Privacy Policy
Please read this statement carefully to understand how The Hepatitis Fund collects, uses and stores your personal data.
Version updated as of July 2024
In this privacy policy (the “Privacy Policy“), we, The Hepatitis Fund SA (hereinafter “THF“, “we“, “us”, or “our”), explain how we collect and process some personal data in connection with our regular activities and your consultation of our website (the “Website“) in particular. Some of our data processing activities may not be covered by this Privacy Policy. In such a case, you will be provided with specific information about the processing of your personal data, which will supersede this Privacy Policy. In this Privacy Policy, the term “personal data” refers to any information related to an identified or identifiable individual in the meaning of applicable data protection laws.
If you provide us with personal data of other individuals (e.g., about family members, work colleagues, or associates), it is your exclusive responsibility to ensure that the individuals concerned are aware of this Privacy Policy and that you provide us with their personal data only if authorised to do so and if such personal data is accurate and up to date.
1 - Who are we?
The Hepatitis Fund is the data controller responsible for processing your personal data described in this Privacy Policy, with a registered address at Chemin Eugène-Rigot 2E, 1202 Geneva, Switzerland.
If you have any questions or requests relating to this Privacy Policy or our processing of your personal data in general, please contact us at the following address:
The Hepatitis Fund, Chemin Eugène-Rigot 2E, 1202 Geneva, Switzerland or by e-mail at: admin@thehepatitisfund.org.
2 - What personal data do we process?
We primarily process personal data about users of our Website, our donors, potential donors, business partners and private individuals, such as any persons reaching out to us with collaborations, partnerships or general inquiries or further to another specific interest.
We usually collect personal data directly from you, but if and to the extent legally admissible, we may also collect personal data about you from public or semi-public sources (such as the debt enforcement register, criminal records, the land register or the commercial register, the press or the Internet) or any other third parties, including from background screening agencies, private intelligence companies, insurance companies, brokers, consultants or legal, tax, hiring or media advisors.
In addition to the data you have provided us directly, the categories of personal data that we collect about you from other sources may typically include information from public or semi-public registers, information relating to your position and professional activities, your personal and educational background, your business partners, information such as your financial history, professional or business background and activities, criminal history, personal reputation and integrity, legal and regulatory-relevant information, sources of funding, bank details, contact details (e.g. name, address, telephone number, e-mail address, date of birth), information about you found in the media or on the Internet, your possible interests as well as other socio-demographic data and data relating to your use of our Website (such as IP address, MAC address of your smartphone or computer, information about your device and settings, cookies, date and time of your visits, sites and content consulted, applications used, referring website, location data).
3 - Why do we process personal data?
In accordance with applicable law and where applicable, THF may process personal data for the following purposes:
- To carry out, promote and develop our activities towards the end of viral hepatitis globally (which include, among others, raising awareness, strengthening health systems, enabling national action, building financial autonomy, promoting cross-cutting investments, unlocking synergies and promoting health globally);
- to implement and improve our processes, services and websites (including but not limited to the Website), applications and other platforms on which we may operate;
- to communicate with you and process your requests or inquiries (e.g. general request for information, media inquiry or a request from you concerning the exercise of your rights);
- to process your job applications (note that, unless you object, we may retain your relevant personal information and application materials collected during the recruitment procedure and from your application if we believe that your profile could fit with future positions opening within our organisation or affiliated entities. If we decide to retain your relevant information and materials for this purpose, they will only be used to assess your suitability with potential positions opening within our organisation or affiliated entities and will be deleted no later than twelve months from notification of our decision not to select your initial application, unless you authorise us otherwise);
- to assess and process collaboration or funding requests;
- to initiate and conduct calls for proposals, inviting submissions from eligible parties for funding consideration, and oversee the entire process, including evaluation, selection, and allocation of funds to successful proposals;
- to provide financial grants or other funding (such as donations, sponsorships or endowments) to investees and partners to support their operations, projects, research and development initiatives, community outreach programs or other specified activities;
- to carry out fundraising campaigns;
- to the extent permitted by law, to advertise and market our activities, including but not limited to through the organisation of events or the processing of promotion and marketing communications (unless you are not interested);
- for market research and to better understand you and your interests;
- for media and press monitoring;
- to ensure efficient management of the administrative and technical aspects of our activities and proper conduct of our operations, including our computer systems, websites, apps and other applications, as the case may be;
- to comply with applicable legal and regulatory frameworks (such as tax, accounting and AML/CFT regulations) and our internal rules and policies, such as our ethical standards;
- assert and defend our rights and interests in litigation and legal proceedings;
- for network and information security purposes, i.e. to take measures to protect our and your information from loss, damage, alteration, theft or unauthorised access; and
- to guarantee the security of our premises, systems, property, assets and interests and the protection of any persons working with us.
4 - Do we use cookies, tracking or similar technologies to monitor our Website?
This Website uses cookies and similar technologies to enable its basic features (necessary cookies) or to help us understand how you interact with the Website by providing information on metrics such as the number of visitors, bounce rate or traffic source (analytical cookies). For more details on the cookies and other similar technologies we may use, please contact us.
5 - Do we share your personal data?
During our activities and under the purposes described in section three above, we may transfer personal data to third parties as such transfers are authorised and deemed appropriate. In connection with such personal data transfers, third parties may process personal data about you on our behalf or, as the case may be, for their own purposes. We do not take responsibility for any processing of your personal data by third parties for their own purposes, for which we invite you to consult their own privacy notice. The following categories of data recipients (“recipients“) may receive some of your personal data from us:
- our service providers and subcontractors, which can be affiliates of THF or external service providers (such as website developers, customer service centres, HR and employment service providers, background screening agencies, private intelligence companies and payment processing providers);
- information technology service providers (for client relationship management, telecommunications, data storage and hosting and IT security in particular);
- communication and public relationship agencies;
- financial establishments and insurance companies or brokers;
- partners, suppliers and other organisation associates;
- fundraising consultants, grant writers or event planners;
- legal, tax, accounting and fiduciary advisors, as well as other professional advisors (including but not limited to auditors);
- national and foreign authorities or courts, as well as arbitral tribunals;
- the media;
- the public, including users of our Website and social media, and
- other parties involved in possible or pending legal proceedings.
We take necessary measures to ensure that data recipients who process your personal data comply with applicable data protection laws and protect your information, just as we do. We only disclose personal information necessary to share such information in the first place, in line with the processing purposes indicated herein. We will endeavour to anonymise your information or use aggregated, non-specific data sets wherever possible.
Please feel free to contact us (use contact details in section 1 above) if you want further details about the recipients with whom we may share your information.
Where we choose to outsource certain services to carefully selected recipients, we take precautions regarding their practices to ensure that your personal data is stored and processed in a lawful and secure manner. We will do our utmost to protect your personal data and not sell it to third-party companies.
THF hosts and processes personal data in Switzerland. However, while most recipients are in Switzerland and the European Economic Area (like Spain or Romania), others may be in other jurisdictions and process personal data in countries such as Singapore.
If we transfer your personal data to a third country that does not provide an adequate level of data protection, we will take necessary measures to guarantee an appropriate level of data protection despite the data transfer to such a third country. These measures may typically include implementing binding corporate rules or standard contractual clauses, as approved by the competent supervisory authority in each case. We may also rely on statutory derogations such as your consent, contract necessity, the recognition, safeguarding, or exercise of rights, an overriding public interest, personal data made public without objection and the protection of the integrity of data subjects.
6 - How long do we keep your personal data?
We only process and store your personal data for as long as necessary to meet the purposes described in section three. As soon as your personal data is no longer required for the abovementioned purposes, it will be deleted or anonymised as far as possible. As a general rule, operational data (e.g. system logs) are stored for a shorter period, up to a maximum of twelve months.
Please note that we may retain relevant personal data for a more extended period if we are required to (e.g. due to legal or contractual obligations for retention and documentation purposes) or if we have a legitimate interest in doing so (e.g. for evidential purposes to assert, exercise or defend our rights or interests). In any event, personal data will not be kept for longer than legally permitted.
7 - How do we protect personal data?
We take appropriate technical and organizational measures to avoid accidental or unlawful loss, deletion, destruction, modification or unauthorised disclosure or access to personal data and to protect their confidentiality, integrity, availability and traceability, such as by means of internal regulations, training, IT and network security solutions, physical and logical access controls and restrictions, encryption of data carriers and transmissions and pseudonymisation.
8 - What are your rights?
In accordance with and within the limits of applicable law, you may exercise your statutory rights to access, rectify, erase or request portability of your personal data, as well as to limit or object to their processing.
It is important that your personal data processed by THF is accurate and up-to-date. It is your responsibility to promptly inform us of any changes to personal data that you have provided us, as well as of any inaccuracies that you may have identified.
Please also note that exercising these rights may conflict with your contractual obligations, as applicable, which may result in consequences such as early termination of the contract or costs. If this is the case, we will inform you in advance unless this has already been contractually stipulated.
As a general rule, exercising these rights presupposes that you can prove your identity (e.g. by producing a copy of your identity papers if your identity is unclear or cannot be verified in any other way). To exercise these rights, please contact us as set out in Section 1 above.
In addition, any data subject may assert their rights before a court or lodge a complaint with the competent data protection authority. In Switzerland, the competent data protection authority is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).
9 - Changes to this Privacy Policy
We may amend this Privacy Policy at any time and without prior notice. The current version published on our Website is authoritative. If the Privacy Policy forms part of an agreement with you, we will inform you of any changes by e-mail or other appropriate means.