Sorry, you need to enable JavaScript to visit this website.

Privacy and Cookie policies

Data protection at PAGES

Cookie policy

The platforms of pastglobalchanges.org, passbolt.pastglobalchanges.org, nextcloud.pastglobalchanges.org and pages-osm.org are operated by PAGES - Past Global Changes -   International Project Office (together referred to as "PAGES"). This Privacy Notice describes how and for what purposes PAGES collects, processes and uses personal data. Responsible handling of user data has always been key for us. We are continuously making improvements in order to protect the personal data of our customers even better.

What does PAGES do for data protection?

PAGES values the trust of its users. Data protection and data security are therefore central concerns for us.

Which Data Is Processed About Me?

We process personal data for various reasons and for various purposes. Your personal data will almost always be processed when you interact with us or we interact with you, for example when you subscribe a newsletter. Therefore, when you create a user account, register for another of our services, or navigate our websites, we also process behavioural and (where applicable) transactional data and make assumptions about your preferences based on it.

How do I benefit from data processing?

Our data processing has many benefits for you, for example it allows you to enjoy improved products and services.

To Whom Is My Personal Data Disclosed?

Your personal data may be shared with other partners outside PAGES and used by them. It is only passed on to selected service providers and partners. As a rule, personal data is processed on our behalf and in accordance with our instructions; however, certain partners also process personal data on their own responsibility or jointly with us.

Is My Data Secure?

We ensure that your data is protected in a manner commensurate with the risks involved and take comprehensive security measures in order to protect your personal data against unauthorized access. We continuously improve our security measures and adapt them to the current state of the art. 

Whom Should I Contact if I Have Questions?

If you have any questions about our processing of your personal data, please feel free to contact us at pages@pages.unibe.ch. You will find further information on how to exercise your rights in connection with your personal data in the Privacy Notice. 

Table of contents 
 1. What Is this Privacy Notice about?

2.Who Is Responsible for Data Processing?

3.For Whom Is This Privacy Notice Intended?

4.Which Personal Data Do We Process?

5.Where Does the Personal Data Come From?

6.For What Purposes Do We Process Personal Data?

7.What Is the Legal Basis for Processing Personal Data?

8.To Whom Do We Disclose Personal Data?

9.How Do We Disclose Personal Data Abroad?

10.How Do We Process Sensitive Personal Data?

11.How Do We Conduct Profiling?

12.Do We Use Automated Individual Decision-Making?

13.How Do We Protect Personal Data?

14.For How Long Do We Process Personal Data?

15.What Rights Do You Have in Connection with the Processing of Your Personal Data?

16.How Can You Contact Us?

17.Changes to This Privacy Notice

1. What Is this Privacy Notice about?

The protection of personal data is a matter of trust, and your trust is important to us. In this Privacy Notice, we inform you how and why we collect, process, and use your personal data.

In this Privacy Notice, you will learn, among other things:

  • what personal data we collect and process;
  • the purposes for which we use your personal data;
  • who has access to your personal data; 
  • what benefits our data processing has for you;
  • for how long we process your personal data;
  • what rights you have with respect to your personal data; and 
  • how you can contact us         

We have based this Privacy Notice on both the Swiss Data Protection Act and the European Union’s General Data Protection Regulation (GDPR). The GDPR has established itself globally as a standard for rigorous data protection. However, whether and to what extent the GDPR applies depends on each individual case.

2. Who Is Responsible for Data Processing?

According to data protection law, responsibility for data processing lies with the association that determines whether such processing is to take place, for what purposes it is to take place and how it is to be configured. PAGES – Past Global Changes – International Project Office (PAGES – Past global Changes, Hochschulstrasse 4, 3012 Bern, Switzerland) ("we" or "us") is generally responsible for data processing under this Privacy Policy.

3. For Whom Is This Privacy Notice Intended?

This Privacy Notice applies to all persons whose data we process (hereinafter referred to as “you”), regardless of which channel you use to contact us (e.g. on a website, in an app, in a branch, by telephone, via a social network, at an event, etc.). It applies to the processing of personal data that has already been collected and personal data that will be collected in the future.

Our data processing activities may, in particular, affect the following categories of persons if we process their personal data:

  • Visitors to our websites;
  • Holders of a user account;
  • People in our branch;
  • Other people who use our services or come into contact with other ways from us;
  • Users of our apps;
  • Individuals who write to us or contact us in any other way;
  • Recipients of information and newsletter communications;
  • Participants in public events;
  • Participants in opinion and user surveys;
  • Contacts at our suppliers and other business partners, as well as at organizations and authorities;
  • Job applicants.

Please also consult the contractual terms for individual services (e.g. General Terms and Conditions, Terms of Use, or Conditions of Participation). Please also consult the contractual conditions for individual services (e.g. general terms and conditions, terms of use or terms of service). For information about the collection and processing of personal data when using our websites, mobile apps, and social media pages, particularly in connection with cookies and similar technologies, please also see our Cookie Notice.

4. Which Personal Data Do We Process?

“Personal data” constitute information that can be associated with a specific person. We process various categories of such personal data. The key categories are set out below for your orientation. However, we may also process other personal data in individual cases.

You can find out more about the origin of this data in Section 5 and Section 6 about the purposes for which we process this data.

4.1 Master data

Master data comprises the fundamental data about you, such as your salutation, name, contact details, or date of birth. We collect master data in particular when you create a customer account with PAGES. We also collect master data if, for example, you take part in an event or register for a newsletter. We additionally collect master data about contacts and representatives of contractual partners, organizations, and authorities.

Examples of master data include:

  • salutation, first name, last name, gender, date of birth;
  • address, e-mail address, telephone number, and other contact details;
  • username and profile picture;
  • information on the use of our online platforms (e.g. whether you are registered with PAGES);
  • details of associated websites, social media profiles, etc.;
  • details of interests and preferences, language preferences, etc.;
  • details about your relationship with us (customer, visitor, supplier, etc.);
  • details about related third parties (e.g. contacts, recipients of services, or representatives);
  • settings concerning the receipt of subscribed newsletters, etc.;
  • details concerning your status with us (inactive or blocked user account, bans from entering premises, etc.);
  • details of participation in events (e.g. conferences, public meetings, exhibitions);
  • official documents in which you appear (e.g. ID documents, permits, etc.);
  • details of titles and corporate functions for contacts and representatives of our business partners;
  • date and time of registrations.

Disclosing your identity in your public profile on our platforms is voluntary. The username that is displayed publicly is the one you have chosen, which does not have to be your real name.

4.2 Contract data

Contract data is personal data that arises in connection with the conclusion or execution of the contract, e.g. information on the conclusion of the contract. We conclude contracts primarily with business partners and job applicants. If you accept offers from us based on a contract, e.g. make use of services, we will often also transactional data (see also Section 4.4).

Contract data includes details:

  • about the initiation and conclusion of contracts, e.g. date of contract conclusion, details from the application process, and details of the contract in question (e.g. type and duration or, if necessary, proof of identity such as copies of official IDs);
  • about the processing and administration of contracts (e.g. contact details, delivery addresses, and information about payment methods (i.e. salary));
  • in connection with our IT service and support with technical issues;
  • about our interactions with you (where applicable, a history with corresponding entries);
  • in connection with a job application, such as curriculum vitae, references, qualifications, certificates, meeting notes, etc. (that may also contain personal data of third parties);
  • about interactions with you as the point of contact or representative of a business partner;
  • in connection with other checks with regard to the establishment or continuation of a business relationship

4.3 Communication data

If you contact us or we contact you, for example when you contact IT service, or when you write to us, or call us, we process the exchanged communication contents and information about the type, time, and place of communication. In certain situations, we may also ask you to provide proof of identity.

Examples of communication data are:

  • name and contact details such as postal address, e-mail address, and telephone number;
  • content of e-mails, written correspondence, chat messages, social media posts, comments on a website, telephone conversations, video conferences, etc.;
  • details of the type, time, and in certain circumstances place of communication;
  • proof of identity such as copies of official IDs;
  • marginal communication data.

Telephone conversations and video conferences with us may be recorded; we will inform you of this at the start of each conversation. If you do not want us to record such conversations, you may terminate the conversation at any time and contact us in another manner (e.g. by e-mail).

4.4 Transactional and Behavioural Data

When you make use of our offers and infrastructure, or procure our services, we frequently collect data about this usage. This occurs, for example, if you use our websites and apps. If you are acting on behalf of a third party, this personal data may also pertain to that third party (e.g. your company members if you use our services on their behalf).

Examples of transactional and behavioural data include the following information if available to us as personal data:

  • information in your profile, e.g. a voluntary public profile description;
  • attendance of our events (e.g. date, place and type of event);
  • details about participation in conferences, webinars, public meetings and similar events;
  • details about the installation and use of mobile apps;
  • details about your behaviour on websites;
  • details about your use of electronic messages from us (e.g. whether and when clicked on a link);

4.5 Preference Data

We wish to tailor our offers and services to our users as effectively as possible. We therefore also process data about your interests and preferences. To do so, we may combine transactional and behavioural data with other data and analyse such data on a personal and non-personal basis. This enables us to draw conclusions about characteristics, preferences, and likely behaviour, such as your affinity for specific products and services.

In particular, we may create segments (permanently or case-related), that is, groups of persons displaying similarities with regard to specific characteristics. Preference data may be used either personally (e.g. in order to show you news that is relevant to you) or on a non-personal basis (e.g.  product development purposes).

The processing described can also be called "profiling" in technical language. You can find further information about profiling in Section 11.

4.6 Technical Data

When you make use of our websites, apps, or other electronic services, we collect certain technical data such as your IP address or device ID. Technical data also include the protocols in which we record the use of our systems (log files). In some cases, we may also assign a unique code number (an ID) to your end device (tablet, PC, smartphone, etc.), for example by using cookies or similar technologies, in order to be able to recognize it. Further details concerning this can be found in our Cookie Notice.

Technical data can in particular also be used to collect behaviour data, that is, details about your sue of websites and mobile apps (see Section.4.4). However, we are usually unable to derive who you are from technical data unless you create a customer account or register for other offers, for example. In this case, we can link technical data with master data, and thus with your person.

Technical data include:

  • the IP address of your device and further device IDs (e.g. MAC address);
  • code numbers assigned to your device by cookies and similar technologies (e.g. pixel tags);
  • details of your device and its configuration, such as operating system and language settings;
  • details about the browser with which you access the offer, and its configuration;
  • information about your movements and actions on our websites and in our apps;
  • details about your Internet provider;
  • your approximate location and the time of use;
  • system recordings of accesses and other events (log files).
  • metadata from telecommunications traffic

For more information on the processing of technical data, please also see our Cookie Notice.

4.7 Image and Sound Recordings

We regularly produce photos, videos, and sound recordings in which you might be featured, for example if you attend an event, contact our IT service, or receive advice by video conference. For security and evidentiary purposes, we also make video recordings in our branch and other premises. In doing so, we may obtain information on your behaviour in the relevant areas.

Examples of image and sound recordings include:

  • photos, videos, and sound recordings of customer and public events (e.g. conferences, symposiums, public meetings, etc.);
  • photos, videos, and sound recordings of courses, presentations, training courses, etc.;
  • recordings of telephone conversations and video conferences (e.g. webinars, IT service).

5. Where Does the Personal Data Come From?

5.1 Data Provided

You often disclose personal data to us yourself, for instance when sending us data or communicating with us. Master, contract, and communication data in particular are generally something you disclose to us yourself. You are in many cases also responsible for disclosing preference data to us.

For example, you provide us with personal data yourself in the following cases:

  • You create a user account;
  • You take part in public events;
  • You contact our IT service;
  • You register for our newsletter.

The provision of personal data is largely voluntary, which means that you are not generally obliged to disclose your personal data to us. However, we do have to collect and process the personal data that are required for processing contractual relationships and fulfilling associated obligations or that are prescribed by law, such as mandatory master and contract data, as we would otherwise be unable to conclude or continue the contract in question.

If you send us data about other persons (e.g. Company members), we assume that you are authorized to do so and that this data is correct. Please also make sure that these other persons have been informed about this Privacy Policy.

5.2 Data Gathered

We may also collect personal data about you ourselves or automatically, such as when you make use of our products or procure our services. This is often behavioural and transactional data, as well as technical data (e.g. the time at which you visit our website).

For example, we independently collect personal data about you in the following cases:

  • You visit one of our websites or use one of our apps;
  • You click on a link in one of our newsletters.

We may also derive personal data from personal data already available to us, for example by analysing transactional and behavioural data. Such derived personal data frequently comprise preference data.

For example, we can analyse the transaction and behaviour data collected during navigation in our online websites and, on this basis, make assumptions about your personal interests, preferences, affinities, and habits. This enables us, for instance, to tailor our offers and information to your individual needs and interests. For example, this enables us to send you an individual selection of news relevant for you. You can find further information about transactional and behavioural data in Section 4.4, and about profiling in this context in Section 11.

5.3 Data Received

We may also receive personal data from other partners of PAGES. Further information about this can be found in Section 8. Moreover, we may also receive information about you from other third parties, such as from partners with which we cooperate, persons who communicate with us, or public sources. Further information about this can be found in Section 8.

For example, we may receive information about you from the following third parties:

  • your employer and work colleagues in connection with a job application and your professional responsibilities;
  • third parties if correspondence and discussions concern you;
  • persons close to you (company members, legal representatives, etc.), e.g. your address for deliveries, references, or powers of attorney;
  • Swiss Post and address brokers, e.g. for address updates;
  • banks, insurance companies, distribution partners, and other contractual partners for payments;
  • providers of online services, e.g. providers of Internet analysis services;
  • providers of cybersecurity services and
  • Authorities, parties, and other third parties in connection with official and judicial proceedings;
  • Media monitoring agencies in connection with articles and reports in which you feature;
  • Public offices such as the Swiss Federal Statistical Office, from the media, or from the Internet.

6. For what Purposes Do We Process Personal Data?

6.1 Communication

We wish to remain in contact with you and address your individual requirements. We therefore process personal data for the communication with you, in order to answer inquiries and for IT service, for instance. In particular, we make use of communication and master data for this, as well as contract data if the communication concerns a contract. We may also personalize the content and time of dispatch of messages on the basis of behaviour, transaction, preference, and other data.

The purpose of communication particularly comprises:

  • responding to inquiries;
  • contacting you in the event of questions;
  • IT service;
  • the delivery of other notifications (e.g. user account information);
  • authentication, for example for the use of our online services;
  • quality assurance and training
  • all other processing purposes for which we communicate with you (e.g. contract processing, information).

6.2 Contract Execution

We wish to offer you the best possible service. We therefore process personal data in connection with the initiation, administration, and processing of contractual relationships, for instance to provide a service, deliver services, build up our communities or host an event. Contract processing also includes any agreed personalization of services. For this purpose, we make use of master data, contract data, communication data, transactional and behavioural data, and preference data in particular.

The purpose of contract processing generally comprises everything that is necessary or appropriate for concluding, executing, and, where applicable, enforcing a contract. 

For example, this includes processing in order to:

  • decide whether and how (e.g. with which payment options) we enter into a contract with you;
  • provide contractually agreed services, such as provide services and provide functions;
  • provide IT service;
  • to build up the PAGES communities;
  • plan and prepare the provision of our services, for example scheduling of our employees;
  • review the suitability of job applicants and, if applicable, prepare and conclude employment contracts;
  • review whether we are willing and able to cooperate with a company and to monitor and assess its services;
  • prepare and conclude corporate transactions such as corporate acquisitions, sales, and mergers;
  • assert legal claims from contracts (collection proceedings, legal proceedings, etc.);
  • administer and manage our IT and other resources;
  • store data in compliance with obligations to preserve records;
  • terminate and end contracts.

6.3 Information

Messages and news may also be personalized in order to – as far as possible – only send you information that is likely to be of interest to you. For this purpose, we in particular make use of master data, contract data, communication data, transaction data, behavior data, and preference data, but also image and sound recordings.

Examples include the following messages and offers:

For newsletters and other electronic messages, you can generally opt out of the corresponding service from your customer account or via an unsubscribe link included in the message.

The personalization of our messages enables us to tailor information to your individual needs and interests, and to only present you with offers that are likely to be relevant for you. For example, show you online contents tailored to you. In general, the focus of our activities on the wishes and needs of our customers allows us to simplify processes, such as navigation on  our websites. You can find more information about this profiling in Section 11.

6.4 Market Research

PAGES doesn’t process personal data for market research.

6.5 Security and Prevention

We wish to guarantee your and our security and prevent misuse. We therefore also process personal data for security purposes, to guarantee IT security, to prevent theft, fraud, misuse, and for evidentiary purposes. This can concern all the personal data categories listed in Section 4, in particular transactional and data and image and sound recordings. We can acquire, analyse, and store this data for the purposes mentioned.

Examples of the purpose of security and prevention include:

  • the creation and evaluation (manually and automatically) of video recordings for the detection and prosecution of criminal acts;
  • the imposition of bans from entering our premises and the administration of lists of persons banned from entering our premises;
  • the analysis of transactional and behavioural data in order to detect suspicious behaviour patterns and fraudulent activities;
  • the evaluation of system recordings of the use of our systems (log files);
  • the prevention, mitigation, and detection of cyber and malware attacks;
  • analyses and tests of our networks and IT infrastructures, and system and error checks;
  • control of access to electronic systems (e.g. logins for user accounts);
  • physical access controls (e.g. access to office premises);
  • documentation purposes and creation of backups.

6.6 Compliance with Statutory Requirements

We wish to lay the foundations for compliance with statutory requirements. We therefore also process personal data in order to comply with legal obligations and to prevent and detect infringements. Examples of this include receiving and processing complaints and other messages, complying with court and administrative orders, measures for detecting and investigating misuse. This can apply to all the personal data categories listed in Section 4.

Compliance with statutory requirements particularly includes

  • implementation of health and safety concepts;
  • clarifications concerning business partners;
  • the receipt and processing of complaints and other messages;
  • the conducting of internal investigations;
  • ensuring compliance and risk management;
  • the disclosure of information and documents to authorities if we have an objective reason (e.g. because we ourselves are the injured party) or are legally obliged to do so;
  • assistance with external investigations, for instance by criminal prosecution or supervisory authorities;
  • guaranteeing the legally required standard of data security;
  • fulfilment of duties of disclosure, duties to provide information, or reporting obligations, for instance in connection with obligations under supervisory and tax law, such as in the case of archiving obligations and for the prevention, detection, and investigation of criminal and other offenses;

All such cases may concern Swiss law or foreign regulations to which we are subject, as well as self-regulations, industry and other standards, our own corporate governance, or official directives.

6.7 Preservation of Rights

We wish to be able to enforce our claims and to defend ourselves against the claims of others. We therefore also process personal data for the protection of rights, for instance in order to enforce claims judicially, before or out of court, and before authorities in Switzerland and abroad, or to defend ourselves against claims. Depending on the situation, we process different categories of personal data, such as contact data and details of events that have led to or could lead to a dispute.

The purpose of the protection of rights in particular includes:

  • establishment and enforcement of our claims, which may also include claims of companies affiliated with us and of our contractual and business partners;
  • defence against claims made against us, our employees and our contractual and business partners;
  • clarification of case prospects and other issues of a legal, economic, or other nature;
  • participation in proceedings before courts and authorities in Switzerland and abroad. For example, we may secure evidence, have case prospects investigated, or submit documents to authorities. Authorities may also request us to disclose documents and data carriers containing personal data.

6.8 Administration and Support Within PAGES

We wish to shape our internal processes efficiently. We therefore also process personal data for the internal administration of PAGES (see Section 2 ). We particularly process master data, contract data, and technical data, as well as transaction data, and communication data.

Administration within PAGES the following in particular:

  • administration of IT;
  • accounting;
  • archiving of data and management of our archives;
  • training and education, for instance when we analyze recordings of video, or other forms of communication;
  • central storage and management of data used by PAGES and University of Bern
  • forwarding of inquiries to the offices responsible, for instance when you submit an inquiry to PAGES service that concerns another service provided by University of Bern;
  • Generally, the review and improvement of our internal processes.

We may therefore also disclose personal data to other partners in order to support their own processing purposes under the University of Bern privacy policy in the overall interests of the PAGES. Further information about this can be found in Section 8.

7. What Is the Legal Basis for Processing Personal Data?

Depending on the purpose of the data processing, our processing of personal data is based on different legal grounds. In particular, we may process personal data if

  • doing so is necessary to fulfil an agreement with the person concerned or for pre-contractual measures (e.g. to review a request for an agreement);
  • it is necessary for the exercise of legitimate interests, for example when data processing is a central component of our business activities;
  • doing so is based on consent;
  • doing so is required for compliance with Swiss and foreign legal obligations.

In particular, we have a legitimate interest in processing for the purposes set out in Section 6 above and the disclosure of data in accordance with Section 8 and the associated objectives. The legitimate interests in each case include our own interests and the interests of third parties.

Examples of these legitimate interests include interests in connection with:

  • the supply of products and services to third parties (e.g. pressman);
  • good IT support, maintaining contact and other communications with users, including outside the framework of a contract;
  • improving existing products and services and developing new ones;
  • facilitating management and communication within University of Bern, which is necessary with a group that requires cooperation between parties;
  • mutually supporting University of Bern in their activities and objectives;
  • protecting users and other individuals, as well as data, secrets, and assets of the PAGES and University of Bern;
  • ensuring IT security, especially in connection with the use of websites, apps, and other IT infrastructure;
  • safeguarding and organizing business operations, including the running and further development of websites and other systems;
  • ensuring corporate management and development;
  • the enforcement or defence of legal rights and claims;
  • complying with Swiss and foreign law, as well as internal rules and regulations.

8. To Whom Do We Disclose Personal Data?

8.1 Within PAGES

We may disclose personal data that we receive from you or third-party sources to University of Bern. Disclosure may serve to facilitate administration (PAGES) or support of University of Bern and their own processing purposes (Section 6), such as all processes related to administration. The personal data received may also be matched and linked to existing personal data by the relevant department of University of Bern. 

For example, this may include the following disclosures of data:

  • All personal data categories listed in Section 4 for the administration and processing of contractual relationships, especially in connection with services involving multiple departments of University;
  • Security-relevant information for security purposes and compliance with statutory requirements;
  • Information to support the safeguarding of rights.

Section 2 contains more information on partners involved in PAGES.

8.2 Outside PAGES

We may disclose your personal data to companies outside PAGES if we make use of their services. These service providers generally process personal data on our behalf as so-called “contract processors”. Our contract processors are obliged to only process personal data in accordance with our instructions and to take suitable measures to ensure data security. Certain service providers are also responsible jointly with us or independently. We ensure through the selection of service providers and suitable contractual agreements that data protection is upheld during the entire processing of your personal data.

Examples include services in the following areas:

  • Corporate management services, for example accounting or asset management;
  • IT services, for example in the areas of data storage (hosting), cloud services, the delivery of e-mail newsletters, and data analysis and refinement;
  • Advisory services, for example the services of tax advisers, lawyers, management consultants, or advisers in the field of personnel recruitment and placement.

It is also possible that we may disclose personal data to other third parties for their own purposes, for example if you have granted your consent or we are legally obliged or authorized to share such information. In such cases, the data recipient is legally responsible as the controller of the data.

Examples of such cases include the following:

  • The disclosure of personal data to courts and authorities within Switzerland and abroad, such as criminal prosecution authorities in case of suspected criminal activities.
  • The processing of personal data in order to comply with a court or administrative order, or to enforce or defend legal rights or claims, or if we consider such processing to be necessary on any other legal grounds. We may also disclose your personal data to other parties involved in any proceedings.

Please take note of our Cookie Notice concerning independent data collection by third-party providers whose tools we have integrated into our websites and apps.

As a matter of principle, we are not subject to any professional duty of confidentiality (such as banking or medical secrecy). Please inform us in individual cases if you believe that specific personal data is subject to a duty of confidentiality so that we can review your concerns.

9. How Do We Disclose Personal Data Abroad?

We process and store personal data mostly in Switzerland and the European Economic Area (EEA). In certain cases, however, we may also disclose personal data to service providers and other recipients (see Section 8) who are located outside this area or who process personal data outside this area (in principle in any country in the world). The countries in question may not have laws that protect your personal data to the same extent as in Switzerland or the EEA. If we transfer your personal data to such a country, we will ensure the protection of your personal data in an appropriate manner.

One means of ensuring adequate data protection is, for example, to conclude data transfer agreements with the recipients of your personal data in third countries that ensure the required level of data protection. This includes agreements that have been approved, issued, or recognized by the European Commission and the Swiss Federal Data Protection and Information Commissioner, known as standard contractual clauses. An example of the data transfer agreements generally used by us can be found here. Please note that such contractual arrangements can partially compensate for weaker or missing statutory protection but cannot rule out all risks completely (e.g. government access abroad). Data may also be transferred to countries without adequate protection in exceptional cases, for example if consent is granted, in connection with legal proceedings abroad, or if transfer is necessary for the processing of an agreement.

10. How Do We Process Sensitive Personal Data?

Certain types of personal data are considered under data protection law to be sensitive, such as details about health and biometric features. Depending on the circumstances, the categories of personal data listed in Section 4 may also comprise such sensitive personal data. However, we generally only process sensitive personal data if this is necessary for the provision of a service, if you have voluntarily disclosed this data to us, or have consented to such processing. We may also process sensitive personal data if this is necessary for the protection of rights or compliance with Swiss or foreign legal provisions, if the data concerned have clearly been publicly disclosed by the person in question, or if the applicable law otherwise permits its processing.

For example, we may process sensitive personal data in the following cases:

  • You apply for a job and provide details about your state of health, about a union affiliation, or about criminal records and criminal law measures.

11. How Do We Conduct Profiling?

“Profiling” refers to a procedure during which personal data is processed on an automated basis in order to analyse personal aspects or make predictions, e.g. the analysis of personal interests, preferences, affinities, and habits or the prediction of likely behaviour. Profiling can be used in particular to derive preference data (further details about this can be found in Section 4.5).

Profiling is a common procedure, e.g. it occurs in the context of the automated processing

  • of transactional and behavioural data, as well as technical data, in connection with our websites and apps;
  • of information in connection with the attendance of events, conferences, symposiums or similar events;
  • of communication data, such as your response to messages;
  • of other transactional and behavioural data.

 Profiling helps us to

  • improve our products and services on a continuous basis and tailor them to individual needs;
  • present our contents and news to you in accordance with your needs;
  • support you better with our IT service;

Profiling also takes place in connection with your user account, for instance when we analyse your usage on our websites and apps in order to offer you an individual user experience and send you offers tailored to your interests.

In order to improve the quality of our analyses and predictions, we may also combine personal data that originates from different sources as the basis of our profiling, for example data that has been collected via our various services. Self-learning algorithms (specific routines in computer programs) could also be used.

In certain cases, you also have the right to object to profiling, as described in Section 15.

12. Do We Use Automated Individual Decision-Making?

“Automated individual decision-making” refers to any decision that is made on a fully automated basis, meaning with no relevant human influences, and has legal consequences for the person concerned or that significantly affects him or her in some other way. We generally do not do this but will inform you separately, should we opt to utilize automated individual decision-making in individual cases. You will then have the option of having the decision reviewed by a human being if you do not agree with it.

13. How Do We Protect Personal Data?

We take appropriate technical and organizational security measures in order to safeguard your personal data, protect you against unauthorized or unlawful processing activities, and to address the risk of loss, unintentional changes, inadvertent disclosure, or unauthorized access. However, like all companies, we cannot completely rule out data security infringements; certain residual risks are unavoidable.

Security risks of a technical nature include the encryption and pseudonymization of data, record keeping, access restrictions, and the storage of data backups. Security measures of an organizational nature include instructions issued to our employees, training programs, and audits. We also require our contract processors to take appropriate technical and organizational security measures.

14. For How Long Do We Process Personal Data?

We process and store your personal data

  • for as long as it is required for the purpose of processing and compatible purposes, in the case of contracts normally for at least the duration of the contractual relationship;
  • for as long as we have a legitimate interest in storing it. This may be the case, in particular, if we need personal data to enforce or defend claims, for archiving purposes, and to ensure IT security;
  • for as long as it is subject to a statutory retention requirement. For example, a ten-year retention period applies to certain data. Shorter retention periods apply for other data, for example for recordings from video surveillance or for recordings of certain online processes (log data).

In certain cases, we will also ask for your consent if we want to store your personal data for longer periods (e.g. for job applications that we wish to keep on file). At the end of the periods specified, we will erase or anonymize your personal data.

For example, we adhere to the following retention periods, although we may deviate from them in individual cases:

  • User accounts: personal data is stored for the duration that the account is active. If a user account is ordered to be deleted, the data will be deleted after any open claims or other relevant points that prevent an immediate deletion have been examined, and after 30 days at the latest.
  • Contracts: We generally retain master and contract data for ten years as of the last contractual activity or contract expiry. However, this period may be longer if this is necessary for the provision of evidence, due to statutory or contractual provisions, or for technical reasons. Transaction data in connection with contracts are generally retained for ten years.
  • Technical data: The storage period of cookies is normally between a few days and two years unless they are immediately deleted at the end of the session.
  • Communication data: E-mails, messages via the contact form and written correspondence are generally retained for ten years.
  • Image and sound recordings: The retention period varies depending on the purpose. It can range from a few days in the case of video surveillance recordings to several years in the case of reports about events with pictures.
  • Job applications: We generally delete application data within six months after the conclusion of the application process. We may keep your application on file with your consent with a view to potential recruitment at a later stage.

15. What Rights Do You Have in Connection with the Processing of Your Personal Data?

You have the right to object to data processing particularly if we process your personal data on the basis of a legitimate interest and the other applicable requirements are met. You can also object to data processing at any time. 

Provided the applicable conditions are met and there are no applicable statutory exceptions, you also have the following rights:

  • the right to request information about your personal data stored by us;
  • the right to have inaccurate or incomplete personal data corrected;
  • the right to request the deletion or anonymization of your personal data;
  • the right to request that the processing of your personal data be restricted;
  • the right to receive certain personal data in a structured, commonly used and machine-readable format;
  • the right to revoke consent with effect for the future, insofar as processing is based on consent. 

Please note that these rights may be restricted or excluded in individual cases, e.g. if there are doubts about the identity or if this is necessary to protect other persons, to safeguard interests worthy of protection or to comply with legal obligations.

You can exercise the most important of the above rights via your user account or sending an email to pages@pages.unibe.ch. If you have a user account, you can correct your master data stored there (e.g. your address) at any time. From your user account, you can also request that your account be deactivated or that your personal data be deleted entirely. You can furthermore unsubscribe from newsletters and other advertising e-mails by clicking on the corresponding link at the end of the e-mail. You may also contact us under Section 16 if you wish to exercise any of your rights or have questions about the processing of your personal data.

In addition, you are free to lodge a complaint with a competent supervisory authority if you believe that the processing of your personal data may be in breach of applicable law.

16. How Can You Contact Us?

If you have any questions or concerns relating to this Privacy Notice or the processing of your personal data, please contact the company responsible using the contact details stated on its website.

You can contact us for specific questions regarding data protection:

PAGES – Past Global Changes – International Project Office

 Hochschulstrasse 4,

3012 Bern,

Switzerland

E-Mail: pages@pages.unibe.ch

17. Changes to This Privacy Notice

This Privacy Notice may be updated over time, especially if we change our data processing activities or if new legal provisions become applicable. We will actively inform individuals whose contact details are registered with us of any material changes, provided that we can do this without disproportionate effort. In general, the version of the Privacy Notice in effect at the time at which the data processing activity in question commences is applicable.
Last modification: 29.06.2023