Personal Data Processing / Privacy Notice

The Novo Nordisk Haemophilia Foundation (NNHF) is required by law to protect your personal data. This Notice explains how we process (e.g. collect, use, store, and share) your personal data. We will process any personal data about you in accordance with this Notice, which is based on the Swiss Data Protection Act (DPA) and General Data Protection Regulation (GDPR).

  • Who are we?

    The organisation responsible for processing your personal data is:

    You can always contact us with questions or concerns about how we process your personal data.

  • How do we collect personal data about you?

    We get your personal data from the following sources:

    • From you directly, for example: – When you submit a funding application to NNHF – When you submit your interest to serve as a volunteer in one of the NNHF-support projects – When you visit our website – When you sign up for our newsletter or events – If you participate in a survey
    • From publicly available publications, websites, or social media
    • From our electronic newsletter service provider Mailchimp
    • From the donation processing platform Stripe
  • Why do we process your personal data?

    We process your personal data for a specific purpose and only process the personal data which is relevant to achieve that purpose. We process personal data about you for the following purposes:

    • To manage our relationship with you
    • To analyse data for impact measurement purposes
    • To meet transparency obligations
    • To coordinate a conference or event
    • To communicate the impact of NNHF activities
    • To respond to your questions or request for information
    • To manage our IT resources, including infrastructure management
    • For archiving and record keeping
    • For billing and invoicing
    • To receive your donation for a NNHF project
    • To reimburse you (if applicable)
    • To verify compliance with internal guidelines and procedures, with business goals and values, and with laws and regulations
    • To limit fraud
    • For any other purposes imposed by law and authorities.

    You are not required to provide us with your personal data. If you do not want Novo Nordisk Haemophilia Foundation to use your personal data, we will not be able to include you in our communications programmes or reporting.

  • What personal data do we process about you?

    For the purposes described above, we may process the following types of personal data:

    • Business contact information (business name, address, telephone number, email address, position, department);
    • Private contact information (name, address, telephone number, email address);
    • CV and other background biographical information;
    • Photograph;
    • Financial information (bank account number, credit card/online payment information);
    • Government identification number (e.g. social security number, passport number);
    • Data revealing ethnic origin;
    • Data concerning health;
    • Data on memberships and associations;
    • Data concerning your use of the website from temporary log files, such as IP address, date and time of access, website from which the access was made, name and URL of the retrieved file, search queries performed, the operating system of your computer, internet browser used, device type when accessing by mobile phones, and transmission protocol.
  • Why are we allowed by law to process your personal data?

    Our processing of your personal data requires a legal basis. By law, we can process your personal data described above based on the following legal bases:

    • You gave consent for us to process your personal data. If you gave us consent to process your information, you may revoke your consent at any time.
    • To enter into or execute a contract with you.
    • The processing is necessary for our legitimate business interests and does not unduly affect your interests or fundamental rights and freedoms.
    • The processing is necessary for our compliance with a legal obligation.

    Some of our legitimate interests are: maintaining our IT infrastructure, network stability and security; compliance with business goals; compliance with legal obligations; transparency and communication/reporting of NNHF activities to our stakeholders.

  • With whom do we share your personal data?

    We may share your personal data with third party service providers such as:

    • Suppliers or vendors that assist our company (e.g. consultants, IT service providers, financial institutions, law firms)
    • Volunteer healthcare professionals
    • Parties that have indicated they are interested in learning more about the impact of our organization
    • Any third party to whom we assign or novate any of our rights or obligations
    • Our advisors and external lawyers in the context of the sale or transfer of any part of our business or its assets
  • How do we transfer your personal data outside of the EU/EEA?

    Your personal data may be processed, accessed or stored in a country outside Switzerland, which may not offer the same level of protection of personal data.

    We therefore use the following safeguards, as required by law, to protect your personal data in case of such transfers:

    • EU Adequacy Decisions. For transfers to countries deemed by the EU Commission to have an adequate level of protection of personal data
    • EU Standard Contractual Clauses for the Transfer of Personal Data to Third Countries. You can get a copy of the Clauses by contacting us as described in Section 1
    • The EU-US Privacy Shield Framework for transfers to Privacy Shield-certified and US-based companies and organisations. More information and a list of Privacy Shield-certified companies and organisations are available at https://www.privacyshield.gov/welcome.
  • How long will we keep your personal data?

    We will keep your personal data for as long as needed for our communications programmes and record keeping obligations.

  • What are your rights?

    In general, you have the following rights:

    • You can get an overview of what personal data we have about you
    • You can get a copy of your personal data in a structured, commonly used and machine-readable format
    • You can get an update or correction to your personal data
    • You can have your personal data deleted or destroyed
    • You can have us stop or limit processing of your personal data
    • If you have given consent for us to process your personal data, you can withdraw your consent at any time. Your withdrawal will not affect the lawfulness of the processing carried out before you withdrew your consent
    • If you wish to file a complaint about our processing of your data, you can contact the Swiss Data Protection Authority or the Data Protection Authority in your country

    Under applicable law, there may be limits on these rights depending on the specific circumstances of the processing activity. Please contact us using the information in Section 1 with questions or requests relating to these rights.

  • Cookies and other Tracking Tools

    Our website uses cookies. Please see our Cookie Notice for information about cookies.

    Mailchimp, our electronic newsletter service provider uses web beacons, which are tiny invisible graphics, to measure newsletter opens, to measure clicks, and to determine the country where the newsletter is opened.

    More about coookies

    Social media websites

    On our website you will find links or plug-ins to various social networks (such as Facebook, LinkedIn, and Instagram). Clicking on a link opens the corresponding social media webpage for which our privacy policy does not apply. For details on the applicable provisions, please refer to the corresponding privacy statements on the websites of each provider.

    Before clicking on the corresponding link or plug-in, no personal information is transmitted to the respective provider. Your visit to the linked page is also the basis for data processing by the respective provider. We do not have control over the data processing operations, nor are we aware of the full scope of the data collection, the purposes of the processing, and the retention periods. We also have no information about the deletion of the data by the plug-in providers.

    Newsletter

    You can subscribe online to our electronic newsletter. Should you later decide not to receive newsletters, you may terminate the subscription at any time with effect for the future by revoking your consent. The revocation takes place for e-mail newsletters via the link provided at the bottom of the newsletter. Alternatively, please contact us using the information in Section 1.