We only use essential cookies to ensure the correct operation of the website.
ChiWi Foundations's logo

CHiwi Foundation CFP Privacy Policy

1.Introduction
The CHiwi Foundation will be referred to in this Privacy Policy as “CHiwi,” “we,” “us,” or “our.”

We are committed to protecting the privacy and personal data of all individuals who interact with us. This Privacy Policy explains how we collect, use, store, and protect your personal data in accordance with the Swiss Federal Act on Data Protection (FADP), the EU General Data Protection Regulation (GDPR), and other applicable international standards. We adhere to the following fundamental principles:

  • We collect only the personal data necessary for specific, legitimate purposes.
  • We process personal data solely for the purposes for which it was collected.
  • We maintain strict confidentiality and do not disclose personal data except as permitted by law or with your explicit consent.
In this Data Privacy, you will be clearly informed of the following matters.

  • Why and how CHiwi collects, uses, stores and process your personal data;
  • The legal basis on which your personal data is processed under applicable data protection laws;
  • Who may have access to your data, and under what conditions it may be shared;
  • How long CHiwi retains your data, and how we determine retention periods;
  • What your rights you have as a data subject under Swiss and EU law; and
2.Scope and Applicable Law
By submitting a funding application and entering into a contractual relationship with CHiwi, individuals and organizations acknowledge this Privacy Policy and provide their informed consent to the collection, processing, and storage of their personal data as outlined herein.

This Privacy Policy applies to all personal data collected or processed by CHiwi, whether through our websites, applications for funding, communications, or other interactions.

CHiwi is subject to the Swiss Federal Act on Data Protection (FADP) and complies with applicable foreign laws, including the EU GDPR (Regulation (EU) 2016/679, GDPR).

Switzerland has been recognized by the European Commission as providing an adequate level of data protection.

3.Contact Details
The person responsible for the processing of personal data within the meaning of GDPR, FADP as well as other applicable international standards is:

Ms. Trang Fernandez-Leenknecht
Data Protection Officer (DPO) of CHiwi Foundation
Email: tfl@chiwi.ch

For data protection-related inquiries, you may also contact us at:
Email: info@chiwi.ch
Postal Address: CHiwi Stiftung, Westhive, Oberallmendstrasse 18, 6300 Zug, Switzerland

4.Which Personal Data We Collect
Personal data is any information that relates to an identified or identifiable natural person. We may collect and process the following categories of personal data:

  • Contact information (e.g., name, address, email address, telephone number);
  • Organizational information (e.g., declarations from institutions, official documents);
  • Information submitted through applications, contact forms, or newsletters;
  • Technical data (e.g., IP address, browser type, operating system, access times).

The personal data listed above is provided voluntarily and is necessary for us to process applications, provide services, and maintain communications.

Please note that, if you provide CHiwi with personal data that is not required for service delivery, we will securely store this data and use it only if it becomes relevant for fulfilling our contractual obligations.

5.Purposes and Legal Bases for Processing
CHiwi processes personal data exclusively for specific and legitimate purposes, in accordance with applicable data protection laws. We process your personal data for the following purposes:

Processing applications and managing relationships: To assess and process grant applications, enter into and perform contractual agreements, and manage our ongoing relationships with partners, recipients, and stakeholders.1

Communication and support: We use your personal data to communicate with you about your application, inquiries, or services provided by CHiwi, and to respond to your questions or feedback.2

If you are a registered user of a CHiwi website and have provided your email address, we may occasionally contact you to share updates about the foundation, request feedback, or inform you about new features and activities.

If you send us a request (e.g. via support email or a feedback form), we may publish non-sensitive parts of your message when necessary to respond to your inquiry.

Regulatory compliance: To comply with legal and regulatory obligations, such as accounting, reporting, and record-keeping requirements.3

Security and fraud prevention: To maintain the security of our systems, prevent fraud, and protect the rights, property, or safety of CHiwi, its users, or third parties.4

Improvement of services: To improve our website, programs, and services based on user feedback and usage patterns.5

Marketing and informational updates (only with your consent): To send newsletters, updates, or information about CHiwi’s initiatives, provided you have given your explicit consent.6

By clicking ‘submit’ to subscribe, you acknowledge that your information will be transferred to Infomaniak, our newsletter provider, for processing. Learn more about Infomaniak’s privacy practices here.

Please note that, if the required data is not provided, CHiwi may be unable to offer or complete the requested services and may, in some cases, choose not to enter into or continue the contractual relationship.

Be aware that CHiwi does not use your personal data for automated decision-making, including profiling, that produces legal or similarly significant effects as defined under Article 22 of the GDPR.

6.How We Collect Your Data
Directly from you, for example when you submit applications, fill out forms, subscribe to newsletters, send emails, or communicate with us through other channels.

From publicly accessible sources or third parties, such as government agencies.
Please note that when we obtain personal data from third parties, we will inform you accordingly, unless you already possess the relevant information, have previously given your consent, or the collection is necessary to fulfill services to which you have implicitly consented.

Automatically through our website. CHiwi’s website is hosted by Infomaniak, a company based in Switzerland. Each time you access our website, Infomaniak automatically records certain information in standard server log files, including your IP address, the date and time of access, the browser request, the operating system used, and the type of browser. This information is used exclusively to detect technical problems, maintain system security, and perform statistical analyses of website usage.

7.Use of Cookies and Tracking Technologies
7.1Cookies
Cookies are small text files stored on your device by your web browser at the request of a website. They are used to identify returning visitors, track usage patterns, and remember user preferences. CHiwi uses cookies to help understand how visitors interact with our website, improve functionality, enhance the user experience and protect against spam and misuse.

When you first visit our website, you will be presented with a cookie banner allowing you to manage your cookie preferences. You can choose to accept only essential cookies or customize your choices at any time through your browser settings or the cookie management tool provided.

If you prefer not to accept cookies, you can configure your browser settings at any time to refuse and manage them. However, please note that some features of the CHiwi website may not function properly without cookies enabled.

While our website uses cookies to enhance the browsing experience, analyze website traffic, and ensure proper website functionality, no personal data is collected through cookies alone. Cookies may, however, be used in combination with other information you voluntarily provide to help improve our services and communications. We only use essential and analytics cookies, and we do not use cookies for advertising or profiling purposes.

7.2Newsletters
Newsletters are only sent to users who have actively subscribed through a double opt-in process or have applied through our website. Each newsletter email contains a link allowing recipients to unsubscribe at any time. Newsletters may also contain tracking elements, such as graphics or web links, that record whether an email has been opened, and which links have been clicked. This tracking is used exclusively to monitor engagement, maintain quality, and improve our newsletter communications.

7.3Third-Party Services
Google LLC (United States)
  • Google Maps to embed interactive maps
  • Google reCAPTCHA to protect against bots and spams
  • YouTube for video embedding
  • Google Sheets and Google Docs

LinkedIn Corporation (United States)
When you visit a page on our website that contains LinkedIn or Xing elements, your browser automatically establishes a connection to LinkedIn’s servers. As a result, LinkedIn may receive information such as your IP address and the fact that you visited our website. If you are logged into your LinkedIn account and interact with LinkedIn features, for example, by clicking the “Recommend” button, LinkedIn may associate your visit with your personal LinkedIn profile. Please note that CHiwi has no access to or control over the content of the data transmitted to LinkedIn or how it is used. For further information, please consult LinkedIn’s privacy policy

8.Disclosure of Personal Data to Third Parties
Applicants’ personal data is disclosed to third parties only with the explicit consent of our partners, unless such disclosure is already permitted under this Privacy Policy. Where disclosure is necessary to fulfill the contractual agreement, applicants will be clearly informed in advance, before any service is provided and before any disclosure takes place. We disclose personal data to:
  • employees, contractors, and affiliated organizations who require access and are bound by confidentiality obligations;
  • third parties with your explicit consent which means we inform you about the third-party access unless you already have the relevant information, have consented to it, or it is necessary to perform our services;
  • to authorities when required by law, subpoena, or governmental request;
  • protect the rights, property, or safety of CHiwi or others.

9.International Data Transfers
Where necessary, personal data may be transferred to countries outside Switzerland or the EU. Transfers occur only to countries recognized as providing an adequate level of protection or are safeguarded through appropriate legal mechanisms, such as Standard Contractual Clauses (SCCs).

10.Data Security Measures
CHiwi implements appropriate technical and organizational measures to protect the personal data you provide against unauthorized or unlawful access. While providing our services, we strictly act in accordance with this Privacy Policy.

Access to this website is secured through transport encryption (SSL/TLS), which is indicated by the “https://” prefix in your browser’s address bar and the lock symbol displayed in the browser. This encryption ensures that any data you transmit to us is protected during transmission.

Despite these strong security measures, please be aware that communication over the internet may still be subject to general, unannounced, and potentially indiscriminate surveillance by security authorities in Switzerland, the European Union, the United States, or other jurisdictions. CHiwi has no control over such external monitoring activities.

In addition, complete data security cannot be guaranteed when communicating via email, instant messaging, or similar channels. We therefore recommend using alternative secure communication methods when transmitting particularly sensitive or confidential information.

For further details about the technical and organizational measures we implement to protect your personal data, you are welcome to contact us directly.

11.Limitation of Liability
CHiwi shall not be held liable for any damages, losses, or liabilities arising from the unauthorized access, misuse, or alteration of personal data by third parties, except in cases of gross negligence or willful misconduct on the part of CHiwi. Applicants are responsible for ensuring that the data they submit is accurate, lawful, and does not infringe upon the rights of any third party. Use of our website and submission systems is at your own risk.

12.Intellectual Property
Applicants are solely responsible for securing any intellectual property rights related to the content submitted to CHiwi. The Foundation does not assume responsibility for the protection or confidentiality of unpatented or unprotected ideas, and does not claim ownership over such content. We advise applicants to take appropriate legal measures before submission.

13.Data Retention and Storage
CHiwi retains personal data only for as long as necessary to fulfill the specific purposes for which it was collected or to comply with applicable legal, regulatory, and internal policy requirements. We maintain a detailed record of all personal data processing activities, which includes the purpose of processing, the categories of data collected, the legal basis for processing, any data transfers to third countries or international organizations, and the applicable retention periods or criteria for data deletion.

Personal data is typically retained for the duration of the relationship with CHiwi, plus an additional ten years to account for potential legal claims or statutory obligations following the termination of that relationship. In certain cases, such as ongoing or anticipated legal or regulatory proceedings, the retention period may be extended beyond this timeframe.

To determine appropriate retention periods, CHiwi applies defined criteria based on the nature and purpose of the data, including account maintenance, client relationship management, and the need to respond to legal or regulatory inquiries. Personal data that may be relevant for future applications from the same applicant may also be retained beyond the current engagement, in accordance with the data subject’s rights.

Once data is no longer required, it is deleted automatically and without any action required from the data subject.

All personal data is securely stored on servers physically located in Switzerland.

14.Retention of Rejected Applications
Personal data and documentation submitted as part of an application that is not selected for funding will be retained only until December 31, 2025, marking the end of the current Call for Proposals cycle, unless otherwise agreed between the applicant and CHiwi Foundation. After this date, the data will be permanently deleted from our systems. Applicants may request earlier deletion at any time, in accordance with applicable data protection laws.

15.Your Rights as a Data Subject
CHiwi is committed to ensuring that your personal data is accurate, up to date, and processed in accordance with applicable data protection laws, including the Swiss Federal Act on Data Protection (FADP) and the EU General Data Protection Regulation (GDPR). If your personal data changes, we kindly ask that you inform us as soon as possible.

As a data subject, you have the following rights:

Right of access: You may request confirmation as to whether we process your personal data and, if so, obtain access to that data and related information.

Right to rectification: You may ask us to correct or complete any inaccurate or incomplete personal data we hold about you.

Right to erasure (“right to be forgotten”): Under certain conditions, you may request the deletion of your personal data, particularly when it is no longer needed for the original purpose or when you withdraw your consent.

Right to restrict processing: You may request that we limit the processing of your personal data in specific cases, such as when you contest its accuracy or object to the processing.

Right to data portability: Where processing is based on your consent or a contract, and carried out by automated means, you may request to receive your personal data in a structured, commonly used, and machine-readable format, or request that it be transferred to another controller.

Right to withdraw consent: Where we rely on your consent to process personal data, you may withdraw that consent at any time. This does not affect the lawfulness of processing carried out before the withdrawal.

Right to object: You may object to the processing of your personal data based on our legitimate interests. In such cases, we will assess whether we have compelling legal grounds to continue the processing.

Right to lodge a complaint: You may contact the competent data protection authority if you believe that your data has been processed unlawfully, or your rights have been violated. In Switzerland, you may contact the Federal Data Protection and Information Commissioner (FDPIC) via https://www.edoeb.admin.ch.

If you reside in the EU, you may contact the data protection authority in your member state of residence. To make a request regarding any of your rights, please contact us at info@chiwi.ch. We may take reasonable steps to verify your identity before responding and will address your request in accordance with applicable legal requirements.

Please note that these rights are not absolute and may be subject to legal exceptions or overriding interests, such as legal obligations, public interest, or the exercise or defense of legal claims.

16.Updates to This Privacy Policy
This Privacy Policy was last updated in April 2025. It is intended to inform you about how CHiwi processes personal data and does not constitute a contractual agreement.
CHiwi may update this Privacy Policy from time to time at its sole discretion.

We encourage you to review this page regularly. Your continued use of our services after changes have been published constitutes acceptance of the updated policy.

When significant changes occur, we will inform you by appropriate means, such as email, website notifications, or account communications.

1 Article 6(1)(b) GDPR and Article 31(2)(a) FADP, performance of a contract or pre-contractual steps at your request.
2 Article 6(1)(b) GDPR and Article 31(2)(a) FADP – performance of a contract or pre-contractual steps at your request.
3 Article 6(1)(c) GDPR and Article 31(1) FADP – compliance with legal obligations.
4 Article 6(1)(f) GDPR and Article 31(2)(c) FADP – legitimate interests.
5 Article 6(1)(f) GDPR and Article 31(2)(c) FADP – legitimate interests.
6 Article 6(1)(a) GDPR and Article 31(1) / 6(6) FADP – consent

Contact us

CHiwi is a foundation for public utility
dedicated to advancing scientific research.
We are based in Switzerland, next to the beautiful lake of Zug.

Made on
Tilda