Scope

Furthermore, this Policy is also applicable to all individuals, who access a Basel Institute Service and who accept the standards set out in this Policy (e.g. by approving our “cookie statement”).

Definitions and abbreviations

Personal information (or personal data) is any information that can directly or indirectly identify an individual. Some of the most obvious examples of personal data include someone's name, mailing address, email address, phone number and medical records (if they can be used to identify the person). 

Sensitive information (or sensitive personal data) is a special category of personal information, which is considered particularly worth protecting and is therefore subject to specific processing conditions. The following information typically falls under this category:

• personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs;
• trade union membership;
• genetic or biometric data processed solely to identify a human being;
• health-related data;
• data concerning a person’s sexual orientation or practices.

Processing is any operation performed on the data, such as collection, storage, use and sharing.

Principles

4.1 Transparency

Our aim is to describe in clear and simple language what we do with personal information and to communicate this at an early stage to all users of a Service. For this reason, we abide by the following requirements when collecting, disclosing or otherwise using your personal information:

• We explain what personal information will be collected, who is collecting it, why it is being collected, how it will be used and who it will be shared with.
• We communicate this at the time the Personal information is collected (if possible) in a format that is easily accessible.
• We provide a link to an online Basel Institute privacy notice (where necessary).
• We consider whether it is appropriate (or required) to empower individuals with choices regarding what information they provide and how we use it.

4.2 Data minimisation

We collect the minimum necessary personal information to support a specific and legitimate business purpose. We abide by the following requirements when doing so:

• We identify the specific purpose(s) for collecting personal information.
• We ensure personal information is collected only for such purposes.
• We consider whether the business purpose could be achieved with less personal information, and only collect the minimum data needed.

4.3 Responsible use

We use personal information responsibly, meaning only in ways compatible with the purpose for which it was collected, and as communicated. This includes ensuring that we only transfer such data across country borders where it is appropriate to do so. We abide by the following requirements when doing so:

• We use personal information only in ways consistent with any notification presented.
• e include appropriate data privacy protections in contracts where personal information will be handled by a third party.
• We recognise that enhanced data privacy protections may be needed when handling sensitive personal information.
• We respect individuals’ preferences and privacy requests, including to access, delete or correct their personal information, subject to local laws and requirements.
• We follow local requirements and laws when transferring data to third parties or to another country.

4.4 Data protection

We follow applicable Basel Institute information security policies and guidelines and will immediately report any unintended use or disclosure of personal information. We abide by the following requirements when doing so: 

• Classify personal information and store it according to the relevant policies and guidelines.
• Prevent personal information from unintended modification, use or disclosure.
• Keep personal information accurate and up to date (as much as possible).
• Report any security incident or other unauthorised sharing, receipt or handling of personal information to the Head of Information Technology (IT).

Policy

5.1 Use by minors

The Basel Institute’s Services are not directed to individuals under the age of 18, and we request that these individuals do not provide personal information through the Service. If your child has submitted personal information and you would like to request that such information be removed, please contact us.

5.2 Information collection

We may ask you to submit personal information in order for you to benefit from certain features (such as newsletter subscriptions) or to participate in a particular activity (such as a Basel Institute-organised event). You will be informed what information is required and what information is optional.

We may combine the information you submit with other information we have collected from you, whether on- or offline, including, for example, your event participation history. We may also combine it with information we receive about you from other Basel Institute sources.

If you submit any personal information relating to another individual to us, you represent that you have the authority to do so and to permit us to use the information in accordance with this Data Privacy Policy.

5.3 Sensitive information

Unless we specifically request or invite it, we ask that you do not send or disclose to us, any sensitive personal information (as defined above) on or through the Service or otherwise to us.

5.4 Automatic information collection and use

We and our service providers may collect certain information automatically as you navigate around the Service, in the following ways:

• Cookies: A cookie is a small piece of information that a web server asks your web browser to store on your device. We use cookies to, for example, identify recurring visits to a Service. Except where allowed by applicable law, we place cookies after having received your consent through a cookie banner.
• Through your browser: Certain information is collected by most browsers, such as your Media Access Control (MAC) address, computer type (Windows or Mac), screen resolution, operating system name and version, and internet browser type and version. We may collect such information to ensure that the Service functions properly.
• IP address: Your IP address is a number that is automatically assigned to your computer by your Internet Service Provider. An IP address is identified and logged automatically in our server log files whenever a user visits the Service, along with the time of the visit and the pages visited. Collecting IP addresses is standard practice and is done automatically by many online services. We use IP addresses for purposes such as analysing Service usage, diagnosing server problems and administering the Service. We may also derive your approximate location from your IP address.

5.5 How we use and disclose information

We use and disclose information you provide to us as described to you at the point of collection. Please see section “Choices and access” below to learn how you may opt out of certain of our uses and disclosures. 

Where required by applicable law, we will obtain your consent to use your personal information at the point of information collection. We may also use information from or about you as necessary to perform a contract, to comply with a legal obligation or for our legitimate business interests. We may also rely on other legal bases, specifically:

• Providing the functionality of the Service and fulfilling your requests, for example:
  • to provide the functionality of the Service to you and provide you with related customer service;
  • to respond to your inquiries and fulfil your requests, such as to send you documents you request or email alerts; or
  • to send you important information regarding our relationship with you or regarding the Service, changes to our terms, conditions and policies and/or other administrative information.

We will engage in these activities to manage our contractual relationship with you and/or to comply with a legal obligation. 

• Accomplishing our business purposes, for example:
  • for data analysis, for example, to improve the efficiency of the Service;
  • for audits, to verify that our internal processes function as intended and are compliant with legal, regulatory or contractual requirements;
  • for fraud and security monitoring purposes, for example, to detect and prevent cyberattacks or attempts to commit identity theft;
  • for developing new products and services;
  • for enhancing, improving or modifying our website or products and services;
  • for identifying Service usage trends, for example, understanding which parts of our Service are of most interest to users.

We will engage in these activities to manage our contractual relationship with you, to comply with a legal obligation, and/or because we have a legitimate interest.

• Analysis of personal information to provide personalised services, for example:
  • to better understand you, so that we can personalise our interactions with you and provide you with information and/or offers tailored to your interests;
  • to better understand your preferences so that we can deliver content via the Service that we believe will be relevant and interesting to you.

We will provide personalised services either with your consent or because we have a legitimate interest.

We may also disclose information collected through the Service to our third-party service providers who provide services such as website hosting, mobile application hosting, payment processing, IT services, email and direct mail delivery services and others, in order to enable them to provide these services.

In addition, we may use and disclose your information as we believe to be necessary or appropriate: (a) to comply with legal process or applicable law, which may include laws outside your country of residence; (b) as permitted by applicable law to respond to requests from public and government authorities, which may include authorities outside your country of residence; (c) to enforce our terms and conditions; and (d) to protect our rights, privacy, safety or property. We may also use and disclose your information in other ways after obtaining your consent to do so.

In addition, where allowed by applicable law, we may use and disclose information that is not in a personally identifiable form for any purpose. If we combine information that is not in personally identifiable form with information that is identifiable (such as combining your name with your geographical location), we will treat the combined information as personal information as long as it is combined.

5.6 Choices and access

We give you choices regarding our use and disclosure of your personal information for marketing purposes, such as informing you of our Services or of opportunities to participate in courses or events.

You may opt out from any such communications or reminders by clicking the unsubscribe link in any email or by contacting us. In your request to us, please provide your name, identify the form(s) of marketing communications that you no longer wish to receive, and include the address(es) to which it/they are sent. We will seek to comply with your request(s) as soon as reasonably practicable.

If you would like to review, correct, update, restrict or delete your personal information, please contact us. We will respond to your request as soon as reasonably practicable.

5.7 Cross-border transfer

Your personal information may be stored and processed in any country in the world where we have operations or service providers. By using our Services or by providing consent to us (where required by law), your information may be transferred to any country in the world outside of your country of residence.

Some countries outside your country of residence are recognised as providing an adequate level of data protection; some, however, are not. For transfers to countries not recognised as providing an adequate level of data protection we have ensured that adequate measures are in place.

5.8 Security

We seek to use reasonable organisational, technical and administrative measures designed to protect personal information under our control. Unfortunately, no data transmission over the internet or data storage system can be guaranteed to be 100 percent secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us.

Retention period

We will retain your personal information for as long as is needed or permitted in light of the purpose(s) for which it was obtained. The principal criteria used to determine the retention period include: a) the length of time we have an ongoing relationship with you and provide the Service to you; b) whether there is a legal obligation to which we are subject; and c) whether retention is advisable in light of our legal position.

Third-party websites and services

Our Services may contain links to websites of third parties. This Data Privacy Policy does not address, and we are not responsible for, the privacy, information or practices of any third parties, including any third party operating any website or online service/application that is available through or used by our Service or to which our Service contains a link. The existence of a link to any such website or application on the Service does not imply our endorsement of it.

Contacting us

The Basel Institute on Governance is the organisation responsible for the collection, use and disclosure of personal information under this Data Privacy Policy.

The Basel Institute’s Data Protection Officer is the Chief Compliance Officer.

If you have any questions about this Data Privacy Policy, please contact us under DPO@baselgovernance.org or please write to the following address:

Basel Institute on Governance
Steinenring 60
4051 Basel
Switzerland

Updates to this Policy

We may change this Data Privacy Policy from time to time. Any changes to this Policy will become effective when we post the revised version on our Services. Your use of a Service following these changes means that you accept the revised Data Privacy Policy. We recommend that you regularly review the Data Privacy Policy when you visit the Service. This Policy was last updated on 20 November 2024.