Data Privacy Protection

In this Privacy Policy we provide information about what personal data we process, where we process it, and for what purpose, particularly in connection with our website suisserugby.com and our other content. This Privacy Policy also provides information about the rights of persons whose data we process.

For individual or additional content and services, special, supplementary or additional privacy policies as well as other legal documents such as General Terms and Conditions (GTC), Terms of Use or Conditions of Participation may apply.

Our content is subject to Swiss data protection law as well as any applicable foreign data protection law, such as that of the European Union (EU) with the General Data Protection Regulation (GDPR) in particular. The European Commission acknowledges that Swiss data protection law ensures adequate data protection.

1. Contact Addresses

Responsibility for the processing of personal data:

Swiss Rugby Union (FSR)

Rautistrasse 12

8047 Zurich

fsr[at]suisserugby.com

Please be aware that there may be other parties responsible for processing personal data in individual cases

2. Processing Personal Data

2.1 Terms

Personal data is any information that relates to an identified or identifiable individual. A data subject is a person whose personal data is processed. Processing includes any handling of personal data, regardless of the means and procedures used, in particular the retention, disclosure, acquisition, collection, deletion, storage, modification, destruction and use of personal data.

The European Economic Area (EEA) comprises the European Union (EU) and the Principality of Liechtenstein, Iceland and Norway. The General Data Protection Regulation (GDPR) refers to the handling of personal data as the processing of personal data.

2.2 Legal Bases

We process personal data in accordance with Swiss data protection law, such as the Federal Act on Data Protection (FADP) and the Ordinance to the Federal Act on Data Protection (OFADP).

If and to the extent that the General Data Protection Regulation (GDPR) applies, we process personal data in accordance with at least one of the following legal bases:

• GDPR Art. 6(1)(b) for the necessary processing of personal data for the performance of a contract with the data subject as well as the implementation of pre-contractual measures.
• GDPR Art. 6(1)(f) for the necessary processing of personal data to protect our legitimate interests or those of third parties, except where such interests are overridden by the fundamental rights and freedoms and interests of the data subject. Legitimate interests are, in particular, our interest in being able to provide our offer in a permanent, user-friendly, secure and reliable manner and being able to advertise it as required, information security and protection against misuse and unauthorised use, the enforcement of our own legal claims and compliance with Swiss law.
• GDPR Art. 6(1)(c) for the necessary processing of personal data to comply with a legal obligation to which we are subject under any applicable law of Member States in the European Economic Area (EEA).
• GDPR Art. 6(1)(e) for the necessary processing of personal data for the performance of a task carried out in the public interest.
• GDPR Art. 6(1)(a) for the processing of personal data with the consent of the data subject.
• GDPR Art. 6(1)(d) for the necessary processing of personal data to protect the vital interests of the data subject or of another natural person.
  1. Nature, Scope and Purpose

We process the personal data that is necessary in order to be able to provide our offer in a permanent, user-friendly, secure and reliable manner. Such personal data may fall into the categories of basic personal and contact data, browser and device data, content data, meta- or secondary data and usage data, location data, sales, contract and payment data.

We process personal data for the period of time necessary for the relevant purpose or purposes or as required by law. Personal data which we no longer need for processing is anonymised or deleted. As a matter of principle, individuals whose data we process have the right to have their data deleted.

As a matter of principle, we only process personal data with the consent of the data subject, unless the processing is permitted for other legal reasons—for example to fulfil a contract with the data subject and for corresponding pre-contractual measures, to protect our overriding legitimate interests, because the processing is evident from the circumstances or after prior information.

In this context, we process information that a data subject submits of their own volition to us in particular when contacting us—for example, by letter, email, contact form, social media or telephone—or when registering for a user account. We may store this kind of information in an address book or using similar tools, for example. If you transmit personal data to us relating to third parties, you are obliged to guarantee data protection vis-à-vis these third parties and to ensure the accuracy of such personal data.

We also process personal data that we receive from third parties, obtain from publicly accessible sources or collect in the course of providing our services, provided that this kind of processing is permitted for legal reasons.

Personal data from job applications will only be processed to the extent that they are necessary for the assessment of suitability for an employment relationship or for the subsequent execution of an employment contract. The personal data required to carry out an application procedure is derived from the information requested or communicated, for example in the context of a job advertisement. Applicants have the opportunity to voluntarily provide further information for their respective applications.

2.3 Processing of Personal Data by Third Parties, including Those Abroad

We may commission third parties to process personal data or we may process it jointly with third parties or with the help of third parties, or transmit it to third parties. These third parties are primarily providers whose services we use. We also guarantee appropriate data protection when using such third parties.

These third parties are generally located in Switzerland and in the European Economic Area (EEA). Such third parties may also be located in other states and territories around the worldas well as elsewhere in the universe, provided that their data protection law guarantees adequate data protection in accordance with the Assessment of the{ 3]Federal Data Protection and Information Commissioner (FDPIC) and—if and insofar as the General Data Protection Regulation (GDPR) applies—with the  Assessment of the European Commission, or if adequate data protection is guaranteed for other reasons, such as by means of a corresponding contractual agreement, in particular based on standard contractual clauses, or by corresponding certification. By way of exception, such third party may be located in a country without adequate data protection, provided that the conditions under data protection law—such as the explicit consent of the data subject—are met.

1. Rights of Data Subjects

Data subjects whose personal data we process have the rights under Swiss data protection law. This includes the right to access as well as the right to rectification, deletion or blocking of the processed personal data.

Data subjects whose personal data we process may—if and insofar as the General Data Protection Regulation (GDPR) applies—request confirmation free of charge as to whether we are processing their personal data and, if this is the case, request information about the processing of their personal data, have the processing of their personal data restricted, exercise their right to data portability and have their personal data rectified, deleted (“right to be forgotten”), blocked or completed.

Data subjects whose personal data we process may at any time—if and insofar as the GDPR applies—revoke consent given with effect for the future and object to the processing of their personal data.

Data subjects whose personal data we process have a right to lodge a complaint with a competent supervisory authority. The supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

1. Data Security

We take appropriate and suitable technical and organisational measures to ensure data protection and in particular data security. However, despite these measures, the processing of personal data on the Internet can always involve security gaps. Therefore, we cannot guarantee absolute data security.

Access to our online offer is provided by means of transport encryption (SSL/TLS, in particular with the Hypertext Transfer Protocol Secure—abbreviation HTTPS). Most browsers indicate transport encryption with a padlock in the address bar.

Access to our online offer is subject—as is the use of the Internet in principle—to mass surveillance without cause and without suspicion, as well as other surveillance by security authorities in Switzerland, the European Union (EU), the United States of America (US) and other countries. We cannot directly influence the corresponding processing of personal data by secret services, police agencies and other security authorities.

1. Use of the Website
   1. Cookies

We may use cookies for our website. Cookies—both our own cookies (first-party cookies) and cookies from third parties whose services we use (third-party cookies)—are data that are stored in your browser. This stored data need not be limited to traditional textual cookies. Cookies cannot run programs or transmit malware such as Trojans and viruses.

Cookies can be stored temporarily in your browser as “session cookies” when you visit our website or for a certain period of time as permanent cookies. “Session cookies” are automatically deleted when you close your browser. Permanent cookies have a specific storage period. In particular, they enable us to recognise your browser the next time you visit our website and, in this way, measure the reach of our website. However, permanent cookies can also be used for online marketing, for example.

You can partially or completely deactivate cookies in your browser settings at any time and delete them. However, our website may no longer be fully available without cookies. If and when required, we actively seek your explicit consent for the use of cookies.

In the case of cookies that are used for performance and reach measurement or for advertising, a general objection (“opt-out”) is possible for numerous services via the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).

1. Server Log Files

We may collect the following information each time our website is accessed, provided this information is transmitted by your browser to our server infrastructure or can be determined by our web server: date and time including time zone, Internet Protocol (IP) address, access status (HTTP status code), operating system including user interface and version, browser including language and version, individual sub-page of our website accessed including the amount of data transferred, website last accessed in the same browser window (referrer).

We store this information—which may also contain personal data—in server log files. The information is required to provide our online offer permanently, in a user-friendly and reliable manner as well as to be able to guarantee data security and thus in particular the protection of personal data—including by third parties or with the help of third parties.

1. Tracking Pixels

We may use tracking pixels on our website. Tracking pixels are also known as web beacons. Tracking pixels—also from third parties whose services we use—are small, usually invisible images that are automatically retrieved when you visit our website. With tracking pixels, the same information can be recorded as in server log files.

1. Notifications and Messages

We send notifications and messages, such as newsletters, by email and through other communication channels such as instant messaging.

1. Measuring Performance and Reach

Notifications and messages can contain web links or tracking pixels that record whether an individual message was opened and which web links were clicked. Such web links and tracking pixels can also record the use of notifications and messages on a personalised basis. We need this statistical record of usage to measure performance and reach in order to be able to provide notifications and messages in an effective and user-friendly as well as permanent, secure and reliable manner based on the needs and reading habits of the recipients.

1. Consent and Objection

In principle, you must expressly consent to the use of your e-mail address and other contact addresses, unless such use is permitted for other legal reasons. For any consent to receive e-mails, we use the “double opt-in” procedure whenever possible, i.e. you will receive an e-mail with a web link that you must click on for confirmation to prevent misuse by unauthorised third parties. We may log such consents including Internet Protocol (IP) address and date and time for evidence and security purposes.

In principle, you can unsubscribe from notifications and communications such as newsletters at any time. By unsubscribing, you can, in particular, object to the statistical recording of usage for measuring performance and reach. We reserve the right to make notifications and communications that are absolutely necessary for our offer.

1. Social Media

We have a presence on social media platforms and other online platforms to communicate with interested individuals and provide information about our offer. Personal data may also be processed outside Switzerland and the European Economic Area (EEA).

The General Terms and Conditions (GTC) and Terms of Use as well as privacy policies and other provisions of the individual operators of these online platforms also apply in each case. In particular, these provisions provide information about the rights of data subjects, especially with regard to right of access.

Together with Facebook Ireland Limited in Ireland and provided GDPR applies, we are jointly responsible for our social media presence on Facebookincluding the so-called Page Insights. Page Insights provide information about how visitors interact with our Facebook presence. We use Page Insights to help us provide our social media presence on Facebook in an effective and user-friendly manner.

Further information on the nature, scope and purpose of data processing, information on the rights of data subjects and the contact details of Facebook as well as the Facebook data protection officer can be found in Facebook’s privacy policy (“Data Policy”). We have signed the ”Controller Addendum” with Facebook and therefore have agreed in particular that Facebook is responsible for guaranteeing the rights of data subjects. For the Page Insights, the corresponding information can be found on Facebook’s Insights” including “Page Insights supplement regarding the Controller” and [2 }“Information about Page Insights Data”.

1. Measuring Performance and Reach

We use services and programs to determine how our online offer is used. For example, in this context, we can measure the performance and reach of our online offer as well as the effect of third-party links to our website. However, we can also, for example, test and compare how different versions of our online offer or parts of our online offer are used (“A/B testing” method). Based on the results of the performance and reach measurement, we can in particular correct errors, strengthen content that is especially popular or make improvements to our online offer.

The Internet Protocol (IP) addresses of individual users must be stored when using services and programs for performance and reach measurement. IP addresses are generally shortened in order to follow the principle of data economy through the corresponding pseudonymisation and to improve the data protection of visitors to our website (“IP masking”).

Cookies may be used and user profiles may be created when using services and programs for performance and reach measurement. User profiles include, for example, the pages visited or content viewed on our website, information on the size of the screen or browser window and the location, at least approximately. In principle, user profiles are created exclusively in pseudonymized form. We do not use user profiles to identify individual visitors to our website. Individual services for which you are registered as a user may assign the use of our online offer to your profile with the respective service, and you usually have to give your consent to this assignment in advance.

In particular, we use:

• Google Analytics: Performance and reach measurement; providers: Google LLC (USA)/Google Ireland Limited (Ireland) for users in the European Economic Area (EEA) and Switzerland; Information on privacy policy: also measuring across different browsers and devices (Cross-Device Tracking) as well as using pseudonymized Internet Protocol (IP) addresses, which are only transmitted in full to Google in the US in exceptional cases, “Privacy and Security Principles”, Privacy Policy, “Google Product Privacy Guide” (including Google Analytics), “How [4 }[4 Google uses information from sites or apps that use our services”  (provided by Google), “How Google uses cookies”, “Google Analytics  opt-out browser add-on”, “Personalized advertising” (enable /disable/settings).
• Google Tag Manager: Integration and management of services for performance and reach measurement as well as other services from Google and third parties; providers: Google LLC (USA) / Google Ireland Limited (Ireland) for users in the European Economic Area (EEA) and Switzerland; we provide information about the processing of personal data by such integrated and managed services in this privacy policy.

1. Third Party Services

We use third-party services in order to be able to provide our offer in a permanent, user-friendly, secure and reliable manner. These services are also used to embed content into our website. Such services—for example, hosting and storage services, video services and payment services—require your Internet Protocol (IP) address, otherwise these services cannot deliver the relevant content. Such services may be located outside Switzerland and the European Economic Area (EEA), provided that adequate data protection is guaranteed.

For their own security-related, statistical and technical purposes, third parties whose services we use may also process data in connection with our offer and from other sources—including by using cookies, log files and tracking pixels—in aggregated, anonymous or pseudonymous form.

9.1 Digital Infrastructure

We use third parties’ services to be able to make use of the required digital infrastructure for our offer. These include, for example, hosting and storage services from specialist providers.

In particular, we use:

• Mittwald: hosting; provider: Mittwald CM Service GmbH & Co. KG (Germany); Information on privacy policy: Privacy Policy, “Privacy policy—everything you need to know about the GDPR”.

1. Social Media Functions and Content

We use services and plugins from third parties in order to be able to embed functions and content from social media platforms and to enable content sharing on social media platforms and in other ways.

In particular, we use:

• Facebook (Social Plugins): Embedding Facebook functions and Facebook content, for example “Like” or “Share”; providers: Facebook Inc. (USA) / Facebook Ireland Ltd. (Ireland); Information on privacy policy: Privacy Policy.
• Instagram platform: embed Instagram content; providers: Facebook Inc. (USA)/Facebook Ireland Ltd. (Ireland); Information on privacy policy: Privacy Policy(Instagram), Privacy Policy (Facebook){ 3].
• LinkedIn Consumer Solutions Platform: Embedding functions and content from LinkedIn, for example with the help of plugins such as the “Share plugin”; providers: LinkedIn Ireland Unlimited Company (Ireland) for users in the European Economic Area (EEA) and Switzerland/LinkedIn Corporation (USA) for users in the rest of the world; Information on privacy policy: ”Privacy Policy” (“Privacy”), Privacy Policy, Cookie Policy, Cookie management/Unsubscribing from e-mail and SMS communications from LinkedIn, Opting out of interest-based advertising.
• Twitter for websites: Embedding functions and content from Twitter, for example for displaying tweets; providers: Twitter International Company (Ireland) for users in the European Economic Area (EEA) and Great Britain/Twitter Inc. (USA) for users in the rest of the world; Information on privacy policy: Privacy Policy, and privacy, “Our use of cookies and similar technologies”, “About personalization  based on your inferred identity”, “Your privacy controls for personalized ads”.

1. Maps

We use third party services to embed maps on our website.

In particular, we use:

• Google Maps including Google Maps Platform: map service; providers: Google LLC (USA)/Google Ireland Limited (Ireland) for users in the European Economic Area (EEA) and Switzerland; Information on privacy policy: “Our privacy and security principles”, Privacy Policy, “Google Product Privacy Guide” (including Google Maps), “How Google uses information from sites or apps that use our services” (provided by Google), “How Google uses cookies”, “Personalized advertising” (enable /disable/settings).

1. Audiovisual Media

We use third party services to enable the direct playback of audiovisual media such as music or videos on our website.

In particular, we use:

• YouTube: videos; providers: Google LLC (USA)/Google Ireland Limited (Ireland) for users in the European Economic Area (EEA) and Switzerland; Information on privacy policy: “Our privacy and security principles”, Privacy Policy, “Google Product Privacy Guide” (including YouTube), “How Google  uses cookies”, “Personalized advertising” (enable /disable/settings.

1. Final Provisions

We have created this privacy policy with the Data protection generator from  Data protection partner[2}.

We may amend and supplement this privacy policy at any time. We will provide information about any amendments and additions in a suitable manner, in particular by publishing the respective current data protection declaration on our website.