The Swiss Paraplegics Association (SPA) accords high priority to data protection.
We process users’ personal data only in compliance with the relevant data protection regulations (Swiss Data Protection Law and in the case of an application of Art. 3 EU GDPR, the EU GDPR).
1. Who is responsible for data processing and who do I contact?
The party responsible for processing the data collected by this website is the
Swiss Paraplegic Foundation
Guido A. Zäch Strasse 1
6207 Nottwil, Switzerland
The company’s Data Protection Officer can be contacted at:
Swiss Paraplegic Group
Information Security and Data Protection Officer
Guido A. Zäch Strasse 1
6207 Nottwil, Switzerland
Each person concerned can contact the Information Security and Data Protection Officer directly at any time regarding all questions and ideas for data protection.
2. Which sources and data are collected?
2.1 Access data and logfiles
Every time the website is called up by a person or an automated system, our provider automatically collects a range of general data and information and saves it in logfiles on the server:
- Names of the retrieved pages
- Browser type/version
- Operating system used
- Referrer URL (the page previously visited)
- IP address
- Date and time of server query
- Search engines used
- Downloaded files
The SPA can only assign this data, as well as any comments or other contributions left by users, to your IP address. The data is not related to any other information that may be held about you at the SPA.
You may decide freely whether you would like to provide us with your personal data via the contact form or by email. We only use the personal data you have provided for the purpose indicated (for example, for making contact).
Cookies are pieces of information which are transferred from our web server or that of third parties to the user’s Internet browser and stored here for later retrieval. Cookies can be small files or other types of information storage.
If users do not want cookies to be stored on their device, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies may be deleted in the browser’s system settings. Excluding cookies may limit the functions of this website.
2.3 LinkedIn Analytics and LinkedIn Ads
We use the conversion tracking technology and retargeting feature of LinkedIn Corporation on our website.
This technology allows visitors to this website to play personalised ads on LinkedIn. It is also possible to compile anonymous reports on ad performance and website interaction information. For this purpose, the LinkedIn Insight tag is included on this website, which establishes a connection to the LinkedIn server if you visit this website and are logged into your LinkedIn account at the same time.
2.4 Google Analytics
On this website, we use Google Analytics (with the anonymisation function). Google Analytics is a web analytics service. Web analysis is the collection, collation and evaluation of data on the behaviour of visitors to websites. Among other things, a web analysis service collects data about the website from which a data subject has arrived on a website (known as referrer), which subpages of the website have been accessed and how often and for how long a subpage has been viewed. A web analysis is primarily used to optimise a website and for a cost-benefit analysis of Internet advertising.
We also use Google signals. These are used to collect additional information in Google Analytics on users who have activated personalised advertisements (interests and demographical data) and advertisements can be delivered to these users in cross-device remarketing campaigns.
The operating company of Google Analytics components is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
Google will use this information on our behalf to evaluate the use of our online content by users, to compile reports on the activities within the online content and to provide us with further services associated with the use of this online content and Internet usage. Pseudonymised user profiles can then be created from the processed data.
We only use Google Analytics with an activated IP anonymisation procedure. This means that the IP address of users is truncated by Google within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA and then truncated.
The IP address transmitted by the user’s browser will not be merged with other data by Google. Users can prevent storage of cookies via a corresponding setting in their browser software; users can also prevent collection of data generated by the cookie and related to their use of the online content to Google as well as the processing of this data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
You will find more information on data usage by Google, settings and objection options on the Google websites: https://www.google.com/intl/de/policies/privacy/partners
(«Data usage by Google when you use websites or apps of our partners»), https://www.google.com/policies/technologies/ads («Data usage for advertising purposes»), https://www.google.de/settings/ads («Manage information that Google uses to show you advertisements»).
You can call up more information as well as Google’s data protection regulations at https://www.google.de/intl/de/policies/privacy/ and at http://www.google.com/analytics/terms/de.html. You can find more information on Google Analytics at this link: https://www.google.com/intl/de_de/analytics/
3. Integration of services and contents of third parties
Within our online content, we use content and service offers from third-party providers, to incorporate their content and services, such as videos or fonts (described uniformly as «Contents» below). This always requires that the third-party providers of these contents recognise the IP address of the users, as they could not send the contents to their browser without the IP address. The IP address is thus required to display these contents. We try to only use those contents whose respective providers use the IP address for the sole purpose of delivering the contents. Third-party providers can also use what are known as pixel tags (invisible graphics, also called «web beacons» for statistical or marketing purposes.
Using the «pixel tags», information, such as visitor traffic on the pages of this website, can be analysed. The pseudonymous information can also be stored in cookies on the users’ devices and include technical information on the browser and operating system, referring websites, time of visit and other information on the use of our website content, as well as be connected with such information from other sources.
The following display offers an overview of third-party providers as well as their contents, in addition to links to their privacy policies which contain further information on processing data and, in part, already mentioned here, objection options (known as opt-out):
- Google reCAPTCHA: Spam protection (distinction between desired comments by humans and undesired comments from bots as well as spam); provider: Google; Google reCAPTCHA-specific information: «What is reCAPTCHA?» («What is reCAPTCHA?»).
- Google Fonts
Together with our order processor Google Fonts, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland we process connection data and browser data in order to provide the fonts required by the web browser to display the website. This data is only processed for the period required for selecting and transmitting the fonts.
- Videos of the platform Vimeo, https://vimeo.com/privacy
- Social Wall of Flockler, https://flockler.com/privacy-policy
4. Why do we process your data (purpose of processing)?
We process your personal data in accordance with data protection law.
Logfile information is stored for security reasons (for example, to clarify abuse or defraudation).
In addition, the data is analysed for statistical purposes in order to make our Internet offers more attractive.
5. Who gets my data?
Within the SPA, only those offices that need it to fulfil their obligations will receive access to your data.
Data that was recorded at access to our web offering is only transferred to third parties insofar as we are obliged to do so by law, contract or by court ruling or based on legitimate interests.
In the case of personal data transfer, we only use the personal information you have entered within our company.
We oblige subcontractors that we use to provide our services to take appropriate technical and organisational measures to ensure protection of the personal data in accordance with the relevant statutory regulations.
6. Is data transmitted to a third country or an international organisation?
7. How long is my data stored for?
We process and store your personal data as long as this is necessary to fulfil our contractual and statutory obligations. It should be noted here that our relationship with you as a patient, benefactor, customer or guest is a continuing obligation intended to last for years.
Logfile information will be stored by the provider for up to 24 months according to statutory regulations. Data for which retention is necessary due to purposes of evidence is excluded from erasure until the respective incident has been completely clarified.
If the data is no longer required to fulfil contractual or statutory obligations, it will be erased on a regular basis.
8. What are my data protection rights?
Each data subject has the right to request a confirmation from us regarding whether we process their personal data.
Every data subject affected by the processing of personal data can request information on their personal data stored by us at any time and free of charge (a fee may be charged in the event of repeated or abusive claims). We issue the following information:
- The purposes of processing
- The categories of personal data that are processed
- The recipients or categories of recipients, to whom the personal data has been disclosed or will be disclosed, in particular with recipients in third countries or at international
- If possible, the planned duration for which the personal data is stored, or, if this is not possible, the criteria for defining this duration
- The existence of a right to correct or erase the data concerning the data subject or to
restriction of processing by the controller or a right of objection to this processing
- The existence of a right of appeal to a supervisory authority.
The data subject is also entitled to information on whether personal data has been transmitted to a third country. If this is the case, the data subject shall have the right to receive information on the appropriate safeguards in conjunction with the transfer.
Every data subject affected by the processing of personal data has the right to request immediate correction of incorrect personal data concerning them. The data subject is also entitled, taking into account the purpose of processing, to request the completion of incomplete personal data – including by means of a supplementary declaration.
Every data subject affected by the processing of personal data has the right to request that the personal data concerning them is erased immediately, if there are legal grounds for erasure and provided processing is not necessary.
Every data subject affected by the processing of personal data has the right to request the restriction of processing by the controller if one of the following conditions is met:
- The correctness of the personal data is disputed by the data subject for a period of time which enables the controller to check the correctness of the personal data.
- Processing is unlawful, the data subject refuses the erasure of the personal data and instead requests restriction of the use of the personal data.
- The controller does not require the personal data for the purposes of processing but the data subject needs it for the assertion, exercise or defence of legal claims.
- The data subject has lodged an objection against the processing and it is not yet certain whether the legitimate grounds of the controller override those of the data subject.
Every data subject whose personal data is processed has the right to receive their personal data, which has been provided to a controller by the data subject themselves, in a structured, standard and machine-readable format or to request that it is transmitted to a different controller. Provided the data is processed using automated procedures.
Every data subject whose personal data is processed has the right to lodge an objection against the processing of their personal data at any time for reasons arising from their particular situation.
Every data subject whose personal data is processed has the right to revoke their consent to processing of personal data at any time.
The rights of the data subject can be asserted in any form. Please send any queries to:
Swiss Paraplegic Group
Information Security and Data Protection Officer
Guido A. Zäch Strasse 1, 6207 Nottwil
9. Erasure of data
The data we store will be erased as soon as it is no longer required for its intended purpose and the erasure does not conflict with any statutory retention obligations. If the user’s data is not erased because it is required for other legally permissible purposes, processing of this data will be restricted. This means the data is blocked and not used for any other purposes. This applies, for example, for user’s data which needs to be retained for commercial or tax law reasons.
10. To what extent is automated decision-making carried out?
In the SPA, no fully-automated decision-making is carried out based on the information available to us.
11. Is profiling carried out?
No profiling takes place with the data collected on this website.
12. Security measures
We take organisational, contractual and technical security measures compliant with the state of the art, to ensure that the regulations of the data protection laws are adhered to and to protect the data we process against any accidental or deliberate manipulation, loss, destruction or against access by unauthorised persons.
Nottwil, 1 September 2023