Privacy policy

Note on translation
This translation of the privacy policy was automatically generated by DeepL in order to make the content accessible in other languages. Only the original German version is legally binding and authoritative.

The protection of your personal data is very important to us, the Research Institute of Organic Agriculture (hereinafter referred to as "FiBL").

We are committed to handling your personal data responsibly and consider it a matter of course to comply with the Swiss Federal Act on Data Protection (FADP), the Data Protection Ordinance (DPO) and, in particular for our European companies within the FiBL Group, the EU General Data Protection Regulation (GDPR) and other applicable data protection regulations.

In our privacy policy, we explain how and for what purposes we will process your personal data and what rights you have in this regard.

This privacy policy is not exhaustive. Other privacy policies, general terms and conditions and similar documents may regulate specific matters in a supplementary or deviating manner.

1.1. Name and address of the controller

Research Institute of Organic Agriculture FiBL
Ackerstrasse 113
CH-5070 Frick
+41 (0)62 865-7272
info.suisse(at)fibl.org
https://www.fibl.org

If you have any questions about how your personal data is handled, please contact dataprotection(at)fibl.org

Below, we provide information about the most important aspects of our data processing. You will find more detailed information about our processing activities below.

We use personal data that you provide to us, that we collect about you or that we have received from third parties. This includes, in particular, personal data:

• that we receive in the course of our business relationships from customers, future customers, interested parties, service providers, suppliers, business partners or other persons involved in the business relationships;
• which we receive from job applicants;
• which we receive from visitors to our locations or participants in our seminars and events;
• that we are legally or contractually obliged to collect;
• which we collect when you use our website;
• which we obtain from publicly accessible sources (media, internet) or public registers (debt collection registers, commercial registers, etc.);
• which we receive from authorities and other third parties (address brokers, credit agencies).

Depending on the nature of the relationship, we process personal data from you such as:

• Contact and identification data such as surname, first name, address, email address, telephone number;
• Contract data such as services used, type of contract, contract content, type of products and services, applicable terms and conditions, contract start date, contract term, invoice data, names of contact persons;
• Application data such as cover letter, CV and photo, employment references, diplomas, training certificates, third-party references, interview notes;
• Financial data such as account information, payment information, payment history, average revenue;
• Donor data such as details of the time and amounts and values donated or contributed;
• Telecommunications data such as telephone number, value-added service numbers, date, time and duration of the connection, type of connection, location data, IP address, device identification numbers such as MAC address;
• Interaction and usage data such as correspondence, preferences and target group information, device type, device settings, operating system, software, information from the assertion of rights;
• Website information: IP address, cookie information, browser settings, frequency and duration of visits to the website, search terms, clicks on content, originating website.

We use the personal data we collect primarily to conclude and execute contracts with our customers and business partners. In addition, we process personal data to optimise our services and for marketing purposes.

We also rely on the processing of personal data for the purchase of products and services from our suppliers and subcontractors. If you work for a customer or business partner, you may also be affected in this capacity.

In addition, we process personal data from you and other individuals, to the extent permitted and as we deem appropriate, for the following purposes, in which we (and sometimes third parties) have a legitimate interest:

• Communication and processing of enquiries (e.g. via contact forms, e-mail, job applications, media enquiries, telephone, letter post, blogs);
• In the context of cooperation with customers, suppliers and partners;
• For the fulfilment of contracts, order processing and in the pre-contractual phase;
• Offering and further developing our products, services and websites and other platforms on which we are present;
• Optimisation of our internet presence (adapting the website to your needs);
• Compilation of usage statistics;
• Administration of donations (e.g. acknowledgements, donation receipts, payment recording);
• Fundraising, advertising and marketing (including the organisation of seminars and events), newsletter distribution, provided you have consented to the use of your data;
• Prevention and investigation of criminal offences and other misconduct (e.g. conducting internal investigations, data analysis to combat fraud, defence against and recording of hacking attacks);
• Assertion of legal claims and defence in connection with legal disputes and official proceedings;
• Reviewing and processing submitted job applications;
• Ensuring our operations, in particular our IT and our website.

The legal basis for processing your personal data is regularly:

• your consent (Art. 6(1)(a) GDPR), insofar as you have given us your consent to process your personal data for specific purposes (e.g. when you register to receive newsletters). You can revoke your consent at any time, but this will not affect data processing that has already taken place.
• the conclusion or fulfilment of a contract with you or your request in advance (e.g. by submitting a job application; Art. 6(1)(b) GDPR).
• a balancing of interests (e.g. if your professional contact details are recorded when you contact us on behalf of your employer, implementation of marketing measures; Art. 6(1)(f) GDPR).
• a legal obligation (e.g. for the storage of documents by us or for data processing within the framework of a public contract; Art. 6(1)(c) GDPR).

We treat your personal data as confidential and only disclose it if you have expressly consented to this, if we are required to do so by law, or if this is necessary in the context of using the website or for the provision of services requested by you, or if this is necessary for the performance of a contract or for pre-contractual measures.

We also disclose personal data to third parties within the scope of our business activities and for the above-mentioned purposes, insofar as this is permitted and appropriate, either because they process it for us (contract data processing) or because they wish to use it for their own purposes (data disclosure). This applies in particular to:

• Service providers, including contract processors;
• IT service operators (e.g. web hosting providers, email delivery service providers, suppliers);
• Retailers, suppliers and other business partners;
• Insurance companies;
• Banking institutions and payment service providers;
• Public authorities;
• Government agencies and courts.

In doing so, we naturally comply with the legal provisions governing the transfer of personal data to third parties. If we use processors to provide our services, we take appropriate legal precautions and technical and organisational measures to ensure that your personal data is protected in accordance with the relevant legal provisions. Among other things, processing by processors is limited to the contractually agreed purposes, they are obliged to protect your privacy to the same extent as we do, and they may only process your personal data in accordance with our instructions.

Some of the recipients are located in the United Kingdom, while others are located abroad.

We generally process personal data in Switzerland or in an EU/EEA country or in another country that has an adequate level of data protection. With regard to certain processing operations, you must expect your data to be transferred to other countries within and outside Europe, where some of the IT service providers we use are located. If we disclose data to a country that does not have an adequate level of legal data protection, we require the recipient to take appropriate measures to protect your privacy (e.g. by agreeing to the EU Standard Contractual Clauses, the current version of which is available here, or other precautions) or we rely on justifications such as your consent.

We process personal data for as long as it is necessary to fulfil our contractual obligations or for the purposes pursued with the processing, for example for the duration of the entire business relationship and beyond, in accordance with the statutory retention and documentation obligations. It is possible that personal data may be retained for the period during which claims can be asserted against us and insofar as we are otherwise legally obliged to do so or legitimate interests require this (e.g. for evidence and documentation purposes). As soon as your personal data is no longer required for the above-mentioned purposes, it will generally be deleted or anonymised.

In addition, we will delete your data if you request us to do so at the email address mentioned in section1.1 and we have no legal or contractual obligation to retain or otherwise secure this data. 

You have the following rights under the data protection law applicable to you and to the extent provided for therein:

Right to information: You have the right to request access to your personal data stored by us at any time if we process it.

Right to rectification: You have the right to have inaccurate or incomplete personal data corrected.

Right to erasure: You have the right to have your personal data erased under certain circumstances. In individual cases, in particular in the case of statutory retention obligations, the right to erasure may be excluded. In this case, the data may be blocked instead of erased, provided that certain conditions are met.

Right to data portability: You have the right to request that we disclose certain personal data in a commonly used electronic format or transfer it to another controller.

Right of withdrawal: You have the right to withdraw your consent at any time. However, processing activities based on your consent in the past will not become unlawful as a result of your withdrawal.

Right to object: You have the right to object to the processing of your data, in particular for the purposes of direct marketing, profiling for direct advertising and other legitimate interests in processing.

Right to further information: You have the right to request further information necessary for the exercise of these rights.

Automated individual decisions: You have the right to express your point of view in the case of automated individual decisions and to request that the decision be reviewed by a natural person.

To exercise these rights, please send us an email to the email address mentioned in section 1.1 .

Right to lodge a complaint: You also have the right to enforce your claims in court or to lodge a complaint with the competent data protection authority.  

Please note that these rights are subject to certain conditions, exceptions or restrictions (e.g. if we are obliged to store or process certain data, have an overriding interest in doing so (insofar as we are permitted to invoke this) or need it to assert claims). We will inform you accordingly if necessary.

The website is intended for an adult audience. Minors, in particular children under the age of 16, are prohibited from transmitting personal data to us or registering for a service. If we discover that such data has been transmitted to us, it will be deleted from our database. The child's parents (or legal representative) can contact us and request deletion or deregistration. To do so, we require a copy of an official document that identifies you as a parent or legal guardian.

We take technical and organisational security measures to protect your personal data against manipulation, loss, destruction or access by unauthorised persons and to ensure the protection of your rights and compliance with the applicable data protection regulations.

The measures taken are designed to ensure the confidentiality and integrity of your data and to guarantee the long-term availability and resilience of our systems and services when processing your data. They are also intended to ensure the rapid restoration of the availability of your data and access to it in the event of a physical or technical incident.

Our security measures also include encryption of your data. When your data is transmitted to us, it is encrypted using Transport Layer Security (TLS) / HTTPS. All information you enter online is transmitted via an encrypted transmission channel. This means that this information cannot be viewed by unauthorised third parties at any time.

Our data processing and security measures are continuously improved in line with technological developments.

We also take our own internal data protection very seriously. Our employees and the service providers we commission are obliged to maintain confidentiality and comply with data protection regulations. Furthermore, they are only granted access to personal data to the extent necessary.

As a rule, you can use our website without having to provide any personal information. This does not apply to areas and services that naturally require your name, address or other personal data, e.g. registrations for our seminars or events. 

When you visit our website, the web server we use automatically collects various pieces of information and stores them temporarily in so-called server log files. This information includes, in particular, the IP address of the requesting computer (in anonymised form, if applicable), the date and time of access, the name and URL of the files accessed on , the operating system and browser type, the country of access, name of the Internet provider, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page), access status or HTTP status code, amount of data transferred, the last website visited, browser settings, language and version of the browser software, and activated browser plug-ins.

This data is required in order to deliver the content of our website to you correctly, to ensure system security and stability, to optimise our offering in terms of technology and content, to perform statistical evaluations and, if necessary, to provide law enforcement authorities with the information required for prosecution in the event of cyber attacks. The processing of this data is based on our legitimate interest. Our legitimate interest lies in ensuring the functionality and security of our website and in improving it.

We delete your personal data as soon as it is no longer required for the purposes mentioned above. In the case of data collection for the provision of our website, deletion takes place, subject to criminal relevance, when the respective session is ended.  

For the hosting of our websites, we may use the services of third parties in the United Kingdom and abroad, who carry out the above-mentioned processing on our behalf. Currently, the website is operated by German hosting providers on servers in Germany.

In order to exchange information, in particular for communication and collaboration, as well as to conduct webinars and other online training courses, we use Microsoft Teams ("MS Teams"), a collaboration platform provided by Microsoft Corporation, based in the USA, or, if you are resident in the European Economic Area (EEA) or Switzerland, Microsoft Ireland Operations Limited, based in Ireland ("Microsoft").

When using MS Teams, various data is processed, in particular content data from meetings, chats and shared files, call history, profile data (e.g. email address, profile picture) as well as your IP address and preferred language. Meeting metadata such as date, start and end time, meeting ID and, if applicable, telephone number and location are also processed. In addition, Microsoft collects diagnostic data in connection with usage, which enables Microsoft to provide the service, i.e. troubleshooting, backing up and updating MS Teams, and monitoring performance.

The data collected via MS Teams is transmitted to Microsoft servers and processed there. The storage location is in the geographical region assigned to our Microsoft 365 organisation, which is located in Switzerland. According to Microsoft, this data is not disclosed to unauthorised third parties.

The data collected is only stored for as long as is necessary to provide the service, i.e. usually until the end of the MS Teams session ("session") or until the respective user deletes the files they have shared.

In some cases, it may be necessary for us to record sessions. Recordings are made in particular to provide participants with a reference and to make the content accessible to people who were unable to attend the original meeting. The recordings are for internal use only and may not be passed on or reproduced without permission. The recordings are stored in encrypted form and access is restricted to the participants of the respective session and those (authorised) persons who are authorised to do so by the creator of the recording (usually the organiser of the session).

Recordings are always made on the basis of your consent. We will inform you in good time if a meeting is being recorded. This gives you the opportunity to turn off your camera and microphone or leave the meeting. We would also like to point out that your name may be visible in the recordings even if your camera/microphone is turned off.

Recordings are only kept for as long as necessary (e.g. until absent participants have had the opportunity to view them). Recordings are deleted after one year at the latest.

To protect your privacy, we have entered into a Data Processing Addendum with Microsoft. Further information on data protection and data security, as well as how MS Teams works, can be found on the Microsoft Teams website.

Like many other websites, we also use so-called "cookies". Cookies are small text files that are stored on your hard drive and assigned to the browser you are using, and through which certain information flows to the entity that sets the cookie. When a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is visited again. Cookies cannot execute programmes or transfer viruses to your computer. They serve to make the Internet offering more user-friendly and effective overall and to enable the use of certain functions.

Our website only uses technically necessary cookies that ensure the core functionality of our website. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognised even after a page change. The user data collected by technically necessary cookies is not used to create user profiles. These purposes also constitute our legitimate interest in the processing of personal data.

We use temporary cookies. These store a so-called session ID, which can be used to assign various requests from your browser to the shared session. This allows your computer to be recognised when you return to the website. We use this type of cookie to ensure the operation and functionality of our website.

We integrate external content from third-party providers on our website. In this case, we explicitly point this out to you and obtain your consent before you can activate the external content. The third-party providers may set cookies. For further information, please refer to the respective section on this third-party provider in this privacy policy.

We use Matomo, a web analytics service provided by InnoCraft Ltd. (150 Willis St, 6011 Wellington, New Zealand, "Matomo"), on our website. Matomo is open source software that allows us to analyse the surfing behaviour of our users. Matomo is operated without cookies in the configuration we use ("cookieless tracking"). Among other things, the website accessed, the time of access, basic technical information about your browser and your IP address are collected.

Your IP address is truncated immediately after collection and before storage, thereby anonymising it. This means that it is not possible to identify you personally.

This data processing is carried out exclusively for the statistical analysis of the use of our website. It helps us to optimise our offering and to avoid processing personal data as far as possible.

As Matomo runs on our website's servers, your personal data is also only stored there and is not passed on to third parties.

You can object to anonymous data collection at any time. To do so, an opt-out cookie is set, which prevents data from being collected in future. Please note that this cookie must be reactivated when you delete your browser cookies.

Further information on the terms of use and data protection regulations can be found at: https://matomo.org/privacy/.

We use various Google services on our website to provide interactive and embedded content. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA, or, if you are resident in the European Economic Area (EEA) or Switzerland, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google LLC is always responsible for the processing of personal data when using "Google Maps".

These services use technologies such as cookies, web storage in the browser and tracking pixels, which enable an analysis of your use of our website. The information generated about your use of our website may be transmitted to a Google server in the USA or other countries and stored there. Information about the locations of Google's data centres can be found here.  

The services are only loaded if you have given your express prior consent (e.g. via the cookie banner or by deliberately activating them). No data is transmitted to Google without your consent.

The personal data processed by Google is stored for as long as necessary for the respective purposes. The storage period depends in particular on the type of service used, the settings you have made and Google's internal guidelines on data retention and deletion. For more information, please refer to Google's privacy policy.

Further information on the individual services can be found below.

Google uses technologies such as cookies, web storage in the browser and tracking pixels, which enable an analysis of your use of our website. The information generated about your use of our website may be transmitted to a Google server in the USA or other countries and stored there. Information about the locations of Google's data centres can be found here.

We use tools provided by Google, some of which, according to Google, may process personal data in countries where Google or its subcontractors have facilities. In its "Data Processing Addendum for Products where Google is a Data Processor", Google promises to ensure an adequate level of data protection by relying on the EU Standard Contractual Clauses. Although this does not provide conclusive protection, Google also continues to be certified under the EU-U.S. and Swiss-U.S. Data Privacy Framework.

For more information about Google's processing and privacy settings, please refer to Google's privacy policy and privacy settings.

No videos are embedded directly on our website. Instead, we only link to external content from the YouTube video portal, a service provided by YouTube LLC, based in the USA ("YouTube"), a subsidiary of Google LLC. ("Google").

When you click on such a link, you will be redirected directly to the YouTube platform. Only there will YouTube process personal data (e.g. IP address, device information or, if you are logged in, account data). No YouTube videos or elements are automatically loaded from our website and no data is transmitted to YouTube as long as you only visit our website.

Further information can be found in YouTube's terms of use and Google's privacy policy.

Our website offers an internal search function that allows you to search for content within the website. When you enter a search query, it is transmitted to our web server and processed there. The search terms you enter are stored temporarily together with technical information (e.g. IP address, time of access, browser information) in order to provide the search results.

The data is used exclusively to execute the search query and is not evaluated for analysis, marketing or profiling purposes. It is not passed on to third parties.

The data is processed on the basis of our legitimate interest in providing a functional and user-friendly website. The data is only stored for as long as is necessary to process the search query and is then automatically deleted.

Our websites may contain links to websites of other providers to which this privacy policy does not extend. Once you click on such a link, we no longer have any influence on the processing of any data transferred to the third party when you click on the link (such as your IP address or the URL where the link is located), as the behaviour of third parties is naturally beyond our control.

We therefore cannot accept any responsibility for the processing of your data by third parties. If the use of other providers' websites involves the collection, processing or use of personal data, please refer to the data protection information of the respective providers.