Privacy Policy

In accordance with applicable data protection laws, in particular the Swiss Federal Act on Data Protection (FADP) and the European General Data Protection Regulation 2016/679 (GDPR), everyone has the right to respect for their privacy and protection against the misuse of their data. The Elke Schark Foundation complies with these provisions. Your personal data, intended for the communications and development department, for managing donor relationships, and for appealing to your generosity, will be treated as strictly confidential and will not be sold or disclosed to third parties. In close cooperation with our hosting providers, we do everything possible to protect our databases as effectively as possible against external interference, loss, misuse, and falsification. If you have any questions about the use of your personal data, please contact us by email at info@elke-schark-stiftung.com.

Privacy Policy

Last updated: 15 July 2026

Protecting your personal data is important to us. This Privacy Policy explains which data the Elke Schark Foundation processes in connection with this website, contact enquiries, donations, payments, analytics and marketing services, and which rights you have.

1. Data Controller

The controller responsible for processing personal data in connection with this website is:

Elke Schark Stiftung
Diepoldsauerstrasse 20
CH-9443 Widnau
Switzerland
UID: CHE-255.266.028Privacy contact: info@elke-schark-stiftung.com
General contact addresses: bm@elke-schark-stiftung.com and bm@elke-schark-foundation.com

2. Applicable Data Protection Law and Legal Bases for Processing

Personal data is processed in particular in accordance with the Swiss Federal Act on Data Protection (FADP) and the Data Protection Ordinance (DPO). Where the European Union General Data Protection Regulation (GDPR) applies to a processing activity, we also comply with its requirements.

Where the GDPR applies, we base processing in particular on your consent (Art. 6(1)(a) GDPR), the performance of pre-contractual measures or a contract (Art. 6(1)(b) GDPR), legal obligations (Art. 6(1)(c) GDPR), or legitimate interests (Art. 6(1)(f) GDPR). Legitimate interests include, in particular, the secure and economical operation of the website, responding to enquiries, the proper processing of donations, fraud and misuse prevention, and the improvement of our information and charitable services.

3. Accessing the Website, Hosting and Server Logs

When you access the website, the web server or a technical service provider commissioned by us may automatically collect technical data. This may include in particular:

  • IP address and, where applicable, the hostname of the accessing device
  • date and time of access
  • page or file accessed and the amount of data transferred
  • referrer URL
  • browser type, browser version, operating system and device characteristics
  • HTTP status code as well as technical error and security information

This processing serves to provide the website technically, ensure its stability and security, analyse errors, and detect and prevent misuse. Server logs are retained only for as long as necessary for these purposes. A longer retention period may be necessary in the event of a security incident.

Access to hosting, maintenance and technical administration is limited to the Foundation and appropriately commissioned service providers to the extent required for their tasks.

4. Cookies, Borlabs Cookie and Language Selection

4.1 Cookies and Similar Technologies

Our website uses cookies and similar technologies. Technically necessary cookies enable essential functions such as managing your consent, language selection, secure form and donation processing, and maintaining a session. Analytics, marketing and external media services are generally activated only in accordance with your selection in the cookie banner.

You can change or withdraw your consent at any time through the website’s cookie settings. Withdrawal applies for the future and does not affect the lawfulness of processing carried out before the withdrawal.

4.2 Borlabs Cookie

We use Borlabs Cookie to manage and document your privacy and cookie settings. In particular, your selected consent options, a consent identifier, and the date and time of your decision are processed. Borlabs Cookie places a technically necessary cookie for this purpose. The processing serves to control services requiring consent and to document your choices.

4.3 WPML Language Selection

We use WPML to provide the website in German and English. WPML may store a functional cookie in order to retain the selected language. Unless an external automatic translation function is activated, processing generally takes place within our WordPress installation.

5. Contact, Ninja Forms, reCAPTCHA and Email Delivery

5.1 Contact Form Using Ninja Forms

When you contact us through a contact form, we process the data you enter, in particular your name, email address, company where applicable, subject, message, and any other voluntary information. Technical information relating to the form submission, in particular the time and IP address, may also be processed.

The information is used to process your enquiry, answer follow-up questions, and communicate with you. Form submissions are stored within the WordPress installation and are additionally sent to the responsible email addresses of the Foundation. The data is deleted when it is no longer required to process the enquiry and no legal obligations or legitimate reasons require further retention.

Please do not submit sensitive personal data through the contact form unless it is strictly necessary for your enquiry.

5.2 Google reCAPTCHA

Google reCAPTCHA is integrated to protect forms against spam, automated submissions and misuse. The service is initially blocked through Borlabs. To submit a form protected in this way, you must enable reCAPTCHA. Only then is a connection to Google established.

In particular, the IP address, browser and device information, date and duration of the visit, interactions such as mouse movements or keyboard input, pages accessed, existing Google cookies, and the result of the security check may be transmitted to Google. Google uses this information to assess whether the input was made by a person or by an automated system.

For persons in Switzerland and the European Economic Area, the provider is generally Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Processing may also be carried out by affiliated companies, in particular in the United States.

5.3 Email Communication and SMTP Delivery

Emails from contact and donation forms are sent via an SMTP connection. Based on the current technical information available, Microsoft 365 or another Microsoft email service is used for this purpose. Sender and recipient data, subject lines, message content, timestamps and technical delivery information are processed.

For persons in Switzerland and the European Economic Area, Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland, may be responsible. Data may also be processed in other countries in the course of providing the service.

6. Donation Management Using GiveWP

We use GiveWP within our WordPress website to technically process and manage donations. The following data may be processed in connection with a donation:

  • name and email address, where provided
  • company, where voluntarily provided
  • donation amount, currency and selected project
  • selected payment method
  • payment and transaction status and transaction number
  • date and time of the donation
  • information relating to the donation confirmation and voluntary messages
  • technical information such as IP address, browser and device information

The data is used to process and allocate the donation, handle payments, send automatic confirmation emails, issue donation receipts, answer questions, maintain accounting and audit records, prevent fraud, and comply with legal obligations.

A donation may be anonymous to the public or in the Foundation’s communications. Nevertheless, the Foundation and the respective payment service providers may receive identification and transaction data where required for technical payment processing, security checks and compliance with legal obligations.

7. Payment Methods

7.1 Stripe and Credit Card Payments

We use Stripe for credit card and other electronic payments. Depending on the payment and region, Stripe Payments Europe, Limited or Stripe Technology Europe, Limited, Dublin, Ireland, as well as other companies of the Stripe group, may be involved.

Stripe processes in particular names and contact details, payment amount, currency, transaction data, card or account information, IP address, device and browser information, and security and fraud prevention data. Full card details are generally processed directly by Stripe. The Foundation usually receives only the information required to allocate and document the payment, such as the amount, payment status and transaction identifier.

Stripe processes data under its own responsibility to the extent required to provide payment services, prevent fraud, comply with regulatory obligations, and ensure the security of payment transactions.

7.2 PayPal

If you select PayPal as your payment method, the data required for the payment is transmitted to PayPal. Depending on your place of residence and the specific PayPal service, PayPal (Europe) S.à r.l. et Cie, S.C.A., 22–24 Boulevard Royal, L-2449 Luxembourg, or another company of the PayPal group may be responsible.

PayPal processes in particular names, contact and account details, payment amount, currency, transaction data, IP address, device and security information. Processing is carried out to execute the payment, perform identity and security checks, prevent fraud, and comply with legal and regulatory obligations.

7.3 Bank Transfer

For donations made by bank transfer, we receive from the banks involved, in particular, the payer’s name, bank account details or IBAN, amount, payment reference and booking date. This data is used to allocate the donation, maintain accounting records, issue donation receipts, and comply with legal obligations.

8. Communication with Donors

We may use the contact details provided in connection with a donation to send transaction and donation confirmations, answer questions, and provide information about the use of the donation or the supported project.

Advertising or fundraising messages that go beyond the immediate processing of the donation are sent only where consent has been given or where the communication is permitted under applicable law. Consent may be withdrawn at any time with effect for the future.

9. Google Tag Manager and Google Consent Mode

We use Google Tag Manager to technically manage website tags. In particular, Google Analytics, Google Ads and the Meta Pixel are controlled through Tag Manager in accordance with the settings selected through Borlabs. Google Tag Manager primarily serves to deploy and manage other tags and generally does not create independent user profiles.

Where Google Consent Mode is used, the consent status is transmitted to Google. If Advanced Consent Mode is enabled, depending on the configuration, limited technical and cookieless signals may be sent to Google even before consent is given. No analytics or advertising cookies are set unless the corresponding consent has been granted. Google may use such signals to create modelled, aggregated analyses.

10. Google Analytics 4

We use Google Analytics 4 to statistically analyse and improve our website. Google Analytics is controlled in accordance with your consent through Borlabs and Google Tag Manager.

In particular, the following information may be processed:

  • pages viewed, sessions, clicks and interactions
  • playing, pausing or downloading audio files
  • source or referrer and campaign information
  • approximate geographical region
  • browser, device and screen information
  • language settings, date and time
  • cookie, client and, where applicable, advertising identifiers

The provider is generally Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Processing may also be carried out by Google LLC and other affiliated companies in the United States and other countries.

The retention period for user- and event-related data depends on the settings of the Google Analytics property. Standard properties offer, in particular, retention periods of 2 or 14 months. Aggregated standard reports may not be affected by this setting.

11. Google Ads

We use Google Ads to raise awareness of the Foundation, its charitable projects and donation opportunities, and to measure the success of advertising activities. This may include conversion tracking and, where enabled, remarketing functions.

In particular, ad clicks, pages visited, actions performed, visits to donation pages, timestamps, campaign information, IP address, browser and device information, and cookie and advertising identifiers may be processed. Activation takes place in accordance with your consent through Borlabs. The provider is generally Google Ireland Limited; further processing may be carried out by affiliated companies, in particular in the United States.

12. Meta Pixel

We use the browser-based Meta Pixel to measure and optimise advertising on Facebook and Instagram. According to the current configuration, a server-side Meta Conversions API is not used.

The Pixel may transmit to Meta, in particular, information about page views, clicks, interactions, the time of the visit, referrer URL, IP address, browser and device information, and cookie and advertising identifiers. Activation takes place in accordance with your consent through Borlabs.

The provider is generally Meta Platforms Ireland Limited, Merrion Road, Dublin 4, Ireland. Meta may associate data with a Facebook or Instagram account and use it for analytics, security and advertising purposes. Processing may also take place in the United States and other countries.

13. Embedded Videos from YouTube and Vimeo

13.1 YouTube

Videos from YouTube may be embedded on our website. The content is initially blocked by Borlabs and displayed as a placeholder. A connection to YouTube or Google is established only after you enable the content or consent to the corresponding category.

In particular, the IP address, browser and device information, the page accessed, cookie identifiers and information about video usage may be transmitted to Google. If you are signed in to Google or YouTube, Google may associate the use with your account.

13.2 Vimeo

Videos from Vimeo may also be embedded on our website. Vimeo content is likewise initially blocked by Borlabs and loaded only after you enable it.

In particular, the IP address, browser and device information, the page accessed, technical usage data and, where applicable, cookie identifiers may be transmitted to Vimeo.com, Inc. or affiliated companies. Processing may take place in particular in the United States.

14. Social Media Links, Audio Player and Downloads

14.1 Facebook and Instagram Links

Our website contains simple links or icons to profiles on Facebook and Instagram. Merely accessing our website generally does not establish a connection to these platforms through such links. Only when you click a link do you leave our website. The respective platform operator is responsible for the subsequent processing of data.

14.2 Audio Player and Song Downloads

Music tracks may be played and downloaded on the website. Technically necessary server data is processed in this context. If you have consented to analytics, Google Analytics may additionally evaluate events such as starting, pausing or downloading a specific song.

15. Backups Using BackWPup and Data Security

15.1 Backups

We use BackWPup for data backup. According to the current configuration, backup copies are stored on the web server and are not transferred to an external cloud backup service. Backups may contain website content, databases, contact form submissions and donation data. Access is restricted to authorised persons and technical service providers.

15.2 Technical and Organisational Measures

We take appropriate technical and organisational measures to protect personal data against loss, misuse, unauthorised access, alteration or disclosure. These include encrypted transmission, access restrictions, regular updates, backup copies, and organisational rules governing access to data. However, completely risk-free transmission or storage of data cannot be guaranteed.

16. Recipients and Disclosure of Personal Data Abroad

16.1 Categories of Recipients

Where necessary, personal data may be disclosed in particular to the following recipients or categories of recipients:

  • hosting, server, IT, maintenance and web service providers
  • email and communications providers
  • banks and payment service providers, in particular Stripe and PayPal
  • accounting, audit, legal and advisory service providers
  • Google, Meta, YouTube, Vimeo and other enabled technical providers
  • authorities, courts and supervisory bodies where a legal obligation exists

Data is disclosed only where necessary for the relevant purpose, where a legal obligation exists, where an overriding legitimate interest applies, or where you have given your consent. We do not sell personal data.

16.2 Processing Abroad

Some service providers are located outside Switzerland or process data in other countries, in particular in Member States of the European Union, the United States and, where applicable, other countries.

Personal data is disclosed abroad only in compliance with the applicable legal requirements. Transfers to countries recognised as providing an adequate level of data protection may take place on that basis. Transfers to appropriately certified US companies may take place on the basis of the Swiss-U.S. Data Privacy Framework or, where the GDPR applies, the EU-U.S. Data Privacy Framework. In other cases, recognised standard contractual clauses and additional safeguards may be used, or a statutory exception may apply.

Where data is processed in countries without an equivalent level of data protection, it cannot be completely ruled out, despite contractual and technical safeguards, that authorities may access data within the scope of their legal powers.

17. Retention Period

We retain personal data only for as long as necessary for the relevant purpose or for as long as statutory retention, evidentiary or limitation periods apply. The following criteria apply in particular:

  • contact enquiries: until the enquiry has been fully processed and thereafter only for as long as necessary for evidence, follow-up questions or potential claims.
  • donation, payment, accounting and supporting-document data: generally for ten years or for the duration prescribed by applicable law.
  • records of consent: for as long as necessary to demonstrate consent and defend against potential claims.
  • server logs: generally only for a limited period required for security purposes.
  • analytics and marketing data: in accordance with the settings and deletion periods of the respective providers and until consent is withdrawn, unless the data has already been anonymised or aggregated.
  • backup copies: within an appropriate backup and deletion cycle; final deletion may be delayed until a backup copy is overwritten.

18. Rights of Data Subjects

Depending on the applicable data protection law, you may in particular have the following rights:

  • to obtain information as to whether personal data concerning you is processed and, if so, what data is processed
  • to have inaccurate data corrected or incomplete data completed
  • to request deletion or destruction of data where there is no obligation or right to retain it
  • to object to certain processing activities
  • to withdraw consent with effect for the future
  • to receive or transfer certain data in a commonly used electronic format where the legal requirements are met
  • where the GDPR applies: to request restriction of processing and to lodge a complaint with a competent supervisory authority

To exercise your rights, please contact info@elke-schark-stiftung.com. To protect against unauthorised disclosure of data, we may request appropriate proof of identity. Statutory retention obligations, overriding interests and the rights of third parties may restrict individual rights.

In Switzerland, you may also contact the Federal Data Protection and Information Commissioner (FDPIC). Where the GDPR applies, you may lodge a complaint with a competent data protection supervisory authority in the European Union or the European Economic Area.

19. Automated Decisions

As a rule, we do not make decisions based solely on automated processing that produce legal effects for data subjects or similarly significantly affect them.

20. Amendments to this Privacy Policy

We may amend this Privacy Policy if our data processing activities, the services used, or legal requirements change. The current version published on this website applies.

Information on the Providers’ Privacy Policies

Further information on data processing by the providers used can be found in their current privacy policies. In particular, the privacy policies of Google, Meta, Microsoft, Stripe, PayPal and Vimeo, as well as the information on the individual services stored in Borlabs, are relevant.