PRIVACY POLICY

The Geneva Centre for Security Sector Governance (“we”) are aware of the importance of Personal Data (defined below) privacy, especially as we use such data to provide relevant services and information to our visitors. The EU General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (FADP) mandate high standards on how your Personal

Data is collected, processed and stored, give you the right to access the Personal Data and request its erasure, and much more. In accordance with the legislation and recognizing the importance of this matter, we have prepared below explanations on the protection of your Personal Data when visiting this website https://www.securityhumanrightshub.org/ (the “Website”) and the rights you have as data subjects.

Personal Data means any information relating to an identified or identifiable natural person, i.e. an individual, regardless of the form in which it is expressed (hereafter, “Personal Data”). Personal

data is information that identifies you as an individual, directly or indirectly, in particular by reference to identifiers such as a name, surname, location data, an online identifier, e-mail address, etc.

A. Personal Data you provide us with:

You may provide us with Personal Data, for instance by:

• filling out a contact form;
• subscribing to a newsletter.

B. Cookies:

We further collect the following Personal Data through cookies, analytics and other similar tools, such as:

1. IP address of the requesting internet-enabled device,
2. location of the requesting internet-enabled device based on the IP address,
3. date and time of access,
4. accessed resources on the Website,
5. name and URL of the retrieved file,
6. Website/application from which the access was made (referrer URL),
7. browser you use,
8. if necessary, the operating system of your internet-capable computer as well as the name of your access provider.

We use cookies and the Personal Data collected:

1. To authorize access to our Website,

2. To make the functionalities of our Website available to you and to offer you additional functionalities,

3. To improve the Website or our dedicated pages on social media,

4. To store information about your preferences, allowing us to customize our Website according to your individual interests,

5. To speed up your searches,

6. To compile behavioral and statistical information about uses of our Website or our dedicated pages on social media, in particular to estimate our audience size and usage patterns,

7. To produce aggregate insights that do not identify you,

8. To identify you and log your use, recognize you when you return to our Website, track the activity on our Website and hold certain information.

The purpose for implementing all of the above is to maintain and monitor the performance of our Website and to constantly look to improve the site and the services it offers to our users. The legal basis we rely on to process your Personal Data is article 13(1) FADP and article 6(1)(f) of the GDPR, which allows us to process Personal Data when its necessary for the purposes of our legitimate interests.

In addition, cookies and other functionalities mentioned above which would go beyond the purposes of our legitimate interests (for example: Analytics Cookies), are implemented upon your acceptance through the means of our cookie banner.

The controller of Personal Data on this Website is DCAF – the Geneva Centre for Security Sector Governance, Chemin Eugène-Rigot 2E, 1202 Geneva, Switzerland. In case of any questions related to the use and storage of your Personal Data, contact us by email at bsdivision@dcaf.ch

Your Personal Data in relation to cookies is notably stored on servers located in USA and UK. Your other Personal Data is stored in the USA and Switzerland, and is stored for as long as necessary to provide you access to and use of our Website and its functionalities, as well as to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

The storage period of cookies depends on their purpose and is the same for everyone.We may retain de-personalized (anonymous) information after the deletion of your Personal Data.

 

We may share the Personal Data collected with the ICRC. The Personal Data is shared with the ICRC solely for information purposes.

With third parties: The Personal Data collected are primarily intended for communicating with you and improving our services. However, we may give certain independent contractors and affiliates access to the Personal Data in order to assist us with the operation of our Website, as well as data management and marketing activities.

Cross-border data transfer: For some of the third-party service providers, we may transfer your data to one of their databases outside Switzerland or the European Economic Area, potentially including countries which may not have an adequate level of protection for your Personal Data. In such event, we enter into agreements with such third-parties ensuring an adequate level of protection for your Personal Data. By providing us with your Personal Data or by accepting analytic cookies, you agree that we may transfer, store and process your Personal Data outside of Switzerland and the European Economic Area – in particular in the USA – and acknowledge that governments in certain countries such

as the USA have broad powers to access data for security, crime prevention and detection and law enforcement purposes.

Selling Personal Data:We will not sell your Personal Data to third parties. We will not share or otherwise make available your Personal Data to third parties except as provided in this Privacy Policy.

Sharing with authorities:It is possible that we will need to disclose Personal Data when required by law or if we have a good faith belief that disclosure is necessary to investigate, prevent, or take action regarding suspected or actual illegal activities or to assist government enforcement agencies, investigate and defend ourselves against any third-party claims or allegations, protect the security or integrity of our Website or our dedicated pages on social media, or exercise or protect the rights and safety of our users, personnel, or others. We attempt to notify users about legal demands for their Personal Data when appropriate in our judgment and technically feasible, unless prohibited by law or court order or when the request is an emergency. We may dispute such demands when we believe, in our discretion, that the requests are overbroad, vague or lack proper authority, but we do not promise to challenge every demand.

At any time, you have the right to withdraw your consent for the processing of Personal Data for a particular purpose or for all purposes with which you have consented.

For the withdrawal of your consent, please send a written request to: DCAF– Geneva Center for Security Sector Governance, Chemin Eugène-Rigot 2E, 1202 Geneva, Switzerland or by e-mail to bsdivision@dcaf.ch

In case of withdrawal of your consent, we will delete all collected Personal Data or exclude them from automatic processing in accordance with the specificities of your request.Please be aware that the withdrawal of your consent will not impact the lawfulness of processing based on your consent before it was withdrawn and the use of Personal Data as needed to comply with our legal obligations.

Right to update, correct and erasure: At any time, you have the right to obtain from us the correction of inaccurate or incomplete Personal Data. At any time, you also have the right to obtain from us access to the Personal Data that we have collected and the right to obtain immediate erasure of your Personal Data.

Right to restriction of processing: You have the right to request that we restrict the processing of your Personal Data.

Right to data portability: You have the right to be provided with a copy of the Personal Data we have on you in a structured, machine-readable and commonly used format.

Right to object: You have the right to object to our processing of your Personal Data.

Right of access: At any time, you have the right to obtain from us confirmation as to whether your Personal Data are being processed and, where that is the case, access to the Personal Data.

Personal data breach: In the case of a Personal Data breach, we will without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the Personal Data breach to the competent supervisory authority.

Right to complain to an authority:You have the right to complain to a data protection authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority in the European Economic Area (EEA) or in Switzerland.

The security of your Personal Data is important to us, but no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use technical and organizational commercially acceptable means to protect your

Personal Data against manipulation, partial or complete loss and unauthorized access by third party, we cannot guarantee its absolute security.

 

We may change this Privacy Policy at any time by posting a new version on this page or on a successor page, without prior notification. If we make changes to this Policy, we will notify you through a notice on the Website home page. By continuing to access or use our Website or our dedicated pages on social media after those revisions become

effective, you agree to be bound by the revised terms. If you do not agree to the new terms, please stop using the Website and our dedicated pages on social media.