1. General Provisions
Civitas Maxima is committed to protecting personal data with the highest standards of confidentiality, integrity, and security. We implement appropriate technical and organisational measures designed to protect personal data against unauthorised access, disclosure, misuse, alteration, or destruction. You may visit and browse our website without providing personal information. We collect personal data only when you choose to provide it, for example when subscribing to our newsletter, making a donation, applying for a position, or contacting us through our website. Such data may include names, contact details, postal addresses, payment-related information, and any other information voluntarily provided. Personal data is processed only for the purposes described in this Policy and is not sold, rented, or disclosed to third parties for their own commercial or marketing purposes. However, personal data may be shared with trusted service providers acting on our behalf, or with competent authorities where required by law, as further described in this Policy.
2. Scope and Applicable Law
Civitas Maxima processes personal data only for specified, legitimate purposes and in accordance with applicable data protection laws:
• Swiss Federal Act on Data Protection (nDSG): Civitas Maxima complies with the revised Swiss Federal Act on Data Protection (nDSG), in force since 1 September 2023.
• EU General Data Protection Regulation (GDPR): Where our processing activities fall within the territorial scope of the GDPR, Civitas Maxima also complies with the applicable requirements of that Regulation, including Data Protection Impact Assessments and processor agreements where required.
3. Legal Bases for Processing
Processing of personal data by Civitas Maxima rests on one of the following legal bases:
• Consent freely given by the data subject;
• Performance of a contract or pre-contractual measures at the data subject’s request (e.g. recruitment);
• Civitas Maxima’s legitimate interests, provided these do not outweigh your rights and freedoms (e.g. communications with supporters);
• Compliance with a legal obligation or performance of a task in the public interest.
Where the GDPR applies, processing is based on the legal grounds provided by Article 6 GDPR. If you would like more information about the legal basis applicable to a specific processing activity, please contact us at [email protected].
4. Data Controller
Civitas Maxima is the data controller for all personal data processed under this Policy.
Civitas Maxima
Place Longemalle 1, PO Box
1211 Geneva 4
Switzerland
Data Protection contact: [email protected]. Alternatively, please use the dedicated contact form on our website.
5. Categories of Personal Data Processed
The categories of personal data we process depend on how you interact with us and may include:
• Newsletter: email address; you may unsubscribe from newsletters at any time using the unsubscribe link contained in each communication;
• Contact forms: name, surname, postal address, email address, and any other information voluntarily provided;
• Donations: name, surname, postal address, email address (where provided), and payment information;
• Recruitment: CV, qualifications, cover letter, references, and other application materials;
• Website/usage data: IP address, browser type, device and OS information, cookie data, and visit timestamps.
6. Website Data Collection
When you visit our website, we may automatically collect certain technical information, including your IP address, browser type, device information, operating system, referring pages, and visit timestamps. This information helps us maintain the security and performance of the website and understand how it is used.
7. Data Protection Principles
In accordance with Article 7 nDSG and Article 25 GDPR, Civitas Maxima applies privacy by design and privacy by default:
• Data collection is limited to what is strictly necessary;
• Access is restricted on a need-to-know basis;
• Appropriate technical and organisational security measures are applied; and
• Processing activities are reviewed regularly for compliance.
8. Data Transfers and Third-Party Recipients
Personal data may be transferred:
• Internally for operational purposes;
• to Third-party service providers (e.g. hosting, IT, payment processing) under appropriate contractual safeguards; and
• to Competent public authorities where required by law.
All third-party service providers are required to process personal data only on our instructions and to implement appropriate security and confidentiality measures. Where personal data is transferred outside Switzerland or the EEA to jurisdictions that do not provide an equivalent level of data protection recognised under Swiss law, Civitas Maxima implements appropriate safeguards, including Swiss-recognised Standard Contractual Clauses, supplementary technical and organisational measures, or another lawful transfer mechanism.
9. Data Security
Civitas Maxima implements appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, loss, or destruction. These measures may include:
• Access controls, and restricted access to personal data on a need-to-know basis;
• Encryption where appropriate;
• Secure hosting environments;
• Staff confidentiality obligations and
• Regular review of security practices.
10. Sensitive Personal Data
In the course of its mandate, Civitas Maxima may process sensitive personal data, including information relating to ethnic origin, political opinions, health, or criminal proceedings. Where sensitive personal data is processed, Civitas Maxima applies enhanced confidentiality and security measures appropriate to the risks involved and in accordance with applicable law. Sensitive personal data will not be transferred to third parties unless there is a valid legal basis for doing so, including where required by law or, where applicable, with the data subject’s consent. Access to sensitive personal data is restricted to authorised personnel and service providers who require such access for the performance of their duties and who are subject to appropriate confidentiality obligations.
11. Data Retention
Civitas Maxima retains personal data for as long as necessary to fulfil the purposes for which it was collected, to meet legal or contractual obligations, or while a legitimate interest persists.
For example:
• Newsletter subscriptions: until withdrawal of consent;
• Donation records: retained for the period required under applicable accounting, tax and legal obligations.
Data retained solely for statistical purposes beyond its primary retention period will be anonymised. Retention periods may vary depending on the nature of the data and the legal or operational requirements applicable to the processing activity.
12. Personal Data Breaches
In the event of a personal data breach likely to result in a high risk to affected individuals, Civitas Maxima will take appropriate measures in accordance with applicable Swiss law, including notification to the Federal Data Protection and Information Commissioner (FDPIC) and affected individuals where required.
13. Rights of Data Subjects
Depending on the applicable data protection law, data subjects have the following rights:
• Access and information: request confirmation of whether Civitas Maxima holds your data, and receive a copy together with processing details.
• Rectification: request correction of inaccurate or incomplete data.
• Erasure: request deletion of your data, subject to legal retention obligations.
• Restriction of processing: request that processing be limited in certain circumstances (e.g. where accuracy is contested or you object to processing).
• Data portability: receive your data in a structured, machine-readable format for transfer to another controller.
• Objection: object to processing based on legitimate interests, on grounds relating to your particular situation.
• Withdrawal of consent: withdraw consent at any time without affecting the lawfulness of prior processing.
• Complaint: lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) or, where applicable, the competent supervisory authority in your country of residence. To exercise any of these rights, please contact [email protected] or use the dedicated online form on our website.
14. Cookies
Civitas Maxima uses cookies and similar technologies on its website to ensure its proper functioning, improve user experience, analyse website traffic, and better understand how visitors interact with our website. Cookies are small text files stored on a user’s device when visiting a website. Some cookies are necessary for the operation of the website (e.g. preventing pop-ups from reappearing), while others may collect anonymous information such as IP addresses or visit durations. Our website uses the following categories of cookies:
• Strictly necessary cookies: these cookies are required for the website to function properly, including security features, user preferences, and technical operation. These cookies cannot be disabled through our website.
• Analytics cookies: We use Google Analytics, a web analytics service provided by Google LLC, to collect information about how visitors use our website. Google Analytics uses cookies to generate aggregated statistical information regarding website traffic, pages visited, time spent on the website, device information, and approximate geographic location. This information helps us improve the website and better understand user needs. You may configure your browser settings to reject cookies. Certain website features may not function correctly if cookies are disabled. Google Analytics may collect information such as IP addresses, browser type, operating system, referring pages, and visit timestamps. Where technically feasible, IP anonymisation and other privacy-enhancing settings are implemented. Information collected through Google Analytics may be transferred to and processed on servers located outside Switzerland. Appropriate safeguards are implemented where required by applicable data protection laws. You may prevent the collection of data through cookies by adjusting your browser settings or by using browser tools that block analytics technologies. However, certain features of the website may not function properly if cookies are disabled. Where required by applicable law, analytics cookies will only be activated following your consent through the website’s cookie preference tool. You may modify or withdraw your cookie preferences at any time through the cookie settings available on the website.
15. Changes to This Policy
This Policy is effective as of the date indicated at the top of this document. We may update this Policy from time to time to reflect changes in our activities, legal requirements, or website functionality. This Policy is available in English and French; in the event of any inconsistency, the English version prevails.