The Swiss Human Rights Institution (hereafter ‘SHRI’) operates the website ‘https://www.isdh.ch/en’ (hereafter ‘SHRI website’), and processes personal data as part of its activity (e.g. taking stock of the human rights situation in Switzerland, information on human rights in Switzerland, monitoring of the implementation of human rights in Switzerland, providing the SHRI website, an information platform, newsletters and collaborations).

Confidentiality and discretion are crucial for the SHRI, so it takes the subject of data protection very seriously and ensures appropriate data security. Of course, the SHRI also observes the statutory provisions of the Federal Act on Data Protection (Bundesgesetz über den Datenschutz in German, or DSG hereafter), the Ordinance on Data Protection (Verordnung über den Datenschutz in German, or DSV hereafter)), the Telecommunications Act (Fernmeldegesetz in German or FMG hereafter) and further potentially applicable provisions relating to data protection. In so far as the SHRI falls under private law, the provisions apply to data processing by private individuals.

The SHRI is responsible for the processing of personal data. In the event of any questions relating to data protection, you can contact the SHRI by post or e-mail using the contact details below:

Post:

Swiss Human Rights Institution SHRI

Avenue Beauregard 1

1700 Fribourg, Switzerland

e-mail:

info@isdh.ch.

A) The processing of personal data when visiting the SHRI website

1. What data does the SHRI collect when you visit the SHRI website?

In order to enable you to establish connection with the SHRI website and guarantee its secure use (in particular system security and stability), the servers used by the SHRI store each access temporarily in a log file whenever you visit the SHRI website. As with any connection to a web server, the following technical data are recorded automatically, with no action needed on your part, and stored until they are automatically erased:

• IP address of the requesting computer, inc. geolocalisation of your device location ;

• name of the owner of the IP address range (usually your Internet access provider);

• date and time of access;

• the webpage from which access was requested (‘referrer URL’), if applicable, with the search term used;

• name and URL of the file accessed;

• status code (e.g. error message);

• your computer's operating system;

• the browser you used (type, version and language); and

• transfer protocol you used (e.g. http/1.1).

In order to prevent unauthorised access, if not yet automatically erased, the IP address of the requesting computer may be evaluated together with further data in the event of attacks on the network infrastructure or other unauthorised use of the SHRI website and, if applicable, may be used against the user concerned in the course of the relevant criminal or civil proceedings. In this case, the data for the relevant criminal or civil proceedings are stored until such time as they are required for the civil or criminal proceedings.

2. Does the SHRI use cookies and tracking tools?

For the operation of its website, the SHRI uses cookies, tracking tools and similar technologies (e.g. tracking pixels) to ensure the technical functionality of the SHRI website, for instance, to understand how visitors use the SHRI website and in order to store a user’s preferences on the browser.

Cookies are small text files that are stored on your device by your browser when you visit the SHRI website. The SHRI can recognise these cookies again if you revisit the SHRI website later. Cookies are stored for different lengths of time.

You can use your browser or the cookie banner on the SHRI website at any time to set up your browser to accept or reject cookies. However, this may result in the SHRI website no longer working properly on your device. You can also erase cookies on your device yourself at any time.

In particular, the SHRI uses the following cookies and tracking tools:

• strictly necessary cookies; and

• performance and analytics cookies and similar technologies (e.g. Matomo).

The SHRI uses cookies and tracking tools if they are needed for the SHRI website to function properly (e.g. system configuration), to provide certain functions and to improve the SHRI website by means of analytics.

SHRI uses Matomo on its website for statistical evaluation. Matomo is an open-source website analytics tool using cookies. With the aid of Matomo, the SHRI aims to further improve the SHRI website and adapt it even more closely to users’ needs.

Specifically, the information obtained by the cookies as regards the use of the SHRI website is transmitted to the SHRI server and stored there so that user behaviour can be evaluated. Your IP address is anonymised immediately, so you remain anonymous as a user. The information generated by the cookies as regards your use of the SHRI website is not disclosed to third parties.

3. Does the SHRI include third-party links?

The SHRI has integrated links to websites (e.g. ENNHRI, humanrights.ch) and apps (e.g. Outlook e-mail) of third parties in various places on the SHRI website. If you click on these links on the SHRI website, it is possible that certain data are passed on to the operators of the website or app concerned without the knowledge of the SHRI. Any such data processing is beyond the control of the SHRI. Please refer to the respective operator of the websites and/or apps about their data processing policies.

4. Does the SHRI use social media?

The SHRI has a social media presence and may use social media plug-ins such as LinkedIn or Bluesky. The SHRI only uses the analyses and statistics provided directly by the social media platforms concerned. The SHRI therefore does not generate its own statistics using these platforms and does not track any individual clicks on content created by the SHRI.

The processing activities of these social media providers are beyond the control of the SHRI. Therefore, please read the privacy policies of the respective providers before visiting any such platform.

5. Does the SHRI include videos using YouTube or Vimeo on its website?

The SHRI uses the services of specialised third parties to enable direct playback of digital audio and video content. In particular, the SHRI uses:

• Vimeo: the video platform provider is Vimeo Inc. (USA).

• YouTube: the video platform is part of the Alphabet Inc. group (USA).

The processing activities of these video platforms are beyond the control of the SHRI; therefore, please read the privacy policies of the respective platform before accessing any such video.

B) Processing of personal data when collaborating with the SHRI

The SHRI processes personal data solely in order to perform the tasks enshrined in the Federal Act on Measures to Promote Civil Peacebuilding and Strengthen Human Rights (Bundesgesetz über Massnahmen zur zivilen Friedensförderung und Stärkung der Menschenrechte in German) and in so far as the SHRI falls under private law. The SHRI collects personal data, in particular, when:

• you contact the SHRI;

• you commission third parties to transmit information to the SHRI;

• you conclude an agreement with the SHRI; or

• otherwise collaborate with the SHRI.

The SHRI uses software from the company bexio SA, based in Switzerland, to perform its activities, in particular for billing. The SHRI has contractually ensured that bexio SA, as a subcontractor, guarantees adequate data security and data protection.

In addition to the personal data obtained in the course of this collaboration, the SHRI also collects data (i) from publicly accessible sources (e.g. public registers, the press and internet databases), (ii) from public authorities and courts and (iii) from third parties who collaborate with the SHRI. The SHRI processes the types of personal data mentioned above to enable it to perform the necessary activities stipulated by law and required under private law.

Please note that you are responsible for personal data which you supply to the SHRI (e.g. personal data of members of your association or employees of your company) and you must comply with the information requirements in this respect.

C) E-mails

On the SHRI website you can subscribe to a number of e-mail lists, such as the newsletter. These e-mails contain information about new publications, focus themes and other activities of the SHRI. The SHRI uses e-mails exclusively to send you the information you are subscribed to receive. For this the SHRI needs the following information:

• surname and name;

• language preference; and

• e-mail address.

With your consent, the SHRI will send you the SHRI newsletter four times per year and other e-mails from time to time. You can withdraw your consent at any time and each email includes a link where you can unsubscribe.

In addition, if you have attended an event or workshop organised by the SHRI, we may send you follow-up messages, based on the legitimate interest of the SHRI. These are emails for a specific purpose and not a subscription to our newsletter.

The SHRI will only send you these e-mails as described above in so far as the SHRI (i) is subject to private law and it has a legitimate interest or the SHRI (ii) is in contact with you by virtue of the law or with your consent. If the SHRI sends you the emails on the basis of your consent, you may withdraw your consent at any time.

To send e-mails the SHRI uses an external service provider who works for the SHRI as a subcontractor.

D) Members

The SHRI welcomes the fact that you would like to be or are already a member of the SHRI. In order to keep the membership application process and membership management as simple as possible, the SHRI processes the following information about you:

• surname (private individuals only)

• first name (private individuals only)

• surname and first name of the contact person (legal entities only)

• street;

• postcode;

• town;

• country;

• telephone number (optional);

• e-mail address;

• field of activity (optional);

• language preference.

The SHRI only uses these and other optional data (i.e. personal data provided voluntarily by you) to verify your membership application and the membership management process associated with it (providing information and payment slips). If your membership application is successful, the SHRI will keep these data in the membership management system for the duration of your membership. If your application is, unfortunately, not successful, the SHRI will only keep your data until the next Members’ General Meeting (usually in May or June), unless the SHRI has agreed otherwise with you individually or is obliged by law to retain them for longer.

As a member, you will also automatically receive communications to members regarding fees, the date and documents for the Members’ General Meeting and information about the activities of the SHRI. If you no longer wish to receive these communications, please unsubscribe using the link included in the e-mails

On request, the SHRI Secretariat will provide access to a list of the names of the members of the SHRI.

E) Job applications

The SHRI welcomes the fact that you are interested in a position with the SHRI and are applying or have already applied. In order to keep the application process as simple as possible, the SHRI processes the following information about you:

• surname;

• first name;

• street;

• postcode;

• town;

• country;

• telephone number;

• e-mail address;

• curriculum vitae;

• diplomas / certificates

• language skills;

• cover letter.

The SHRI only uses these and other data provided voluntarily by you (e.g. date of birth, link to LinkedIn profile) to verify the application and the application process associated with it. If your application is successful, the SHRI will keep these data in the HR information system. If your application, unfortunately, does not result in employment, the SHRI will only keep your application data for a period of 3-6 months and will then erase them, unless the SHRI has agreed otherwise with you individually or is obliged by law to retain them for longer.

F) Disclosure of personal data to third parties

The SHRI will only disclose your personal data to third parties if you have given your explicit consent, if there is a statutory obligation for it, if it is required for the enforcement of rights or if the Members General Meeting has given its consent, in particular for the enforcement of claims arising from a contractual relationship.

The SHRI also discloses your personal data to third parties if this is required in the context of using the SHRI website and processing contracts. The possible recipients involved are in the following categories: software and platform providers (e.g. CRM and Microsoft 365), external service providers, partner organisations, public authorities and courts.

G) Transfer of personal data abroad

The SHRI processes personal data predominantly in Switzerland. It is possible, however, that the SHRI transfers your personal data to commissioned service providers abroad for the purpose of using bespoke software services (e.g. cloud providers, video conferencing, e-mails or tracking services) and in order to perform the data processing described in this Privacy Notice. These service providers and third parties are generally subject to the data protection obligations to the same extent as the SHRI. Should the level of data protection in any country not be consistent with the level in Switzerland, the SHRI will only transfer your personal data abroad on the basis of your consent in any specific case, on the basis of a decision regarding adequacy, standard contractual clauses, or if it is required for performance of a contract or the enforcement of rights.

H) Retention period for personal data

The SHRI only stores your personal data for as long as is required to perform its activity or if there is a retention or documentation requirement stipulated by law or by the public authorities.

If the SHRI is acting under private law, it may also store your personal data for as long as it has an overriding interest in them. This is the case, for example, when the SHRI stores your contact details in its contacts database in order to collaborate with you again in future or in order to stay in contact with you for another reason.

The SHRI may also offer the Swiss Federal Archives any and all personal data which it no longer requires and which have been processed by it in the context of its activity under public law. If the personal data are designated by the Swiss Federal Archives as not being of archival value, the SHRI will erase these personal data, unless they are anonymised or unless they need to be retained for evidentiary or security purposes or in order to safeguard the legitimate interests of the data subject.

I) Your right to be informed, the right to rectification, erasure and restriction of processing of personal data and to data portability

You have the right to be informed upon request about your personal data that are processed by the SHRI. You also have the right of rectification of inaccurate personal data and to erasure of your personal data, unless this is precluded by a retention or documentation requirement stipulated by law or public authorities or by another statutory provision. You also have the right to request the SHRI to return the personal data which you provided to it. Upon your instruction, the SHRI will also disclose your personal data to a third party of your choice. You also have the right to receive the digitally transmitted personal data in a commonly-used format. You also have the right to object to the disclosure of your personal data by the SHRI.

You can contact the SHRI at the postal and e-mail addresses above for the purposes mentioned above. Please note that statutory requirements and exceptions apply to these rights. The SHRI may refuse requests to exercise these rights to the extent permitted or required by law. It is therefore possible that in some circumstances the SHRI must retain or otherwise further process personal data for legal reasons despite the request for their erasure or restriction of their processing.

J) Data security

The SHRI uses appropriate technical and organisational security measures to protect your personal data stored by it from manipulation, partial or total loss, and from unauthorised access by third parties. The security measures employed by the SHRI are continually reviewed and improved in line with the state of the art.

The SHRI points out that it may resort to external IT service providers and cloud providers in the course of its activity. In so doing, the SHRI uses certain IT services and means of communication that may be associated with data security risks (e.g. e-mail or video conferencing). Should you use such means of communication vis-à-vis the SHRI, the SHRI assumes that you accept the data security risks associated with it. Please inform the SHRI if you wish particular security measures to be taken.

K) Amendment of this Privacy policy

This Privacy policy provides information as regards the nature, scope and purpose of the way in which the SHRI uses personal data. The SHRI reserves the right to amend the content of the aforementioned Privacy policy unilaterally at any time and without prior notice. This Privacy policy was last amended on 6 November 2025.