Privacy Policy

Last updated: December 2025

Scope: This Privacy Policy applies to the website www.eiscom.eu (including all subpages) and to related online offerings, in particular event registrations, ticket sales, contact requests, webinars, and live trainings.

1. Data Controller

European Institute for Safe Communication (EISC)
c/o Innovations-Biotop Uri
Bahnhofplatz 1
6460 Altdorf (UR), Switzerland

Represented by: Prof. Dr. Annegret Hannawa
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.
Phone: +41 77 478 84 97
Website: https://eiscom.eu

2. Purpose and Content of this Privacy Policy

This Privacy Policy explains which personal data we process, for which purposes, on which legal bases, to whom data may be disclosed, whether data is transferred abroad, how long it is stored, and which rights data subjects have. No automated decision-making or profiling within the meaning of the Swiss Federal Act on Data Protection (FADP) or the EU General Data Protection Regulation (GDPR) takes place.

3. Applicable Data Protection Law

We primarily process personal data in accordance with Swiss data protection law, in particular the Swiss Federal Act on Data Protection (FADP), revised as of 1 September 2023, and its implementing provisions. Where applicable in individual cases (e.g. for persons residing in the EU/EEA), we additionally comply with the GDPR.

4. Categories of Personal Data (Transparency)

Depending on how our services are used, we may process in particular the following categories of personal data:

• Technical data: IP address, date/time, accessed pages, referrer URL, browser/operating system, device data (see server log files).
• Communication data: Name, email address, telephone number, content of inquiries.
• Contract / event data: Registration and ticket data, booking information, correspondence related to events.
• Payment / transaction data: Payment method, payment status, transaction references (details primarily processed by PayPal).
• Organisational data (optional): Company, function, industry, where requested.
• Special information in the event context: Dietary requirements, allergies or intolerances (voluntarily provided and only insofar as required for event organisation and catering; see section 8).

5. Hosting

Our website is hosted by Hetzner Online GmbH. Hetzner processes technical access data as a processor within the meaning of the FADP (and as a processor under the GDPR, where applicable), exclusively in accordance with our instructions.

6. Access Data / Server Log Files

When visiting our website, certain server log files are automatically processed for technical reasons, in particular:

• IP address (possibly shortened/anonymised)
• Date and time
• Accessed page/file
• Referrer URL
• Browser type/version, operating system
• Device type, where applicable

Purposes:
Technical operation of the website, ensuring security and stability, error analysis, prevention and investigation of misuse or attacks.

Legal basis:
Swiss FADP (legitimate interest in secure website operation); where the GDPR applies: Art. 6(1)(f) GDPR.

Retention period:
As short as possible and only as long as necessary for the stated purposes and/or due to legal obligations.

7. Contact Requests (Email / Contact Forms)

If you contact us, we process the data you provide (e.g. name, email address, telephone number, message) to handle and respond to your request and to document the communication.

Legal basis:
Swiss FADP; where the GDPR applies: Art. 6(1)(f) GDPR (legitimate interest) or Art. 6(1)(b) GDPR (pre-contractual measures or contract).

Retention period:
As long as necessary to process the request; longer only if legal obligations or legitimate interests (e.g. evidentiary purposes) exist.

8. Event Registration, Ticket Sales and Dietary / Allergy Information

When registering for events or purchasing tickets, we process data required for contract execution, in particular:

• Name and contact details (email address)
• Ticket and booking information (category, quantity, price)
• Billing and transaction data
• Optional organisational details (company/function)

Dietary requirements / allergies / intolerances:
If such information is requested in the context of an event, it is processed exclusively for catering organisation and participant safety (e.g. avoidance of allergenic food). This information may constitute sensitive personal data under the FADP and is processed only with the data subject’s knowledge and solely for the stated purposes. It should only be provided if genuinely relevant.

Purposes:
Event organisation and execution, participant management, access control, communication related to the event, accounting and documentation obligations, and, where applicable, catering planning.

Legal basis:
Swiss FADP; where the GDPR applies: Art. 6(1)(b) GDPR (contract).

Retention period:

• Dietary/allergy information: generally deleted shortly after the event (plus a short follow-up period), unless legal obligations or legitimate interests require longer retention.
• Contractual and accounting documents: see section 18.

9. Payment Processing via PayPal

Payments are processed via PayPal. If PayPal is selected, personal data is transmitted to PayPal or processed by PayPal as an independent data controller, in particular:

• Identification and contact data
• Payment and transaction data
• Device and usage data (depending on the PayPal process)

Purposes:
Payment processing, fraud prevention, transaction management.

Legal basis:
Contract performance (Swiss FADP; where the GDPR applies: Art. 6(1)(b) GDPR). PayPal’s own privacy policy applies in addition.

Third-country transfer notice:
PayPal may process personal data in third countries, in particular the United States.

10. Web Analytics with Matomo

This website uses Matomo (on-premise):

• Data stored on our own server
• IP anonymisation (last octet shortened)
• No disclosure to third parties
• No profiling for advertising purposes

Purposes:
Usage analysis, website improvement, statistical evaluation.

Legal basis:

• Cookie-free implementation: legitimate interest under Swiss FADP
• Use of cookies or similar technologies: consent (via cookie banner; where the GDPR applies: Art. 6(1)(a) GDPR)

Objection / opt-out:
You may object to web analytics by Matomo at any time. This is possible:

• via the cookie settings on our website by disabling the category “Analytics/Statistics” or withdrawing a previously given consent, and
• via the Matomo opt-out function provided on our website, which sets a deactivation cookie.

Please note that the Matomo opt-out is cookie-based. If you delete your browser cookies or use a different browser or device, the opt-out must be set again.

11. Embedded YouTube Videos

Our website may contain embedded YouTube videos (Google Ireland Limited). We use the enhanced privacy mode where technically possible. Data is generally transmitted only when you actively play a video. The following data may be processed:

• IP address
• Device and browser information
• Interactions with the video
• Cookies or Google account association if you are logged in

Legal basis:
Consent (cookie banner or click); where the GDPR applies: Art. 6(1)(a) GDPR.

Third-country transfer notice:
The use of YouTube may result in personal data being transferred to or processed in third countries, in particular the United States, where access by authorities under foreign law cannot be ruled out.

12. Webinars / Live Trainings (Zoom)

For webinars or live trainings, we may use Zoom (Zoom Video Communications, Inc., USA, including affiliated entities).

Typical categories of data:

• Participant data: name/display name, email address (depending on setup), profile picture
• Usage/metadata: meeting ID, connection data, IP address, device and browser data
• Content data: audio, video, chat messages, shared content, insofar as actively provided by participants

Purposes:
Conducting webinars/trainings, participant management, technical implementation, follow-up activities (e.g. answering questions).

Recording policy:

• As a rule, no recordings are made unless explicitly announced.
• If a recording takes place, we inform participants in advance, obtain consent where required, and specify purpose and retention period.

Third-country transfer:
With Zoom, processing of personal data in third countries, in particular the United States, cannot be excluded. Risks may exist, including possible access by foreign authorities. We ensure appropriate safeguards under Swiss data protection law (e.g. contractual safeguards) and select privacy-friendly configurations.

Retention period:
Only as long as necessary for execution and follow-up; recordings, if any, only for the period communicated in advance.

13. Cookies and Consent Management

We use cookies and similar technologies:

• Essential cookies for website operation and security
• Optional technologies (analytics, external content) only with consent

You may adjust cookie settings at any time or delete/block cookies via your browser settings. Disabling cookies may limit website functionality.

14. Social Media Links (Icons)

Our website may include links or icons to our social media presences, in particular:

• Facebook (Meta Platforms)
• LinkedIn

By clicking such a link, you leave our website. From that point onward, the respective provider is independently responsible. Depending on the provider and login status, data such as IP address or visited pages may be processed.

15. Disclosure of Personal Data

We disclose personal data only if:

• required for contract performance (e.g. PayPal),
• service providers act as processors (e.g. hosting),
• a legal obligation exists, or
• disclosure is necessary to protect our rights.

16. Transfer of Personal Data Abroad

Depending on the services used (in particular PayPal, YouTube/Google and Zoom), personal data may be processed outside Switzerland, especially in the United States. In such cases, access by authorities under foreign law cannot be ruled out. We ensure appropriate safeguards under Swiss data protection law (e.g. contractual safeguards and, where available, recognised standard contractual clauses) and apply privacy-friendly configurations.

17. Data Security

We implement appropriate technical and organisational measures (TOMs) to protect personal data against loss, unauthorised access or misuse.

18. Retention Periods

We store personal data only as long as necessary or as required by law. Contractual and accounting documents (e.g. ticket purchases, invoices, payment and accounting records, business correspondence) are generally retained for 10 years in accordance with Swiss statutory retention obligations.

19. Rights of Data Subjects

Depending on applicable law, data subjects have in particular the right to:

• Access
• Rectification
• Erasure
• Restriction of processing
• Data portability (where applicable)
• Withdrawal of consent with effect for the future

Contact: This email address is being protected from spambots. You need JavaScript enabled to view it.

20. Right to Lodge a Complaint

Data subjects may lodge a complaint with a competent supervisory authority. In Switzerland, this is the:

Swiss Federal Data Protection and Information Commissioner (FDPIC)
Feldeggweg 1
CH – 3003 Bern

21. Amendments

We reserve the right to amend this Privacy Policy at any time. The version published on our website at the time shall apply.

22. Prevailing Version

This English version of the Privacy Policy is provided for informational purposes. In case of discrepancies or inconsistencies, the German-language version shall prevail.