Jump to main content
Logo Diversity & Inclusion Platform

Data protection

Your trust is important to us - and so is your data security. The operators of this website, the Executive School of Management, Technology and Law (ES-HSG), University of St.Gallen and the Competence Center for Diversity & Inclusion, Research Center for International Management, University of St.Gallen, comply with the legal provisions of the Federal Act on Data Protection (FADP), the Ordinance to the Federal Act on Data Protection (DPO), the Telecommunications Act (TCA) as well as other provisions of data protection law such as the General Data Protection Regulation of the European Union (hereafter GDPR).


A Privacy Policy clarifies the nature, purpose and scope of the processing of personal data in connection with the use of our website and the services offered with it. This Privacy Policy applies regardless of the domains or devices used (for example, smartphone or desktop computer).

Personal data includes, for example, measurement and usage data to analyse the sub-pages visited or the interest in specific offers. We also analyse concrete content data such as a newsletter registration or entries in a contact form.

Security measures

Data security has the highest priority. We therefore take organisational, contractual and technical security measures to ensure that data is protected against loss, unauthorised access and manipulation in the best possible way.

Specifically, the following security measures are taken:

  • The entire data transfer process between the web browser and the web server is encrypted (SSL).
  • The website is regularly updated, and security updates are installed.

Is data transferred to third parties for further processing?

Data is only passed on to third parties within the framework of legal requirements (Art. 6 para. 1 lit. b GDPR) and only with explicit consent.

For certain services, we work together with specialised companies (for example, for the operation of an e-mail newsletter service). For this purpose, we transfer personal data in order to be able to operate this service. Here we take appropriate legal precautions as well as corresponding technical and organisational measures to ensure the protection of personal data in accordance with the relevant legal regulations.

What data is stored for the provision of contractual services?

When contacting us (via contact form or e-mail), personal data is processed for handling the contact request and for processing a specific service/order.

Personal data may be stored in our Customer Relationship Management System ("CRM System").

Which technical access data and log files are collected?

We collect data about each access to the web server based on our legitimate interests. The access data includes:

  • Name of the accessed domain
  • Date and time of the access
  • Log information such as protocol type, version, the requested action, status codes or information about the transferred data (e.g. the size of a question or an answer)
  • Error messages
  • Language and version of the browser software
  • Information about the operating system
  • Referrer URL (the previously visited page)
  • IP address
  • the requesting provider

Log file information is required for technical reasons in order to run our website. The hosting provider uses technical and organizational measures to protect this data from unauthorized access and does not pass it on to third parties. Insofar as personal data is used in the process, this is done in the interest of providing the website visitor with the best possible user experience and ensuring the security and stability of the server infrastructure.

Data which must be retained for evidentiary purposes is exempt from deletion until the final clarification of the respective incident.

How are cookies used?

What are cookies?
Cookies are pieces of information that are transmitted from our web server or third-party web servers to users' web browsers, where they are stored for later retrieval. Cookies may be small files or other types of information storage. Users are informed about the use of cookies in the context of pseudonymous reach measurement as part of this Privacy Policy.

Adjusting cookie settings
Most browsers accept cookies automatically. You can adjust the cookie settings in your browser to disable certain or all cookies. However, please note that this may result in functional limitations. To learn more about how to control cookies in different browsers, use the following links: Mozilla Firefox, Google Chrome, Internet Explorer, Safari. The use of cookies for reach measurement and advertising purposes can be denied via the Network Advertising Initiative opt-out page (http://optout.networkadvertising.org/) and additionally the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/ch-de/praferenzmanagement).

Which activities on the website are analyzed?

Our internet pages use Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics uses cookies that allow an analysis of the use of the website. The information generated by the cookie about your use of the website is transferred in anonymized form to a Google server in the USA and stored there. This data cannot be assigned to a specific person due to anonymization. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage. Google may transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. The legal basis is Art.6 para. 1 p.1 lit. F of the GDPR / Art 13 para. 1 FADP. You can prevent the storage of cookies by selecting the appropriate browser settings. This is also possible via the browser plugin provided by Google: https://tools.google.com/dlpage/gaoptout?hl=en.

For guarantees of compliance with Swiss data protection law as well as compliance with the GDPR based on the effectiveness of the Swiss-U.S. Privacy Shield Framework and the EU-U.S. Privacy Shield Framework, see Google LLC: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

Further information on data processing by Google can be found in the corresponding Google privacy policy: https://policies.google.com/privacy?hl=en

We use Google Analytics with IP anonymization activated. This means that the IP address of users is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. Accordingly, Google stores the information collected via cookies only in anonymized form and processes it in aggregated form. You can prevent the collection of the data generated by the cookie and related to your use of the website (including your non-anonymized IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

The following information is usually collected:

  • the pages you have called up
  • achievement of "website goals" (conversions, e.g. newsletter sign-ups, downloads, purchases)
  • Your user behavior (for example, clicks, dwell time, bounce rates)
  • Your approximate location (region)
  • Your IP address (in shortened form)
  • Technical information about your browser and the end devices you use (e.g., language setting, screen resolution)
  • your internet service provider
  • the referrer URL (via which website/advertising medium you came to this website)

You can find out more information about Google's use of data, settings and opt-out options on Google's websites: https://policies.google.com/privacy/google-partners?hl=en ("Who are Google’s partners?"), https://policies.google.com/technologies/ads?hl=en ("How Google uses cookies in advertising"), https://adssettings.google.com

Google uses information on our behalf to evaluate website usage, to generate reports on activities and to provide us with other services related to the use of this online offer and internet usage. In doing so, pseudonymous user profiles can be created from the processed data.

We use re-targeting technologies on this website. This involves analyzing your user behavior on our website in order to be able to subsequently offer you customized advertising on partner websites as well. The user behavior is recorded pseudonymously. In this way, we want to ensure that our advertisements correspond to the potential interest of the user and do not have a harassing effect.

The IP address transmitted by the user's browser is not merged with other data from Google.

Which data of the e-mail newsletter are processed?

The following information explains the contents of our e-mail newsletter (hereafter referred to as "newsletter") as well as the registration, dispatch and statistical evaluation procedure and the right to object. By subscribing to the newsletter, you agree to the following explanations.

Content of the newsletter
We send newsletters only with the consent of the recipients or a legal permission. Information on the specific content is provided at the appropriate place. This is either technical or marketing content that is directly related to our range of services.

Double opt-in and logging
We use a so-called double opt-in procedure. After registration, an e-mail is sent requesting verification of the e-mail address provided. This prevents the use of a foreign e-mail address. Registrations for the newsletter are logged in order to be able to prove the registration process is in accordance with legal requirements. This includes the time of registration and confirmation as well as the IP address. All changes are logged.

Shipping service provider
For the newsletter dispatch, "Mailer Lite" is used, a service of the provider UAB "MailerLite", J. Basanavičiaus 15, LT-03108 Vilnius, Lithuania. The privacy policy can be viewed here: https://www.mailerlite.com/legal/privacy-policy

The newsletter may contain a so-called pixel tag or similar technical tools. This is a pixel-sized file that is called by Mailchimp when the newsletter is opened. This makes it possible to retrieve technical information (browser, IP address, time of retrieval, system information). In addition, it is also analyzed whether the newsletter was opened and which content led to an interaction (link clicks). Although all information can be assigned to individual newsletter recipients, it is primarily used to improve the general content offered and to compile individual newsletter content.

It is possible to cancel a newsletter at any time and thus revoke consent. The "unsubscribe" link, which is available in every newsletter, can be used for this purpose. A separate revocation of the newsletter dispatch and the statistical evaluation is not possible. This is done by means of a link, which is listed in each newsletter. If the users have only subscribed to the newsletter and cancelled this subscription, the personal data will be deleted.

Which third-party services and content are integrated?

We use various content or service offers from third-party providers on the website. With these, for example, videos or fonts are integrated (hereafter referred to as "content"). In order for these services to function properly, the user's IP address must be retrieved and passed on to the third-party provider. This in turn transmits the content to the browser back to the user. Third-party providers may use pixel tags for statistical or marketing purposes. Through these "pixel tags", information such as visitor traffic on the pages of this website can be evaluated. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offer, as well as be linked to such information from other sources.

Below you will find a list of third-party providers that are used on the website. Furthermore, it is specified in each case which contents are affected and where their data protection declarations as well as further information on data processing can be viewed and the respective objection options (opt-out) can be called up:

Fonts.com (Fonts)
External fonts from Fonts.com of the provider Monotype Imaging Holdings Inc, 600 Unicorn Park Drive, Woburn, Massachusetts 01801 USA, https://www.fonts.com ("Fonts.com"). Fonts.com fonts are integrated by a server call at Monotype/Fonts.com (usually in the USA). Privacy policy: https://www.monotype.com/legal/privacy-policy

YouTube (Social Media)
Videos from the "YouTube" platform of the third-party provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/ - falscher Link!

Vimeo (Social Media)
Videos from the "Vimeo" platform of the third-party provider Vimeo, Inc, 555 West 18th Street, New York 10011, USA. Privacy policy: https://vimeo.com/privacy, Opt-Out: https://vimeo.com/cookie_policy

What rights do users have?

  • Users have the right to receive information about the stored data free of charge upon request. For all of the following possibilities, contact the address listed in the Legal Notice.
  • Users have the right to have incorrect data corrected.
  • Users have the right to have personal data deleted, insofar as this does not conflict with a legal obligation to retain the data or with an authorization that allows us to process the data.
  • Users have the right to demand the return of data that has been released (right to data portability). Upon request, this data will also be handed over to a third party.
  • In addition, users have the right to rectify inaccurate data, restrict processing and delete your personal data, if applicable, to assert your rights to data portability and, in the event that unlawful data processing is suspected, to file a complaint with the competent supervisory authority.

Modification of the Privacy Policy

The Privacy Policy may be amended should this be necessary due to changes in the legal situation, adjustments of services or data processing.

Users are requested to consult this Privacy Policy on a regular basis.

Date: April 2, 2021