© 2022 Stiftung Fourfold 

Stiftung Fourfold 
Zürcherstrasse 156
8645 Rapperswil-Jona

Number: CHE-404.909.294 

Commercial Register Bureau:
Amt für Handelsregister und Notariate Kanton SG

Data Privacy Policy

as of  1 January 2023

With this privacy policy, Stiftung Fourfold (hereinafter referred to as we or the Foundation) informs you how we collect, use and disclose personal data. This is not an exhaustive description; other privacy policies or general terms and conditions, conditions of participation and similar documents may govern specific matters. Personal data is understood to be all information that relates to an identified or identifiable person. 

1. Who is responsible for processing your personal data?

Stiftung Fourfold is deemed to be the data controller. If you have any data protection concerns, you can contact us at the following address: 

Stiftung Fourfold
Zürcherstrasse 156 
8645 Rapperswil-Jona 

2. What kind of personal data do we process? 

We primarily process the personal data that we receive from applicants, recipients of grants, our suppliers and other business partners in the course of our grant or business relationship and communication with them and other persons involved, or that we collect from users during the operation and use of our websites, apps and other applications and offers. To the extent permitted, we may also obtain certain data from publicly accessible sources (e.g., debt collection registers, land registers, commercial registers, press, Internet) or receive such data from authorities and other third parties (such as credit agencies). 

The categories of personal data that we process about you may include, in particular, the following data: 

  • Contact information: in particular, first and last name, address, contact person, telephone number, e-mail address, gender, information related to your professional functions and activities; 
  • Data related to outreach and communication: in particular, invitations and participation in events and special activities, personal preferences and interests; 
  • Communication data: Data exchanged in or in relation to contact with us, in particular preferred communication channel, communication by letter, telephone, fax, e-mail, text and picture messages, contact form; 
  • Data about your financial situation: in particular, creditworthiness data, scoring or rating data, any recorded restrictions on the ability to act; 
  • Data from public registers, e.g. information from the commercial register; 
  • Information that we learn in connection with official and judicial proceedings
  • Information from the media and the Internet about your person if this is relevant in the specific case. 
  • Contract data: in particular, payment data, payment details, invoice and delivery details, products ordered and purchased, information in connection with queries, information from banks, insurance companies, distributors and other contractual partners of us for the use or provision of services; information about you, which you or persons from your environment (employer, consultants, legal representatives, etc.) give us, so that we can conclude contracts with you, with the involvement of you or process them;

If you are a grant recipient or if you apply for a grant, we may process additional categories of personal data about you, in particular: 

  • Data related to a request for individual grants and the grant relationship: in particular, nationality, type of residence permit, date of birth, civil or partnership status; training, education, professional activities; curriculum vitae; data related to your children, including name and date of birth; data related to your spouse, including profession and income; details related to the proposed training or course of studies, including reasons, costs and budget; employment and income information; data related to your financial situation, receipt of social benefits and other grants; list of applications to other foundations; 
  • Health data related to a request for individual grants and the grant relationship: in particular, data related to an illness or health problem, ability to work; 
  • Data related to a request for project grants and the grant relationship: in particular, description of the project, including reasons for the application, budget, costs, details and development of the project, references, governance structures and bodies, profiles and curriculum vitae of board, management and team members, track record, project report; 

If you use our website, we may process additional categories of personal data about you, in particular: 

  • Data related to the use of our website, server protocol (whereby this is mostly non-personal data): in particular connection data, IP address and other identifiers (e.g. user name in social media, MAC address of the smartphone or computer, data from cookies and similar technologies), date and time of the visit to our website, duration of the visit to the website, requested Internet address (Uniform Resource Locator, URL), referrer URL (i.e. the Internet address of the website from which you accessed our website, if applicable with the search term used), browser type and version, operating system used, amount of data sent in bytes, and the search term used, location data, pages and content accessed, functions used; 

3. What are the sources of the personal data we process? 

We may receive personal data from the following sources: 

  • Direct sources: In principle, we process personal data that we receive directly from you, for example if you submit a request for individual grants or project grants or in the course of our business relationship, the use of the website, or in direct communication via e-mail, telephone or other means. 
  • Indirect sources: In certain cases, we may indirectly collect personal data. This happens when someone else (e.g. a social welfare officer) recommends you to us. In addition, we may receive supplementary information from data sources (e.g. credit agencies, social media). We may obtain personal data from publicly accessible sources (e.g. from debt enforcement registers or debtor directories, land registers, commercial and association registers, the press, the Internet). In individual cases, it is possible that personal data is derived from the combination of various non-personal data. 

4.   What are the purposes and possible legal bases for Fourfold’s data processing? 

We may process personal data in accordance with applicable data protection law, in particular the provisions of the Swiss Data Protection Act (DPA), for the following purposes (all together Processing Purposes) and, if necessary under applicable data protection law, on the basis of the following legal bases: 

 a.        For the performance of the contract 

We process personal data in direct connection with the conclusion and processing of contracts with recipients of grants, and our suppliers and business partners, in particular in the context of supporting individuals, projects and institutions or creating facilities that pursue the objectives of the Foundation, and the purchase of products and services from our suppliers. This also includes, among other things, the processing of requests and applications and the handling of queries. The purposes of data processing and any further data protection information can be found in the respective contract documents, terms and conditions and/or conditions of participation. 

 b.        To fulfill legal obligations 

We process personal data in order to comply with our legal or regulatory obligations in Switzerland and abroad. If you work for one of the recipients of grants, our suppliers or business partners, your personal data may also be affected in this capacity. Processing purposes include, but are not limited to: 

  • Documenting compliance with certain legal and regulatory requirements; 
  • Participating in investigations and proceedings, cooperating with and responding to inquiries from authorities and courts. 

c.        To safeguard legitimate interests 

We also process personal data for the following purposes if this is necessary to protect the legitimate interests of us or of third parties or to protect legitimate public interests: 

  • Offer and further development of our offer: in particular, offering and further developing our grant activities, services, websites, online services and other platforms on which we are present; 
  • Ensuring business operations: in particular, coordinating and optimizing activities with other Foundations, communicating with other Foundations and third parties, processing inquiries (e.g. advertisements, media inquiries); 
  • Ensuring IT security and IT operations: in particular, troubleshooting, operation and further development of our IT systems, our website, web store and other platforms, identity checks, protection of IT assets, our employees and other persons, and assets (e.g., through network and mail scanners); 
  • Quality control: in particular, preparing reports on users, transactions, activities, services and other business aspects of the Foundation for corporate management and development, preparing statistics, budgets, records and management information, organizing business operations, project management, research, development and further development of activities; 
  • Outreach and communication: in particular, market and opinion research, media monitoring, web analysis and tracking (e.g. by means of cookies), use, testing and optimization of demand analysis methods (e.g. tracking user behavior, activities, preferences and needs), improving our visibility, publicizing the content of our activities (e.g. by means of social media plug-ins), sending newsletters and communication material (personalized messages), conducting events; 
  • Business relationships: in particular, maintaining and developing business relationships, managing the users of our website, communication, service and support, also outside the scope of the execution of contracts; 
  • Risk management: in particular, consultation and exchange of data with credit information agencies to determine creditworthiness and default risks; 
  • Ensuring compliance: in particular, verification of compliance with legal and internal rules of the Foundation; 
  • Dealing with legal disputes: in particular assertion of legal claims and defense in connection with legal disputes and official proceedings; 
  • Self-protection and protection of third parties: in particular, protection of third parties and our employees, our data, trade secrets and assets as well as assets that have been entrusted to us, safeguarding of house rights, security of our facilities and buildings (e.g. access controls, video surveillance); 
  • Prevention and investigation of criminal offenses and other misconduct: in particular, combating abuse, collecting evidence, conducting internal investigations, data analysis to combat fraud. 

d.        Based on your consent 

If you have given us consent to process your personal data for certain purposes, we process your personal data within the scope of and based on this consent, unless we have another legal basis and we require such a basis. Consent given can be revoked at any time, but this has no effect on data processing that has already taken place. 

5.  Which cookies, tracking and other technologies are related to the use of our website? 

We typically use cookies and similar technologies on our websites that allow us to store information on your device or access information stored on your device. This allows us to better understand user behavior, e.g. to provide our services in a technically error-free, secure, user-friendly and demand-oriented manner: 

  •  Cookies: These are small text files that are stored in the cookie file on your computer's hard drive when you visit our website. Through the use of cookies, your browser receives an identifier and shows it on request to. You can change your cookie preferences here.

Most of the cookies we use are so-called session cookies. These save your entries while you navigate on the website within the same session (e.g. so that your shopping cart contents are not lost). Session cookies are automatically deleted after your visit to our website. Permanent cookies, on the other hand, remain stored on your device for several sessions and allow us to recognize your browser the next time you visit the website (and, for example, to perform an automatic log-in or to display the website in your preferred language and according to your preferences). We use persistent cookies to remember your preferences (e.g., language, autologin), to help us understand how you use our services and content, and to provide you with customized offers and advertisements (which may also occur on other companies' websites; however, we do not tell them who you are, if we even know, because they only see that the same user is on their website who was on a particular page on ours). Some of the cookies are set by us, and some are set by contractors with whom we work. If you block cookies, certain functionalities (such as language selection) may no longer work. Permanent cookies are deleted when their expiration date is reached or if you delete them beforehand. Most browsers are set to accept cookies by default. 

  • Plug-ins (also social plug-ins, social media plug-ins or social share plug-ins): You can recognize plug-ins by the corresponding network logo or the "Like" or "Share" buttons on our website. By clicking on the plug-in, you can share content from our website on social networks. The plug-in reports to the social network that your IP address is visiting our website. This can happen even if you are not logged into the social network or are not a member of the social network. If you are logged into the social network, the social network can assign your surfing behavior directly to your profile there. 

The social network is responsible for the processing of your personal data transmitted with the plug-in and the data protection provisions of the respective social network apply. We do not obtain precise knowledge of the content and scope of the transmitted data and its use by the social network and do not exercise any influence on it. As a rule, this involves the following data: website visited, data transmitted by your browser (IP address, browser type and version, operating system, time) and your identification number in the social network, provided you are registered there as a user. If you share content via a plug-in, you are not authorized to speak on our behalf. These are your own expressions, for which we are not responsible and liable. 

  • Analysis-Tools: We use Google Analytics on our website. This is a service of Google LLC in the USA (Google) (, with which we can measure and evaluate the use of the website (not personal). Permanent cookies that Google sets are also used for this purpose. Google does not receive any personal data from us (and does not retain any IP addresses), but it can track your use of the website, combine this information with data from other websites that you have visited and which are also tracked by Google, and use this information for its own purposes (e.g. controlling advertising). If you have registered yourself with Google, Google also knows you. The processing of your personal data by Google then takes place under the responsibility of Google in accordance with its data protection provisions. Google only informs us how our website is used (no information about you personally). 

Cookies and similar technologies generally do not provide personal data, but only anonymous traffic data related to your device (e.g., your IP address) and statistical data (e.g., number and type of website visits). However, to the extent that the identifiers collected are classified as personal data by applicable law, we treat them as such. In addition, we sometimes combine non-personal data collected using these technologies with other personal data held by the Foundation. When we combine data in this way, we treat the combined data as personal data for the purposes of this Privacy Policy. 

By using our website and consenting to receive newsletters and other Foundation emails, you consent to the use of the above-mentioned technologies. If you do not wish to do so, you can block or delete the cookies and similar technologies via the privacy settings of your browser and email program, whereby the deletion may under certain circumstances affect the use of our website.  

6.  To whom may we disclose personal data? 

Within the Foundation, access to your data is granted to those offices and functions that need them to fulfill the aforementioned Processing Purposes. 

In addition, we may disclose personal data to the following categories of recipients, all collectively referred to as the Recipient, provided that the disclosure serves to fulfill the aforementioned Processing Purposes: 

  • Service providers (including commissioned data processors and vicarious agents), in particular in Switzerland and partly also abroad; 
  • Business partners, including suppliers; 
  • Recipients of grants; 
  • Organizations, associations, organizations and other bodies; 
  • Parties to potential or actual legal proceedings; 
  • Local, national and foreign authorities, agencies and courts; 
  • The public, including visitors to websites and social media; 

If we transfer personal data to third parties, the respective current data protection regulations of the third parties are also applicable. The third parties may be jointly responsible with us or act as order processors.  

7.  May we transfer personal data abroad? 

If you apply for a grant from outside of Switzerland, we may transfer personal data in the country you are located, which can be anywhere in the world. We may transfer personal data to Recipients in other countries, in particular of the EU and the EEA and in any other country of the world as well as to the countries in which our service providers process their data (such as countries of the EU). 

Personal data may be transferred to a country without adequate data protection legislation, provided that: 

  • We ensure adequate protection, namely by means of sufficient contractual guarantees such as the standard contractual clauses of the European Commission and binding corporate rules. You can obtain a copy of the contractual guarantees from the contact point mentioned above or find out from them where such a copy can be obtained. We reserve the right to black out such copies for data protection reasons or for reasons of confidentiality or to supply only excerpts; 
  • You give your express consent; 
  • It is necessary for the execution of a contract with you or of a contract in your interest;  
  • It is necessary for the fulfillment of a legal obligation;  
  • It is necessary to safeguard overriding public interests, to establish, exercise or enforce legal claims or to protect the life or physical integrity of you or third parties; 
  • You have made the personal data generally accessible and do not expressly prohibit processing; or 
  • The personal data originate from a register provided for by law, which is public or accessible to persons with an interest worthy of protection, insofar as the legal requirements for inspection are met in the individual case. 

8.  How long can we retain personal data? 

We process and store personal data as long as it is necessary for the Processing Purpose for which we collected it (e.g. for the duration of the entire grant or business relationship from the initiation and processing to the termination of a contract). In addition, there may be a contractual or legal obligation to retain or document data (e.g. in accordance with the Swiss Code of Obligations, Value Added Tax Act, etc.). It is possible that personal data will be stored for the time during which claims can be asserted against the Foundation and insofar as we are otherwise legally obligated to do so or legitimate business interests require this (e.g. for evidence and documentation purposes). We thus store contract-related personal data in principle for the duration of the contractual relationship and for ten years beyond the termination of the contractual relationship. 

If the personal data is no longer required for the fulfillment of the processing purpose, it will be deleted or anonymized as far as possible. Subject to an express written agreement, we are under no obligation to you to retain personal data for a specific period of time. 

9. How do we protect personal data? 

We take appropriate technical and organizational security measures to protect your personal data from unauthorized access and misuse, such as the issuance of warnings, training, IT and network security solutions, access controls and restrictions, encryption of data media and transmissions, pseudonymization, and other controls. 

10.  Do we use automated decision making? 

For the establishment and implementation of a grant or business relationship and also otherwise, we do not use any fully automated automatic decision-making (as regulated, for example, in article 22 GDPR). Should we use such procedures in individual cases, we will inform you separately and inform you of the associated rights, insofar as this is required under the applicable law. 

11.   What are your rights? 

You have the right to:  

  • Information about personal data concerning you; 
  • Correction, deletion or destruction of personal data; 
  • Objection to the processing of personal data; 
  • Revocation of consent if the processing of personal data is based on your consent. The revocation is possible at any time and is effective for the future. The revocation does not affect the lawfulness of the data processing that took place until the revocation; 
  • Data output and transmission in certain cases and in a common electronic format that allows further use and transmission; 
  • We will inform you separately about your rights in connection with any automated individual decision-making, insofar as this is required by law. For the establishment and implementation of the grant or business relationship, we do not use any automated individual decision-making processes.  

To exercise your rights, please contact the Foundation using the contact details mentioned above. In addition, you can use any options embedded in our services (e.g. link in an e-mail to unsubscribe from a newsletter, privacy settings in your user account). The exercise of your rights generally requires that you can clearly prove your identity (e.g. by a copy of your ID where your identity is not otherwise clear or can be verified). We also draw your attention to the fact that by deleting your personal data, services are no longer available or can no longer be used, in whole or in part, and that the exercise of these rights may conflict with contractual agreements and this may have consequences such as the premature termination of the contract or cost consequences. We will inform you in advance if this is not already contractually regulated. 

We reserve the right to restrict your rights within the framework of the applicable law and, for example, not to provide any or complete information or not to delete data. 

You have the right to enforce your claims in court or to file a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner ( 

12. Do you have any obligations in relation to personal data? 

In the context of our grant or business relationship, you must provide the personal data that is required for the establishment and implementation of a grant or business relationship and the fulfillment of the associated contractual obligations (you do not usually have a legal obligation to provide us with data). Without this data, we will generally not be able to enter into or perform a contract with you (or the entity or person you represent). Also, our website cannot be used if certain traffic-securing information (such as IP address) is not disclosed. 

If you provide us with personal data of other persons (e.g. data of project beneficiaries, work colleagues or family members), please make sure that these persons are aware of this privacy policy and only share their personal data with us if you are allowed to do so and if this personal data is correct.  

Please note that the Internet is generally not a secure environment because it is an open network that can be accessed by anyone. Therefore, we also appeal to your personal responsibility with regard to the handling of your personal data. To the extent permitted by law, we exclude liability for the security of data that you transmit to us via the Internet (e.g. by e-mail) or other electronic channels and for any direct or indirect damage. We ask you to choose other communication channels, should this appear necessary or reasonable for security reasons. 

13. May we modify this privacy policy? Where can you find the current version? 

The Foundation may amend this privacy policy at any time without prior notice. The current version published on our website shall apply. If the privacy policy is part of an agreement with you, we shall inform you about the change of the privacy policy by e-mail or by other suitable means.