THE MOVEMENT HEALTH FOUNDATION
Rue du Rhône 65
c/o MLL Legal
1204 Geneva, Switzerland
Email: info@movement-health.org
Website: https://movement-health.org/
Effective Date: 22/08/2025
Last Updated: 22/08/2025
1. INTRODUCTION
The Movement Health Foundation (“Foundation,” “we,” “us,” or “our”) is committed to protecting the privacy and security of personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website https://movement-health.org/ (the “Website”) or interact with our services, in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the Swiss Federal Act on Data Protection (“FADP”), and other applicable data protection laws.
By accessing our Website or services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the Website or use our services.
2. DATA CONTROLLER INFORMATION
The data controller responsible for your personal data is:
The Movement Health Foundation
Rue du Rhône 65
c/o MLL Legal
1204 Geneva, Switzerland
Email: info@movement-health.org
Data Protection Officer: [DPO Name]
DPO Contact: info@movement-health.org
3. PERSONAL DATA WE COLLECT
We may collect and process the following categories of personal data:
3.1 Data You Provide Directly
- Contact Information: Name, email address, postal address, telephone number
- Professional Information: Job title, organization name, professional affiliations
- Account Data: Username, password, account preferences
- Communication Data: Inquiries, feedback, correspondence, survey responses
- Donation Information: Donation amounts, payment method details (processed through secure payment processors)
- Event Registration: Dietary requirements, accessibility needs, emergency contact information
- Newsletter Subscriptions: Email address, communication preferences
- Volunteer Information: Skills, availability, areas of interest, background information
3.2 Data Collected Automatically
- Technical Data: IP address, browser type and version, operating system, device information
- Usage Data: Pages visited, time spent on pages, click patterns, navigation paths
- Cookie Data: See Section 9 for detailed cookie information
- Location Data: Approximate geographic location based on IP address
3.3 Special Categories of Personal Data
We may process special categories of personal data only with your explicit consent or where permitted by law:
- Health data (only when relevant to our health-focused initiatives)
- Dietary requirements (for event planning)
- Accessibility needs (to ensure inclusive participation)
4. LEGAL BASIS FOR PROCESSING
We process your personal data based on the following legal grounds under Article 6 of the GDPR:
4.1 Consent (Article 6(1)(a))
- Newsletter subscriptions
- Marketing communications
- Cookie placement (non-essential cookies)
- Processing of special categories of data
4.2 Contract Performance (Article 6(1)(b))
- Processing donations
- Event registrations
- Volunteer agreements
- Service delivery
4.3 Legal Obligations (Article 6(1)(c))
- Tax and financial reporting requirements
- Compliance with court orders or legal proceedings
- Anti-money laundering obligations
4.4 Vital Interests (Article 6(1)(d))
- Emergency situations involving health or safety
4.5 Legitimate Interests (Article 6(1)(f))
- Website security and fraud prevention
- Internal administrative purposes
- Direct marketing to existing supporters (with opt-out option)
- Analytics to improve our services
5. PURPOSES OF DATA PROCESSING
We process your personal data for the following purposes:
5.1 Service Delivery
- Managing donations and donor relations
- Organizing and administering events and programs
- Coordinating volunteer activities
- Providing requested information and resources
5.2 Communication
- Responding to inquiries and requests
- Sending newsletters and updates (with consent)
- Event invitations and announcements
- Impact reports and organizational updates
5.3 Legal and Compliance
- Fulfilling legal and regulatory obligations
- Maintaining financial records
- Tax reporting and compliance
- Grant reporting requirements
5.4 Website and Technology
- Ensuring website functionality and security
- Analyzing website usage to improve user experience
- Preventing fraud and unauthorized access
- Technical support and troubleshooting
5.5 Organizational Development
- Statistical analysis and research
- Strategic planning and evaluation
- Fundraising and development activities
- Partnership development
6. DATA SHARING AND DISCLOSURE
We may share your personal data with:
6.1 Service Providers
- Payment processors (for donation processing)
- Email service providers
- Cloud storage providers
- IT support and maintenance providers
- Event management platforms
- Analytics providers
6.2 Professional Advisors
- Legal counsel
- Accountants and auditors
- Consultants bound by confidentiality
6.3 Government Authorities
- Tax authorities
- Regulatory bodies
- Law enforcement (when legally required)
- Courts and tribunals
6.4 Partner Organizations
- Only with your consent
- For collaborative programs and initiatives
- Subject to appropriate data protection agreements
6.5 Business Transfers
In the event of merger, acquisition, or asset sale, personal data may be transferred to the acquiring entity, subject to the same privacy protections.
7. INTERNATIONAL DATA TRANSFERS
As an international foundation, we may transfer personal data outside the European Economic Area (EEA) and Switzerland. When we do so, we ensure appropriate safeguards:
7.1 Adequacy Decisions
Transfers to countries recognized by the European Commission as providing adequate protection.
7.2 Standard Contractual Clauses
Implementation of EU Commission-approved standard contractual clauses for transfers to countries without adequacy decisions.
7.3 Swiss-Specific Requirements
Compliance with Swiss Federal Data Protection Act requirements for international transfers.
7.4 Your Rights Regarding Transfers
You may request information about:
- Countries where your data is transferred
- Safeguards implemented for transfers
- Copies of data transfer agreements
8. DATA RETENTION
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected:
8.1 Retention Periods
- Donation Records: 10 years (legal requirement)
- Financial Records: 10 years (tax and accounting requirements)
- Newsletter Subscribers: Until unsubscribe request
- Event Registrations: 3 years after event
- Website Analytics: 26 months
- Cookie Data: See Cookie Policy (Section 9)
- Employment/Volunteer Records: 7 years after relationship ends
- General Inquiries: 2 years after last interaction
8.2 Retention Criteria
- Legal and regulatory requirements
- Limitation periods for legal claims
- Legitimate business needs
- Consent duration
- Contract performance requirements
9. COOKIES AND TRACKING TECHNOLOGIES
9.1 Types of Cookies We Use
Essential Cookies
- Required for website functionality
- Session management
- Security features
Analytics Cookies
- Google Analytics (with IP anonymization)
- Website performance monitoring
- User behavior analysis
Functional Cookies
- Language preferences
- User interface customization
- Accessibility settings
Marketing Cookies (with consent)
- Social media integration
- Remarketing campaigns
- Conversion tracking
9.2 Cookie Management
You can manage cookie preferences through:
- Browser settings
- Our cookie consent banner
- Cookie preference center on our website
9.3 Do Not Track Signals
We respect Do Not Track browser signals where technically feasible.
10. YOUR RIGHTS UNDER GDPR
Under the GDPR, you have the following rights:
10.1 Right to Access (Article 15)
Request confirmation of whether we process your personal data and obtain a copy of such data.
10.2 Right to Rectification (Article 16)
Request correction of inaccurate or incomplete personal data.
10.3 Right to Erasure/”Right to be Forgotten” (Article 17)
Request deletion of your personal data under certain circumstances.
10.4 Right to Restriction of Processing (Article 18)
Request temporary suspension of processing under specific conditions.
10.5 Right to Data Portability (Article 20)
Receive your personal data in a structured, commonly used, machine-readable format.
10.6 Right to Object (Article 21)
Object to processing based on legitimate interests or for direct marketing purposes.
10.7 Rights Related to Automated Decision-Making (Article 22)
Not be subject to decisions based solely on automated processing that significantly affect you.
10.8 Right to Withdraw Consent
Withdraw consent at any time where processing is based on consent.
10.9 How to Exercise Your Rights
Submit requests to: info@movement-health.org We will respond within one month, extendable by two months for complex requests.
11. DATA SECURITY
We implement appropriate technical and organizational measures to protect personal data:
11.1 Technical Measures
- Encryption of data in transit (SSL/TLS)
- Encryption of sensitive data at rest
- Firewalls and intrusion detection systems
- Regular security updates and patches
- Access controls and authentication
- Regular security audits and penetration testing
11.2 Organizational Measures
- Data protection training for staff
- Confidentiality agreements
- Limited access on need-to-know basis
- Data protection impact assessments
- Incident response procedures
- Regular policy reviews and updates
11.3 Data Breach Notification
In the event of a personal data breach, we will:
- Notify supervisory authorities within 72 hours (where required)
- Inform affected individuals without undue delay (for high-risk breaches)
- Document all breaches and remedial actions taken
12. CHILDREN’S PRIVACY
Our Website and services are not directed to individuals under 16 years of age. We do not knowingly collect personal data from children under 16 without parental consent. If we become aware of such collection, we will promptly delete the data.
For youth programs:
- Parental consent required for participants under 16
- Limited data collection to necessary information only
- Enhanced security measures for minors’ data
- Parental access rights to children’s information
13. THIRD-PARTY LINKS AND SERVICES
Our Website may contain links to third-party websites and services. We are not responsible for their privacy practices. We encourage you to review their privacy policies before providing personal data.
Third-party integrations may include:
- Social media platforms
- Payment processors
- Video hosting services
- External event registration systems
14. PRIVACY BY DESIGN AND DEFAULT
We implement privacy by design principles:
- Data minimization – collecting only necessary data
- Purpose limitation – using data only for stated purposes
- Privacy-friendly default settings
- Data protection considerations in new projects
- Regular privacy impact assessments
15. YOUR CALIFORNIA PRIVACY RIGHTS
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to know about personal information collected
- Right to delete personal information
- Right to opt-out of sale of personal information (we do not sell personal data)
- Right to non-discrimination
16. COMPLAINTS AND SUPERVISORY AUTHORITY
If you have concerns about our data processing, you have the right to lodge a complaint with:
Swiss Supervisory Authority: Federal Data Protection and Information Commissioner (FDPIC) Feldeggweg 1 CH-3003 Bern Switzerland
EU Supervisory Authority: You may also lodge a complaint with the supervisory authority in your EU member state of residence, place of work, or place of alleged infringement.
17. AUTOMATED DECISION-MAKING AND PROFILING
We do not engage in automated decision-making or profiling that produces legal or similarly significant effects on individuals. Any analytics or segmentation we perform is for aggregate reporting and service improvement only.
18. DATA PROTECTION OFFICER
Our Data Protection Officer can be contacted at:
Email: info@movement-health.org
Post: Data Protection Officer The Movement Health Foundation Rue du Rhône 65 c/o MLL Legal 1204 Geneva, Switzerland
19. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy periodically. Changes will be posted on this page with an updated “Last Updated” date. Material changes will be notified via:
- Website banner notification
- Email to registered users (where appropriate)
- News section of our website
We encourage you to review this Privacy Policy regularly. Continued use of our services after changes constitutes acceptance of the updated policy.
20. ACCESSIBILITY
We are committed to ensuring this Privacy Policy is accessible to all users. If you need this policy in an alternative format, please contact us at info@movement-health.org.
21. LANGUAGE
This Privacy Policy is available in English. Translations may be provided for convenience, but in case of discrepancy, the English version prevails.
22. CONTACT INFORMATION
For questions, concerns, or requests regarding this Privacy Policy or our data protection practices:
General Inquiries: info@movement-health.org
Data Protection Officer: info@movement-health.org
Postal Address: The Movement Health Foundation Rue du Rhône 65
c/o MLL Legal 1204 Geneva, Switzerland
ACKNOWLEDGMENT
By using our Website or services, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your personal data as described herein.
Movement Health Foudation
Rue du Rhône 65
c/o MLL Legal 1204 Geneva
Switzerland
info@movement-health.org
Follow Us on Social Media
