1. Introduction

Unearthodox values your privacy and is committed to protecting your personal data. This privacy statement explains how we use and safeguard personal data that we gather from you in compliance with data protection regulations through our website and other interactions with you.

Please take note of the information in this privacy statement so that you understand what personal data we collect from you and for what purposes we use it. When it comes to data protection, we adhere to the legal requirements of Swiss data protection law, in particular the Federal Act on Data Protection (FADP), as well as the EU General Data Protection Regulation (GDPR), which may be applicable in individual cases. 

This privacy statement will be reviewed and may be amended from time to time, and we therefore recommend checking it regularly for any updates. 

2. Definitions

Here are definitions of some key terms used in this privacy statement that you may find helpful:

• Personal data: any information relating to an identified or identifiable ‘natural person’. A natural person is identifiable if the person can be identified, directly or indirectly, by reference to an identifier, such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

• Data subject: any identified or identifiable natural person whose personal data are ‘processed’ by the ‘controller’.

• Processing: any operation or set of operations performed on personal data such as collection, recording, organising, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

• Controller: the natural or legal person, or other body, alone or jointly with others, that determines the purposes and means of the processing of personal data. d) Restriction of processing.

• Processor: a natural or legal person or other body that processes personal data on behalf of the controller.

• Third party: a natural or legal person, of another body, who, under the direct authority of the controller or processor, is authorised to process personal data.

• Consent: any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

3. The Controller and who to contact

Unearthodox is the controller of the website www.unearthodox.org and, unless otherwise stated, is responsible for the processing of personal data described in this privacy statement.  Our address is  Rue du Rhône 65, c/o MLL Meyerlustenberger Lachenal Froriep SA, succursale de Genève, 1204 Genève, Switzerland.

If you have any queries, comments or requests about this data privacy statement and our processing of personal data, please write to us or send us an email at data@unearthodox.org.

4. Third-party processors

 We may disclose personal data to trusted third parties who provide services for us for the purposes set out in this privacy statement. We take all reasonable steps to ensure that these external service providers are aware of the regulations and capable of ensuring data security. They are only permitted to transfer the processing of personal data to a third party with our prior authorisation. We will not otherwise sell, trade, or transfer your personal data to any other third parties without your explicit consent.

5. International transfers of personal data

We will transfer your personal data to third parties located abroad if it is necessary to carry out the data processing described in this privacy statement. When making such transfers, we will ensure compliance with applicable legal requirements for disclosing personal data to third parties. Countries to which data is transmitted include those that, according to the decision of the Federal Council and the European Commission, have an adequate level of data protection (such as the member states of the EEA or, from the EU's perspective, Switzerland), and those (such as the USA) whose level of data protection is not considered adequate. If the country in question does not provide an adequate level of data protection, we ensure that your data is adequately protected using appropriate safeguards, unless an exception is specified on a case-by-case basis for the individual data processing. These safeguards may be provided for by standard contractual clauses.

Generally, processing of personal data takes place in Switzerland, but some of the third-party service providers we use are based in the USA (e.g., Google LLC and The Rocket Science Group, LLC d/b/a Mailchimp). 

Organizations participating in the Swiss-U.S. DPF may receive personal data from Switzerland in reliance on the Swiss-U.S. Data Privacy Framework (DPF) effective September 15, 2024, which is the date of entry into force of Switzerland’s recognition of adequacy for the Swiss-U.S. DPF. The recognition of adequacy enables the transfer of Swiss personal data to the above-mentioned organizations, which are listed in the EU-U.S. DPF..

6. Data we collect

The personal information that we collect, and how we collect it, depends on the context of your interactions with us. We  collect various types of personal data, including:

• Contact information: Your name, email address, postal address phone number and other data you provide such as job title, nationality or country of residence.

• Usage information: Details of your interactions with our website, including IP address, browser type, device information, and referring pages.

• Publicly available Information: About stakeholders who we believe may be interested in our work.

• Communication data: Any information you provide when contacting us, participating on our projects or activities, or subscribing to newsletters or updates.

We collect personal information that you voluntarily provide to us when you contact us through our website or other channels such as email, phone or online contact forms. Other ways in which you voluntarily provide personal data include giving us a business card, sending us a CV if you are applying for a job or providing details about yourself during personal interactions and/or if you respond to a call for consultancy proposals.

We collect certain data automatically when you visit our website. This does not include your identity, but it does include device and usage information such as your IP address, browser, referring URL, county, location and other technical information. We collect and process this data to support the use and operation of our website and the security and stability of the system. 

When you visit our Website, we also collect information through cookies and similar technologies. Cookies are information files that your web browser stores on the hard drive or in the memory of your computer. Cookies are assigned identification numbers that enable your browser to be identified and allow the information contained in the cookie to be read. Cookies are used to make your visit to our website easier, more enjoyable, and more meaningful. We use cookies for various purposes that are necessary for the desired use of the website.

Most internet browsers accept cookies automatically. However, when accessing our website, we ask for your consent to the use of non-essential cookies. You can adjust your preferences for cookies by using the corresponding buttons in the cookie banner. Details regarding the services and data processing associated with each cookie can be found within the cookie banner. Disabling cookies may prevent you from using all the features of our Website.

We also collect some information from other sources. For example, if we have a relationship with the organisation you represent, your colleagues and other contacts can give us information about you, such as your contact details or details about your role in the relationship. Sometimes we collect information from third parties or publicly accessible sources for combating money laundering, carrying out background checks and similar purposes to protect our activities and fulfil our statutory and regulatory obligations.

If you apply to work at or with Unearthodox, we use the data you provide us with to assess your application. Application documents from unsuccessful applicants will be deleted at the end of the application process unless you explicitly agree to a longer retention period or we are legally obliged to retain them for a longer period.

7. Legal basis for processing

We will only process your personal data if we have a valid lawful basis, including:

• Consent: We may process your data if you have given us consent to use the data for a specific purpose. You can withdraw your consent at any time.

• Legal obligations: We may process your information where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a regulatory agency or to exercise or defend our legal rights.

• Performing contracts: We may process data if it is necessary for the performance of a contract to which the data subject is party. In some cases, the provision of personal data is required by law (for example by tax regulations) or can arise from contractual regulations (for example, information concerning the contracting partner). Sometimes it may be necessary, for the conclusion of a contract, for a data subject to provide us with personal data which will subsequently have to be processed by us. For example, the data subject must provide us with personal data if we are concluding a contract with the data subject. The consequence of not providing personal data would be that no contract could be drawn up with the data subject. 

• Vital interests: In rare cases, the processing of personal data may become necessary to protect the vital interests of the data subject or another natural person. For example, this would apply in the event of any injury to a visitor to our premises, in which case the name, age, health insurance details and other vital information about the data subject would have to be passed on to a doctor or a hospital or another third party.

• Legitimate interests: These include handling any enquiries we receive from you, and keeping records of our activities, transactions, and communications that may be necessary for legal and operational purposes, except where these interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data. Our Legitimate interest also applies to our soft spam communication in order to support your engagement and update you on our latest activities, events and initiatives.

8. How we use your data

We may use your personal data for the following purposes:

• Engagement: We will send you information updates or newsletters about our work based on our assessment of what we think is relevant to you or any preferences that you have expressed when, for example, you have signed up for a newsletter. You have the option to unsubscribe from these communications at any time.

• Innovation challenges: We sometimes hold “innovation challenges”, where we invite participants in the challenge to submit innovative ideas. We process any personal data you provide in your submission so that we can follow up on any ideas that you would like to work with us on.

• Events: We sometimes hold online or in-person events, and we will process any personal information you provide to us when registering to attend so that we can keep you informed, manage your attendance at the event and send you updates after the event.

• Fundraising and partnership development: We process personal data to manage donations, explore new funding sources and keep our prospective and current donors and partners informed about the impact of contributions.

• Research and analysis of our networks and contacts: We analyse the data we collect to understand the characteristics of our networks, particularly their diversity in terms of gender, geographical location and the sectors that our contacts are working in. This helps us assess how successful we are in bringing together diverse perspectives and ideas for nature and people to thrive together.

• Improving our website: We retain and evaluate information on your visits to our website and how you move around different sections of our website for analytics purposes and to understand how people use our website so that we can make it more intuitive.

• Recruitment: If you apply to work with us, we will process the personal data you provide us to assess your application and suitability. If we enter an employment contract with you, we will store the information for the purpose of managing the contract.

• Contracting with innovators and suppliers: We use the data you provide to carry out checks when setting up contracts with innovators and suppliers and for the purpose of contract management, such as setting up payment arrangements.

• Due Diligence: We may process personal data as part of our due diligence efforts to ensure compliance with legal, regulatory, or ethical standards. This may include:

• Collecting and verifying information such as identification details, financial data, or relevant background information.
• Assessing risks related to fraud, corruption, or unethical practices.
• Sharing necessary information with trusted third-party providers or authorities, where required by law.

9. Software we use to collect personal data

We use Eventbrite to collect information if you register to attend an event that we organise. The type of data we collect includes name and email so that we can keep you informed and manage your attendance. We may also ask for additional information such as your job title, nationality, and country of residence for the purpose of assessing the diversity of attendees at our events. We recommend that you read Eventbrite’s privacy statement, which you can find here:https://www.eventbrite.com/help/en-us/articles/460838/eventbrite-privacy-policy/ 

We use Google Forms to collect personal data when we issue calls for proposals from consultants. The type of data we collect includes names, emails and CVs, which we use to assess proposals and manage any contracts we enter with consultants who have submitted proposals. 

We use MailChimp to create and manage mailing lists and newsletters. MailChimp is third-party software, so we recommend you read MailChimp’s privacy notice to see how they use your data. MailChimp collects more information about its users, including IP address, operating system and browser ID. MailChimp stores your personal information on servers in the USA.

10. Google analytics

We use Google Analytics to track website activity and analyse what content is popular across the site. Google Analytics uses cookies and usually stores them outside of the EU/EFTA area. Google uses this information to evaluate the use of Unearthodox’s website and to compile reports on website activities. In addition, Google states that it transmits this information to third parties if this is required by law or if third parties process the data on behalf of Google. The IP address transmitted by the browser in the context of the use of Google Analytics is not combined by Google with other data. We recommend that you read Google’s privacy policy, which you can find here: https://policies.google.com/privacy. Users can prevent the storage of cookies. Users can also prevent the transmission of the data generated by the cookie concerning their use of the website (including  IP address) to Google, and also the processing of such data by Google, by downloading and installing the browser plugin which is available under the following link: https://tools.google.com/dlpage/gaoptout.

11. Social media

Our Website contains links to our profiles on social networks. If you click on the icons of these social networks, you will be automatically redirected to our profile on the respective network. This establishes a direct connection between your browser and the server of the respective social network. If you click on a link to a social network while you are logged into your user account on that social network, the content of our website can be associated with your profile, allowing the social network to directly link your visit to our website to your account. If you want to prevent this, please log out of your account before clicking on the respective links. A connection between your access to our website and your user account will always be established if you log in to the respective social network after clicking on the link. The data processing associated with this is the responsibility of the respective provider in terms of data protection, so please refer to the privacy notices on the social network's website.

12. Storing data in our central database

If a clear identification of your person is possible, we will store and link your personal information, contact details, contract data and your browsing behaviour on our website in a central database. This allows for efficient management of user data. We may also analyse this data to provide you with relevant information about our work. 

13. Data security and protection

We implement appropriate technical and organisational security measures to protect your personal data from unauthorised access, alteration, disclosure, or destruction. We regularly review and update our security practices to ensure your information remains safe. Our employees and the suppliers we work with are obliged to maintain confidentiality and data protection and are only granted access to personal data to the extent necessary for the performance of their tasks. Personal data will be maintained in as accurate, complete and up-to-date form as is necessary to fulfil the purposes for which they are to be used.

The transmission of information via the Internet and electronic means of communication always involves certain security risks and we cannot provide any absolute guarantee for the security of information transmitted in this way.

14. Data retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this privacy statement within the scope of our legitimate interests, or as required by applicable laws and regulations. When your data is no longer needed, we securely dispose of it.

15. Your rights

You have certain rights regarding your personal data, including the right to access, rectify, erase, restrict the processing of, and object to the processing of your information. If the legal requirements are met, as a data subject, you have the following rights with respect to data processing:

• Right of access: You have the right to request access to your personal data stored by us at any time and free of charge if we process such data. This gives you the opportunity to check what personal data concerning you we process and whether we process it in accordance with applicable data protection regulations.
• Right to rectification: You have the right to have inaccurate or incomplete personal data rectified and to be informed about the rectification. In this case, we will also inform the recipients of the data concerned about the adaptations we have made, unless this is impossible or involves disproportionate effort.
• Right to erasure: You have the right to obtain the erasure of your personal data under certain circumstances. In individual cases, particularly in the case of statutory retention obligations, the right to erasure may be excluded. In this case, the erasure may be replaced by a blocking of the data if the requirements are met.
• Right to restriction of processing: You have the right to request that the processing of your personal data be restricted.
• Right to data portability: You have the right to receive from us, free of charge, the personal data you have provided to us in a readable format.
• Right to object: You have the right to object at any time to data processing, especially with regard to data processing related to direct marketing, including our soft spam activities.
• Right to withdraw consent: You have the right to withdraw your consent at any time. However, processing activities based on your consent in the past will not become unlawful due to your withdrawal.

To exercise these rights, please email us at data@unearthodox.org.

You also have the right to lodge a complaint with a competent supervisory authority, for example against the manner in which your personal data is processed.

16. Third-party websites

Our website may contain links to other third-party sites that are not covered by this privacy policy. We are not responsible for the privacy practices or content of third-party websites. 

17. Contact us

If you have any questions regarding this Privacy Statement, data protection or wish to exercise your rights, please contact us by email at data@unearthodox.org or write to us by post at Unearthodox, c/o MLL Meyerlustenberger Lachenal Froriep SA, succursale, Rue du Rhône 65, 1204 Genève, Switzerland.

18. Additional Information | Updates

We reserve the right to amend this privacy policy, if necessary, in accordance with applicable data protection regulations. In this way, we can adapt it to current legal requirements and take account of changes to our services, e.g. the introduction of new data processing activities. The most up-to-date version applies to your visit. 

Date of last update: January 10, 2025