Geneva Centre for Security Sector Governance (DCAF)

Website Privacy Policy

Last updated on July 16, 2021 

Preamble and consent

We are aware of the importance of Personal Data (defined below) privacy, especially as we use such data to provide relevant services and information to our visitors. The EU General Data Protection Regulation (GDPR), adopted by the European Union and the Swiss Federal Act on Data Protection (FADP), mandate high standards on how your Personal Data is collected, processed and stored, give you the right to access the Personal Data and request its erasure, and much more. In accordance with the legislation and recognizing the importance of this matter, we have prepared below explanations on the protection of your Personal Data when visiting the website https://legislation-securite.tn/ (the “Website”) and the rights you have as data subjects.

Please read these explanations carefully. 

By browsing our Website, you agree to be bound by the terms of this policy. If you do not consent to these terms, we kindly ask you not to use our Website.

What is Personal Data?

Personal Data means any information relating to an identified or identifiable natural person, i.e. an individual, regardless of the form in which it is expressed (hereafter, “Personal Data”). Personal data is information that identifies you as an individual, directly or indirectly, in particular by reference to identifiers such as a name, surname, location data, an online identifier, e-mail address, etc.

What Personal Data do we collect? 

1. Personal Data you may provide us with

You may provide us with Personal Data, for instance by: 

• filling out a contact form;
• filling out a survey; or
• subscribing to a newsletter.

1. Cookies

 We further collect Personal Data through cookies, analytics and other similar tools, such as: 

1. IP address of the requesting internet-enabled device,
2. location of the requesting internet-enabled device based on the IP address,
3. date and time of access,
4. accessed resources on the Website,
5. name and URL of the retrieved file,
6. Website/application from which the access was made (referrer URL), 
7. browser you use,
8. if necessary, the operating system of your internet-capable computer as well as the name of your access provider.

 

The cookies and scripts we use are the following:

Cookie Name	Purpose	Duration	Cookie Type
_ga	This cookie is installed by Google Analytics to calculate visitor, session, campaign data and keep track of the Website usage for the Website’s analytics report. The cookies assign a randomly generated number to identify unique visitors	2 years	Third-party, analytics
_gat	This cookie is installed by Google Analytics to filter requests from bots, for statistical purposes	1 minute	Third-party, analytics
_gid	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the Website is doing	1 day	Third-party, analytics
_guest_id; personalization_id	Twitter cookies are primarily used to display the embedded Tweets from the Website-related Twitter account. It is also used for determining whether a user logged in during browser session to allow them to Tweet texts from the Website, and to record number of times a page has been Tweeted	Session	Third party, persistent

 

   Why we collect such Personal Data? 

We use cookies and the Personal Data collected  

1. to authorize access to our Website, 
2. to make the functionalities of our Website available to you and to offer you additional functionalities, 
3. to improve the Website or our dedicated pages on social media,
4. to store information about your preferences, allowing us to customize our Website according to your individual interests,
5. to speed up your searches,
6. to compile behavioral and statistical information about uses of our Website or our dedicated pages on social media, in particular to estimate our audience size and usage patterns,
7. to produce aggregate insights that do not identify you,
8. to identify you and log your use, recognize you when you return to our Website, track the activity on our Website and hold certain information. 

 

The purpose for implementing all of the above is to maintain and monitor the performance of our Website and to constantly look to improve the site and the services it offers to our users. The legal basis we rely on to process your Personal Data is article 13(1) FADP and article 6(1)(f) of the GDPR, which allows us to process Personal Data when its necessary for the purposes of our legitimate interests.

In addition, cookies and other functionalities mentioned above which would go beyond the purposes of our legitimate interests (for example: Analytics Cookies), are implemented upon your acceptance through the means of our cookie banner. 

 Who is the Personal Data Controller ? 

The controller of Personal Data on this Website is DCAF – Geneva Center for Security Sector Governance, Chemin Eugène-Rigot 2E, 1202, Geneva, Switzerland. 

For any questions in relation to the way in which your Personal Data is stored and used, contact us at menacommunications@dcaf.ch. 

Where do we store Personal Data and for how long ?

Your Personal Data is stored on servers located in Ireland. If you are a subscriber of our mailing lists operated through Mailchimp, your Personal Data, which includes your email address, is stored on servers located in the United States. If you are providing answers to surveys available on the Website, operated through Survicate, your Personal Data is Stored on servers located in Ireland.

We retain the Personal Data you provide to the extent necessary to provide you access to and use of our Website and its functionalities (like for instance our newsletters), as well as to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies. The storage period of cookies depends on their purpose and is the same for everyone. We may retain de-personalized (anonymous) information after the deletion of your Personal Data.

Sharing, Selling and Transferring Personal Data 

With third parties: The Personal Data collected are primarily intended for communicating with you and improving our services. However, we may give certain independent contractors and affiliates access to the Personal Data in order to assist us with the operation of our Website, as well as data management and marketing activities.

Cross-border data transfer: For some of the third-party service providers, we may transfer your data to one of their databases outside Switzerland or the European Economic Area, potentially including countries which may not have an adequate level of protection for your Personal Data. In such event, we enter into agreements with such third-parties ensuring an adequate level of protection for your Personal Data. By providing us with your Personal Data or by accepting analytic cookies, you agree that we may transfer, store and process your Personal Data outside of Switzerland and the European Economic Area – in particular in the USA – and acknowledge that governments in certain countries such as the USA have broad powers to access data for security, crime prevention and detection and law enforcement purposes.

Selling Personal Data:  We will not sell your Personal Data to third parties. We will not share or otherwise make available your Personal Data to third parties except as provided in this Privacy Policy.

Sharing with authorities: It is possible that we will need to disclose Personal Data when required by law or if we have a good faith belief that disclosure is necessary to investigate, prevent, or take action regarding suspected or actual illegal activities or to assist government enforcement agencies, investigate and defend ourselves against any third-party claims or allegations, protect the security or integrity of our Website or our dedicated pages on social media, or exercise or protect the rights and safety of our users, personnel, or others.

We attempt to notify users about legal demands for their Personal Data when appropriate in our judgment and technically feasible, unless prohibited by law or court order or when the request is an emergency. We may dispute such demands when we believe, in our discretion, that the requests are overbroad, vague or lack proper authority, but we do not promise to challenge every demand.

Withdrawal of consent for processing of Personal Data

At any time, you have the right to withdraw your consent for the processing of Personal Data for a particular purpose or for all purposes with which you have consented.

For the withdrawal of your consent, please send a written request to DCAF – Geneva Center for Security Sector Governance, or by e-mail to: menacommunications@dcaf.ch.

In case of withdrawal of your consent, we will delete all collected Personal Data or exclude them from automatic processing in accordance with the specificities of your request. 

Please be aware that the withdrawal of your consent will not impact the lawfulness of processing based on your consent before it was withdrawn and the use of Personal Data as needed to comply with our legal obligations.

Your rights in the field of Personal Data 

• Right to update, correct and erasure: At any time, you have the right to obtain from us the correction of inaccurate or incomplete Personal Data. At any time, you also have the right to obtain from us access to the Personal Data that we have collected and the right to obtain immediate erasure of your Personal Data. 
• Right to restriction of processing: You have the right to request that we restrict the processing of your Personal Data.
• Right to data portability: You have the right to be provided with a copy of the Personal Data we have on you in a structured, machine-readable and commonly used format.
• Right to object: You have the right to object to our processing of your Personal Data.
• Right of access: At any time, you have the right to obtain from us confirmation as to whether your Personal Data are being processed and, where that is the case, access to the Personal Data.
• Personal data breach:  In the case of a Personal Data breach, we will without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the Personal Data breach to the competent supervisory authority.  
• Right to complain to an authority: You have the right to complain to a data protection authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority in the European Economic Area (EEA) or in Switzerland.

 Security of your Personal Data 

The security of your Personal Data is important to us, but no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use technical and organizational commercially acceptable means to protect your Personal Data against manipulation, partial or complete loss and unauthorized access by third party, we cannot guarantee its absolute security.

Amendment of this Privacy Policy

We may change this Privacy Policy at any time by posting a new version on this page or on a successor page, without prior notification. If we make changes to this Policy, we will notify you through a notice on the Website home page. By continuing to access or use our Website or our dedicated pages on social media after those revisions become effective, you agree to be bound by the revised terms. If you do not agree to the new terms, please stop using the Website and our dedicated pages on social media.