Your trust is important to us - and so is your data security. The operators of this website, the Executive School of Management, Technology and Law (ES-HSG), University of St.Gallen and the Competence Center for Diversity & Inclusion, Research Center for International Management, University of St.Gallen, comply with the legal provisions of the Federal Act on Data Protection (FADP), the Ordinance to the Federal Act on Data Protection (DPO), the Telecommunications Act (TCA) as well as other provisions of data protection law such as the General Data Protection Regulation of the European Union (hereafter GDPR).
Personal data includes, for example, measurement and usage data to analyse the sub-pages visited or the interest in specific offers. We also analyse concrete content data such as a newsletter registration or entries in a contact form.
Data security has the highest priority. We therefore take organisational, contractual and technical security measures to ensure that data is protected against loss, unauthorised access and manipulation in the best possible way.
Specifically, the following security measures are taken:
- The entire data transfer process between the web browser and the web server is encrypted (SSL).
- The website is regularly updated, and security updates are installed.
Is data transferred to third parties for further processing?
Data is only passed on to third parties within the framework of legal requirements (Art. 6 para. 1 lit. b GDPR) and only with explicit consent.
For certain services, we work together with specialised companies (for example, for the operation of an e-mail newsletter service). For this purpose, we transfer personal data in order to be able to operate this service. Here we take appropriate legal precautions as well as corresponding technical and organisational measures to ensure the protection of personal data in accordance with the relevant legal regulations.
What data is stored for the provision of contractual services?
When contacting us (via contact form or e-mail), personal data is processed for handling the contact request and for processing a specific service/order.
Personal data may be stored in our Customer Relationship Management System ("CRM System").
Which technical access data and log files are collected?
We collect data about each access to the web server based on our legitimate interests. The access data includes:
- Name of the accessed domain
- Date and time of the access
- Log information such as protocol type, version, the requested action, status codes or information about the transferred data (e.g. the size of a question or an answer)
- Error messages
- Language and version of the browser software
- Information about the operating system
- Referrer URL (the previously visited page)
- IP address
- the requesting provider
Log file information is required for technical reasons in order to run our website. The hosting provider uses technical and organizational measures to protect this data from unauthorized access and does not pass it on to third parties. Insofar as personal data is used in the process, this is done in the interest of providing the website visitor with the best possible user experience and ensuring the security and stability of the server infrastructure.
Data which must be retained for evidentiary purposes is exempt from deletion until the final clarification of the respective incident.
How are cookies used?
What are cookies?
Adjusting cookie settings
Which activities on the website are analyzed?
For guarantees of compliance with Swiss data protection law as well as compliance with the GDPR based on the effectiveness of the Swiss-U.S. Privacy Shield Framework and the EU-U.S. Privacy Shield Framework, see Google LLC: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
We use Google Analytics with IP anonymization activated. This means that the IP address of users is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. Accordingly, Google stores the information collected via cookies only in anonymized form and processes it in aggregated form. You can prevent the collection of the data generated by the cookie and related to your use of the website (including your non-anonymized IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
The following information is usually collected:
- the pages you have called up
- achievement of "website goals" (conversions, e.g. newsletter sign-ups, downloads, purchases)
- Your user behavior (for example, clicks, dwell time, bounce rates)
- Your approximate location (region)
- Your IP address (in shortened form)
- Technical information about your browser and the end devices you use (e.g., language setting, screen resolution)
- your internet service provider
- the referrer URL (via which website/advertising medium you came to this website)
Google uses information on our behalf to evaluate website usage, to generate reports on activities and to provide us with other services related to the use of this online offer and internet usage. In doing so, pseudonymous user profiles can be created from the processed data.
We use re-targeting technologies on this website. This involves analyzing your user behavior on our website in order to be able to subsequently offer you customized advertising on partner websites as well. The user behavior is recorded pseudonymously. In this way, we want to ensure that our advertisements correspond to the potential interest of the user and do not have a harassing effect.
The IP address transmitted by the user's browser is not merged with other data from Google.
Which data of the e-mail newsletter are processed?
The following information explains the contents of our e-mail newsletter (hereafter referred to as "newsletter") as well as the registration, dispatch and statistical evaluation procedure and the right to object. By subscribing to the newsletter, you agree to the following explanations.
Content of the newsletter
We send newsletters only with the consent of the recipients or a legal permission. Information on the specific content is provided at the appropriate place. This is either technical or marketing content that is directly related to our range of services.
Double opt-in and logging
We use a so-called double opt-in procedure. After registration, an e-mail is sent requesting verification of the e-mail address provided. This prevents the use of a foreign e-mail address. Registrations for the newsletter are logged in order to be able to prove the registration process is in accordance with legal requirements. This includes the time of registration and confirmation as well as the IP address. All changes are logged.
Shipping service provider
The newsletter may contain a so-called pixel tag or similar technical tools. This is a pixel-sized file that is called by Mailchimp when the newsletter is opened. This makes it possible to retrieve technical information (browser, IP address, time of retrieval, system information). In addition, it is also analyzed whether the newsletter was opened and which content led to an interaction (link clicks). Although all information can be assigned to individual newsletter recipients, it is primarily used to improve the general content offered and to compile individual newsletter content.
It is possible to cancel a newsletter at any time and thus revoke consent. The "unsubscribe" link, which is available in every newsletter, can be used for this purpose. A separate revocation of the newsletter dispatch and the statistical evaluation is not possible. This is done by means of a link, which is listed in each newsletter. If the users have only subscribed to the newsletter and cancelled this subscription, the personal data will be deleted.
Which third-party services and content are integrated?
We use various content or service offers from third-party providers on the website. With these, for example, videos or fonts are integrated (hereafter referred to as "content"). In order for these services to function properly, the user's IP address must be retrieved and passed on to the third-party provider. This in turn transmits the content to the browser back to the user. Third-party providers may use pixel tags for statistical or marketing purposes. Through these "pixel tags", information such as visitor traffic on the pages of this website can be evaluated. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offer, as well as be linked to such information from other sources.
Below you will find a list of third-party providers that are used on the website. Furthermore, it is specified in each case which contents are affected and where their data protection declarations as well as further information on data processing can be viewed and the respective objection options (opt-out) can be called up:
YouTube (Social Media)
Vimeo (Social Media)
What rights do users have?
- Users have the right to receive information about the stored data free of charge upon request. For all of the following possibilities, contact the address listed in the Legal Notice.
- Users have the right to have incorrect data corrected.
- Users have the right to have personal data deleted, insofar as this does not conflict with a legal obligation to retain the data or with an authorization that allows us to process the data.
- Users have the right to demand the return of data that has been released (right to data portability). Upon request, this data will also be handed over to a third party.
- In addition, users have the right to rectify inaccurate data, restrict processing and delete your personal data, if applicable, to assert your rights to data portability and, in the event that unlawful data processing is suspected, to file a complaint with the competent supervisory authority.
Date: April 2, 2021