonymised cases are either included in the anti-Semitism report as a figure or described as an example. Example cases may also be forwarded to external parties, including the media, for viewing. If you would like your reported case to be included in the report only as a statistical figure, please inform a member of our staff. We can refrain from reporting on an incident if requested by the data subject. The decision to report any incident remains with you. Our staff members are happy to advise you on this.

9. Routine erasure and blocking of personal data

We process and store personal data only for the period that is necessary for the purpose of such data processing or provided for by law. If the storage purpose no longer applies or if a statutory storage period expires, the personal data is routinely blocked or deleted in accordance with statutory provisions.

10. Rights of data subjects

Data subjects have a range of legal rights under the Swiss Data Protection Act and, where applicable, the GDPR. Enquiries relating to the assertion of these rights should be sent to the postal address above or by email to info@swissjews.ch. As mentioned previously, the information relates to the operation and use of the website.

a) Information

In principle, data subjects have the right to receive information about the personal data stored about them. The information is normally provided free of charge. In certain cases, the right to information is restricted by law, for example to protect against misuse. The information may include:

• The processing purposes
• The categories of personal data processed
• The categories of recipients to whom the personal data will be disclosed
• If possible, the planned period for which the personal data will be stored; otherwise, the criteria for determining that period
• Whether, in individual cases, there is a right to correction or erasure of data concerning the data subject or to the restriction of processing, or to object to such processing
• Whether a complaint can be lodged with a supervisory authority
• If the data is not collected from the data subject: all available information on the origin of the data

In addition, data subjects have a right to information as to whether data has been transmitted to a third country or an international organisation, and which data protection safeguards such transmission.

b) Correction

Data subjects have the right to request the correction of inaccurate personal data about them. Furthermore, data subjects may, taking into account the purposes of the processing, request the completion of incomplete personal data, including by means of a supplementary declaration.

c) Erasure

Data subjects have the right to request the erasure of their personal data when: it is no longer needed for their purposes; the underlying consent has been withdrawn and there is no other legal ground for the processing; a legitimate objection has been raised; the processing is proven to be unlawful; an applicable law requires so; and in any event unless the processing is necessary on the basis of a legal obligation, in public interest, inter alia, for archiving purposes, for scientific or historical research or statistics, to exercise the constitutionally protected freedom of expression and information, or to safeguard, exercise or defend legal claims.

d) Restriction of processing

Data subjects may request the restriction of processing if:

• The data subject disputes the accuracy of the data for as long as necessary to verify it
• The processing is unlawful, but the data subject rejects the erasure of the data and requests its restriction instead
• The data is no longer needed for their purposes, but the data subject needs it in order to safeguard, exercise or defend legal claims
• The data subject has objected to the processing, but it has not yet been determined whether the legitimate reasons for the processing prevail.

e) Data portability

Data subjects may request that data that they have provided themselves be disclosed to them in a structured, commonly used and machine-readable format. If this is technically feasible and third-party rights are not affected, transfer to a third party may also be requested.

f) Objection

Data subjects may, for reasons arising from their particular situation, object to the processing of data about them that takes place without their consent and only on the basis of our or other overriding legitimate or public interests.

In the event of such objection, the SIG shall no longer process said personal data, unless we have compelling legitimate grounds for the processing that outweigh the interests and rights of the data subject, or unless we process the data to safeguard, exercise or defend legal claims.

Data subjects may object to the processing of data newsletter purposes (or similar forms of direct contact) without further reason. The SIG shall then no longer process such data for these purposes.

g) Withdrawal of consent

Data subjects may withdraw their consent to the processing of their personal data at any time.

11. Personal data outside of Switzerland and the EEA

We generally process and store personal data within Switzerland and the European Economic Area (EEA). However, in certain cases, we may share personal data with service providers and other recipients based outside of these regions or process personal data outside of these regions, which – in principle – means any country in the world. The countries in question might not have laws that protect your personal data to the same extent as in Switzerland or the EEA. If we do transmit your personal data to such a country, we will take reasonable steps to ensure that your personal data is protected.

For instance, one means of ensuring an adequate level of data protection is to enter into data transfer agreements with the recipients of your personal data in third countries that guarantee the necessary level of data protection. These include agreements that have been approved, issued or recognised by the European Commission and the Swiss Federal Data Protection and Information Commissioner – also known as standard contractual clauses. Please note that such contractual safeguards partially negate an inferior level or lack of legal protection, but are unable to preclude all risks entirely (e.g. access by foreign governments). Under exceptional circumstances, data transfers to countries without an adequate level of protection may also be admissible in other cases, such as on the basis of consent, in connection with legal proceedings outside of Switzerland/the EEA or if the transfer is necessary for the performance of a contract.

12. Data protection provisions on the use of Facebook

Facebook features are integrated into our website, such as a link that takes you to our Facebook page. Facebook is a company that operates a social network (i.e. an internet platform that allows private and commercial users to communicate with each other). The operating company of Facebook is Meta Platforms, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, is responsible for the processing of data about data subjects living outside the USA or Canada.

When you access Facebook websites (for example, by clicking on the link to our Facebook page), you switch to the pages operated by Facebook. Facebook will then collect data about visits to such sites and, if necessary, other personal data.

Insofar as we integrate plug-ins from Facebook into our own website (such as ‘Like’ buttons or Facebook comment functions), this may lead to Facebook functions being activated directly and your browser being able to interact directly with Facebook’s servers and offers (for example, to download a display of the corresponding Facebook component from Facebook). You can find out which Facebook plug-ins are available here: https://developers.facebook.com/docs/plugins/. Information about which page(s) of our website someone has visited is also obtained by Facebook’s systems.

If the data subject is logged into Facebook at the same time, Facebook recognises which page(s) of our website the data subject visits when accessing our website and for the entire duration of the visit to our website. Facebook can associate this information with that person’s Facebook account, even if the person does not click Facebook buttons or other plug-ins (e.g. comment function); if they do, this information is added to the data, meaning that Facebook can hold and store such data.

To prevent this information from being transferred to Facebook, log out of your Facebook account before accessing our website and do not click any Facebook buttons.

Facebook’s data policy is published at https://de-de.facebook.com/about/privacy/ and it provides information about the collection, processing and use of personal data by Facebook. It also explains the settings options offered by Facebook to protect the privacy of the data subject. Various applications are also available that enable data transfer to Facebook to be prevented.

13. Data protection provisions on the use of Google Analytics (with anonymisation function)

Our website also uses Google Analytics. The Google Analytics component used for this is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.

Google Analytics is a web analytics service that collects and evaluates data about the behaviour of website visitors. This includes information about the website from which a data subject came to another website (referrer), which sub-pages of the website were accessed or how often and for how long a sub-page was viewed. Web analytics help us to analyse visitor flows on our website, to optimise them and to check the effectiveness of our information and promotion.

Google evaluates the data and information obtained about the use of our website in order to compile online reports on the activities on our website and for other related services.

We have implemented Google Analytics with the extension ‘_gat._anonymizeIp’. This ensures that the IP address of the internet connection of data subjects is truncated and anonymised by Google if access is from Switzerland or the EU/EEA (‘IP masking’), meaning that the data is anonymised in advance.

Google Analytics places a cookie on the visitor’s computer (see Section 3). The cookie is used by Google to analyse the use of our website. Each time a page on our website is accessed, it triggers the storage of information of, for example, the time of access, the location from which access was made, the IP address of the internet connection of the data subject and the frequency of their visits to our website. When a user visits our website, such information, including the (masked) IP address of the data subject, is transmitted to Google servers in the USA and stored there. Amongst other things, this data is used by Google to trace the origin of visitors and clicks and to generate invoices. It cannot be ruled out that such data may be transferred to third parties.

You can prevent cookies from being placed, including those of Google Analytics, by adjusting your browser settings and/or by removing cookies that have been placed.

To specifically prevent the collection and processing of the usage data generated by Google Analytics, you can download and install a browser add-on at https://tools.google.com/dlpage/gaoptout. This browser add-on informs Google Analytics via JavaScript that no data and information about visits to websites may be transmitted to Google Analytics. Google considers the installation of the browser add-on to be an objection. If your computer’s or device’s systems are later deleted, formatted or reinstalled, or if the browser add-on is otherwise removed or disabled, it will have to be reinstalled in order to withdraw consent again.

Further information and Google’s applicable data protection provisions can be found at https://policies.google.com/privacy/ and https://marketingplatform.google.com/about/analytics/terms/gb/. Google Analytics is explained in more detail at https://marketingplatform.google.com/intl/en_uk/about/analytics/.

14. Data protection provisions on the use of Instagram

The website also incorporates components from Instagram. Instagram is a service that, as an audiovisual platform, enables its users to share photos and videos and share them on other social networks.

Instagram is operated by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.

With regard to links to our Instagram page and the possible embedding of an Instagram component (Instagram button), the same applies as explained above regarding Facebook.

In particular, if someone is logged in to their own Instagram or Facebook account at the same time as visiting our website or clicks on an integrated Instagram button, the aforementioned information may be sent to Instagram and assigned to the account of the data subject. To prevent this information from being transferred to Instagram or Facebook, log out of your Instagram and Facebook accounts before accessing our website and do not click on any Instagram buttons.

Further information and the applicable data protection provisions of Instagram can be found at https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/.

15. Data protection provisions on the use of X

X components are also integrated into the website. X is a multilingual, publicly available microblogging service that allows users to publish and distribute tweets, i.e. short messages limited to 280 characters. These short messages can be accessed by anyone, including people who are not logged in to X. The tweets are also displayed to the followers of the respective user. Followers are other X users who follow a user’s profile. X also makes it possible to reach a wide audience via hashtags, links or retweets. We integrate X components to enable our users to distribute our content, to make our website known in the digital world and to increase our visitor numbers.

X is operated by Twitter International Company, One Cumberland Place, Fenian Street Dublin 2, D02 AX07, Ireland.

With regard to links our X page and the possible embedding of a X component (X button), the same applies as explained above regarding Facebook and Instagram.

In particular, if someone is logged in to their own X account at the same time as visiting our website or clicks on an integrated X button, the aforementioned information may be sent to X and assigned to the account of the data subject. To prevent this information from being transferred to X, log out of your X account before accessing our website and do not click on any X buttons.

Further information about the X buttons can be found at https://developer.twitter.com/en/docs/twitter-for-websites/tweet-button/overview, and the applicable data protection provisions of X can be found at https://twitter.com/privacy.

16. Data protection provisions on the use of YouTube

YouTube components are also integrated into our website. YouTube is an internet video portal that allows video publishers to upload video clips free of charge and other users to view, rate and comment on them free of charge. YouTube allows the publication of all types of videos; not only can entire film and television broadcasts, but also music videos, trailers or videos made by users themselves be accessed via the internet portal.

YouTube is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5.

When accessing an individual page of our website on which a YouTube component (YouTube video) is integrated, this component automatically causes the internet browser on the user’s computer or device to download a representation of the content or YouTube component. Further information on YouTube can be found at https://www.youtube.com/yt/about/.

With regard to the operation of YouTube components on our website, the same applies as explained above regarding Facebook, Instagram and X.

In particular, if someone is logged into their own YouTube or Google account at the same time as visiting our website or accessing content stored on YouTube, the information mentioned above may be transferred to Google and be associated with the account of the data subject. To prevent such transfer of information to YouTube, log out of your YouTube and Google accounts before visiting our website and do not play YouTube content on our website.

The data protection provisions published by YouTube, which can be found at https://policies.google.com/privacy/, provide information about the collection, processing and use of personal data by YouTube and Google.

17. Legal basis for processing

Data processing in connection with our website is based on Swiss data protection legislation. If and to the extent that the GDPR is applied in individual cases, we rely on the legitimate, overriding interest of our association to operate this website, to ensure its functionality and security, to communicate and improve the information and contact offers provided herein, to process requests and notices from users, and, if necessary, to safeguard or assert our legal claims or third parties’ legal claims; depending on the type of offer; we also rely on public interests, where our association sees them as an central point in civil society; and finally, we rely on the consent of those affected, where we have obtained it. In individual cases, we may also have a legal obligation to process the data.