Privacy Policy

In force: 1st October 2025

Purpose

This privacy policy explains how Student Impact collects, uses, and protects personal data in compliance with the Swiss Federal Act on Data Protection (FADP). It provides transparency about how we handle information needed to operate our organization, deliver services, and maintain relationships.

A.    Scope and Legal Basis

This policy applies to any individuals who interact with Student Impact. All personal data is collected, stored, and used in full compliance with Swiss law, including the Federal Act on Data Protection (FADP).

B.    Data Categories and Use


We collect data directly from you and, where appropriate, from third parties (for example, references you provide or publicly available sources).


1.        Website Visitors

  1. Data: IP address, device type, browser details, operating system, general location, referrer source, pages visited, time spent, cookies, and other similar metrics.

  2. Purpose: Improve website functionality, analyze usage patterns, and optimize user experience.

  3. Retention: Data is anonymized or aggregated where possible and retained only as long as necessary to operate and analyze the website.


2.        Applicants

  1. Data: Name, contact details, CV, application video, cover letter, any other details provided, and HR-related records (including recruitment notes and evaluations).

  2. Purpose: Evaluating suitability for current and future positions, communication, and managing the recruitment process.

  3. Retention: If not selected, data is retained for up to five years to reconsider for future opportunities and track decisions.


3.        Members

  1. Data: Name, contact details, university affiliation, membership status, participation records, payment details, roles, HR-related records (including performance evaluations and role history), emergency contacts, health or dietary details, and other information necessary for membership management and alumni engagement.

  2. Purpose: Membership and alumni management, event coordination, communications, analytics, and managing contributions or payments.

  3. Retention: Data is kept at least for the duration of membership.

    (i) After membership ends, we periodically delete data that is no longer required for operational, legal, or historical purposes.

  4. (ii) Some data is retained indefinitely, including name, personal details (such as date of birth and nationality), contact details, membership period, roles held, and membership status.


4.        Clients

  1. Data: Client contact details, project information, communications, and any additional information provided by the client. Detailed handling of client data is governed by contracts.

  2. Purpose: Delivering consulting services and managing client relationships.

  3. Retention: Client data is retained for as long as necessary for recordkeeping, legal purposes, and ongoing business relationships.


C.   Data Security and YOUR Rights


1.        Data Sharing with Third Parties

  1. Data is shared with trusted third parties necessary to deliver services and manage operations. This includes:

    (i) Recruitment Partners: Member data (including name, degree level, contact details, and CVs) is shared with partners for recruiting purposes.

    (ii) Service Providers: Cloud and collaboration platforms (e.g., Microsoft, Slack, Notion, Framer) are used for administration and communication.

    (iii) Background Check Providers: When we receive a request from such a provider, we may confirm or deny whether an individual is or was a member, including the period of membership and roles held.

  2. All providers are bound by confidentiality and security obligations.

  3. Cross-border transfers occur only with adequate protection through Swiss adequacy decisions or SCCs.


2.        Access Controls

  1. Data access is limited to:

    (i) Members of the Board, which has full oversight access.

    (ii) Members of the operations team for operational responsibilities.

    (iii) Other individuals specifically tasked with support in individual cases.

  2. Sensitive data (HR-related records, health or dietary information, banking details) is restricted to members of the Board and relevant team members requiring access for their specific responsibilities.


3.        Security Measures

  1. All data is stored securely and used only for operational purposes.

  2. We use encryption, role-based access controls, and security safeguards.

  3. If a breach poses a high risk, we notify the Federal Data Protection and Information Commissioner (FDPIC) and affected individuals as soon as possible.


4.        Your Rights

  1. You have the following rights under Swiss data protection law:

    (i) Access: Request a copy of your personal data and confirmation of how it is used.

    (ii) Correction: You can request updates to inaccurate or outdated information.

    (iii) Deletion: You can request deletion of your data, subject to limits explained above.

    (iv) Withdraw Consent: You may withdraw consent for processing at any time.

    (v) Complaints: You can lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC).

  2. If you request deletion of your data or withdraw consent, we may no longer be able to process your application, maintain your membership or alumni status, or provide services.

  3. Contact dataprotection@studentimpact.ch for all rights requests.


D.   Policy Management


1.        Changes

This policy may be changed periodically to reflect updates in law, technology, or operations. Please review this page regularly to stay informed. 


2.        Contact

Data Protection Officer: Vice President or Head of Operations, Student Impact, Dufourstrasse 50, 9000 St. Gallen, Switzerland
Email: dataprotection@studentimpact.ch


This policy was adapted by the Board on 01.10.2025. 

Privacy Policy

In force: 1st October 2025

Purpose

This privacy policy explains how Student Impact collects, uses, and protects personal data in compliance with the Swiss Federal Act on Data Protection (FADP). It provides transparency about how we handle information needed to operate our organization, deliver services, and maintain relationships.

A.    Scope and Legal Basis

This policy applies to any individuals who interact with Student Impact. All personal data is collected, stored, and used in full compliance with Swiss law, including the Federal Act on Data Protection (FADP).

B.    Data Categories and Use


We collect data directly from you and, where appropriate, from third parties (for example, references you provide or publicly available sources).


1.        Website Visitors

  1. Data: IP address, device type, browser details, operating system, general location, referrer source, pages visited, time spent, cookies, and other similar metrics.

  2. Purpose: Improve website functionality, analyze usage patterns, and optimize user experience.

  3. Retention: Data is anonymized or aggregated where possible and retained only as long as necessary to operate and analyze the website.


2.        Applicants

  1. Data: Name, contact details, CV, application video, cover letter, any other details provided, and HR-related records (including recruitment notes and evaluations).

  2. Purpose: Evaluating suitability for current and future positions, communication, and managing the recruitment process.

  3. Retention: If not selected, data is retained for up to five years to reconsider for future opportunities and track decisions.


3.        Members

  1. Data: Name, contact details, university affiliation, membership status, participation records, payment details, roles, HR-related records (including performance evaluations and role history), emergency contacts, health or dietary details, and other information necessary for membership management and alumni engagement.

  2. Purpose: Membership and alumni management, event coordination, communications, analytics, and managing contributions or payments.

  3. Retention: Data is kept at least for the duration of membership.

    (i) After membership ends, we periodically delete data that is no longer required for operational, legal, or historical purposes.

  4. (ii) Some data is retained indefinitely, including name, personal details (such as date of birth and nationality), contact details, membership period, roles held, and membership status.


4.        Clients

  1. Data: Client contact details, project information, communications, and any additional information provided by the client. Detailed handling of client data is governed by contracts.

  2. Purpose: Delivering consulting services and managing client relationships.

  3. Retention: Client data is retained for as long as necessary for recordkeeping, legal purposes, and ongoing business relationships.


C.   Data Security and YOUR Rights


1.        Data Sharing with Third Parties

  1. Data is shared with trusted third parties necessary to deliver services and manage operations. This includes:

    (i) Recruitment Partners: Member data (including name, degree level, contact details, and CVs) is shared with partners for recruiting purposes.

    (ii) Service Providers: Cloud and collaboration platforms (e.g., Microsoft, Slack, Notion, Framer) are used for administration and communication.

    (iii) Background Check Providers: When we receive a request from such a provider, we may confirm or deny whether an individual is or was a member, including the period of membership and roles held.

  2. All providers are bound by confidentiality and security obligations.

  3. Cross-border transfers occur only with adequate protection through Swiss adequacy decisions or SCCs.


2.        Access Controls

  1. Data access is limited to:

    (i) Members of the Board, which has full oversight access.

    (ii) Members of the operations team for operational responsibilities.

    (iii) Other individuals specifically tasked with support in individual cases.

  2. Sensitive data (HR-related records, health or dietary information, banking details) is restricted to members of the Board and relevant team members requiring access for their specific responsibilities.


3.        Security Measures

  1. All data is stored securely and used only for operational purposes.

  2. We use encryption, role-based access controls, and security safeguards.

  3. If a breach poses a high risk, we notify the Federal Data Protection and Information Commissioner (FDPIC) and affected individuals as soon as possible.


4.        Your Rights

  1. You have the following rights under Swiss data protection law:

    (i) Access: Request a copy of your personal data and confirmation of how it is used.

    (ii) Correction: You can request updates to inaccurate or outdated information.

    (iii) Deletion: You can request deletion of your data, subject to limits explained above.

    (iv) Withdraw Consent: You may withdraw consent for processing at any time.

    (v) Complaints: You can lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC).

  2. If you request deletion of your data or withdraw consent, we may no longer be able to process your application, maintain your membership or alumni status, or provide services.

  3. Contact dataprotection@studentimpact.ch for all rights requests.


D.   Policy Management


1.        Changes

This policy may be changed periodically to reflect updates in law, technology, or operations. Please review this page regularly to stay informed. 


2.        Contact

Data Protection Officer: Vice President or Head of Operations, Student Impact, Dufourstrasse 50, 9000 St. Gallen, Switzerland
Email: dataprotection@studentimpact.ch


This policy was adapted by the Board on 01.10.2025.