Eilinger Stiftung - Privacy Policy

Privacy Policy

With this privacy policy, we would like to inform users of this website about how we collect and process their personal data (hereinafter "data") as part of our activities. We also provide information about the rights of the persons whose data we process. With regard to the terms used, we refer to the definitions in Art. 3 of the Federal Act on Data Protection (FADP).

Responsible

Eilinger Stiftung
Seeweg 45
8264 Eschenz, Schweiz
info@eilingerstiftung.ch

Data categories and purposes of data processing

Data category	Purpose
Contact details (e.g. name, e-mail address, address, telephone number)	As part of the application process, contact details are collected for the following purposes: Log-in for the website Making contact Assignment of applications Contact details can also be used for the activity report and the annual report
IP address	As part of the application, the IP address is collected for the following purposes: Use of the website
Education data (e.g. completed training, qualifications)	As part of the application for a scholarship, the applicant's educational data is requested. These can also be seen in the applicant's CV. The data is used for the following purposes: Evaluation of the application
Family data (e.g. names and information of children, parents or spouses)	As part of the application, data relating to parents, children, siblings, spouses or other related persons are requested. This is for the following purposes: Evaluation of the application Decision on financial aid Overview of the applicant's living situation
Financial data (e.g. account data, details of assets, other support)	As part of the application, financial data is collected for the following purposes: Evaluation of the application Disbursement of financial aid
Information provided voluntarily	In addition to the above-mentioned data, voluntarily provided data may be processed as part of the application and contact process

Data transfer to third parties

We do not transfer any of your data to third parties or to a third country. Your data will only be processed by the members of the Eilinger Foundation.

Cookies

In order to ensure the functioning of the website and to make its use as user-friendly as possible, cookies are collected on the website. These are all mandatory, i.e. technically necessary for the functioning of the website, and therefore cannot be switched off. No marketing or analysis cookies are collected.

Name of the cookie	Function	Meaning
XSRF-Token	When you perform an action on a web page that involves a form submission or an AJAX request, a unique token is embedded in the form or request. This token is generated by the server and is only valid for a specific session. When the request is sent, the server checks whether the token sent matches the expected token. If this is the case, the request is accepted and the action is executed. Otherwise, the request is rejected.	An XSRF (Cross-Site Request Forgery) token is a security mechanism used to prevent certain types of attacks on web applications. These attacks occur when an attacker sends a request on your behalf to another website without your knowledge or consent. The XSRF token is a type of "secret code" that is sent with each form or request on a web page and is used to ensure that the request is actually from you and not from a malicious attacker.
eilinger_stiftung_session	The function of a session token in a website are manifold: User session identification: The session token allows the web server to identify the session of a particular user. When a user logs in to a website, they are assigned a unique session token that is valid for the duration of their session. Maintaining session state: The session token is used to maintain the state of the user session. This means that information about the logged-in user and other relevant data can be stored and retrieved during the user's interaction with the website without the user having to log in repeatedly. Authentication and authorization: The session token is often used to verify a user's authenticity and ensure that they can access certain resources or functions of the website for which they are authorized Security: Session tokens must be secure to prevent malicious attackers from stealing or manipulating them to gain unauthorized access. Therefore, they are often encrypted and transmitted using security mechanisms such as HTTPS. Expiration and destruction: Session tokens usually have a limited validity period, after which they expire and can no longer be used. This helps to increase security and ensure that outdated sessions are no longer active.	A session token is a string used to identify and manage a specific session between a user and a website. It is used to maintain the state of the user session as the user navigates and interacts with the website. Overall, the session token is an essential part of web development that helps to improve the user experience, ensure security and efficiently manage the interaction between users and websites.

Name of the cookie

Function

Meaning

XSRF-Token

When you perform an action on a web page that involves a form submission or an AJAX request, a unique token is embedded in the form or request. This token is generated by the server and is only valid for a specific session. When the request is sent, the server checks whether the token sent matches the expected token. If this is the case, the request is accepted and the action is executed. Otherwise, the request is rejected.

An XSRF (Cross-Site Request Forgery) token is a security mechanism used to prevent certain types of attacks on web applications. These attacks occur when an attacker sends a request on your behalf to another website without your knowledge or consent. The XSRF token is a type of "secret code" that is sent with each form or request on a web page and is used to ensure that the request is actually from you and not from a malicious attacker.

eilinger_stiftung_session

The function of a session token in a website are manifold:

User session identification: The session token allows the web server to identify the session of a particular user. When a user logs in to a website, they are assigned a unique session token that is valid for the duration of their session.
Maintaining session state: The session token is used to maintain the state of the user session. This means that information about the logged-in user and other relevant data can be stored and retrieved during the user's interaction with the website without the user having to log in repeatedly.
Authentication and authorization: The session token is often used to verify a user's authenticity and ensure that they can access certain resources or functions of the website for which they are authorized
Security: Session tokens must be secure to prevent malicious attackers from stealing or manipulating them to gain unauthorized access. Therefore, they are often encrypted and transmitted using security mechanisms such as HTTPS.
Expiration and destruction: Session tokens usually have a limited validity period, after which they expire and can no longer be used. This helps to increase security and ensure that outdated sessions are no longer active.

A session token is a string used to identify and manage a specific session between a user and a website. It is used to maintain the state of the user session as the user navigates and interacts with the website.

Overall, the session token is an essential part of web development that helps to improve the user experience, ensure security and efficiently manage the interaction between users and websites.

Your rights

The DPA provides a number of rights for data subjects. If you wish to exercise any of these rights, please contact us via mail. The exercise of one of the rights may require that your identity is verified.

In particular, data subjects have the following rights:

Right of access: You have the right to know whether the controller is processing data about you and, if so, the right to access a copy of that data. This is subject to the restrictions of the right of access pursuant to Art. 26 FADP.
Right to data rectification: You have the right to have your data rectified at any time.
Right to data surrender or transfer: You have the right to the surrender or transferability of your data in a common electronic format.
Right to erasure: You have the right to erasure of your data as long as the legal requirements are met. This refers in particular to the fact that the data is no longer used for the purposes for which it was collected, to support legal disputes or to comply with legal retention obligations.
Right to lodge a complaint: You have the right to lodge a complaint with the competent supervisory authority. This is the data protection authority responsible for your place of residence, your place of work or the place of the alleged infringement.
Right to withdraw consent: Where processing is based on your consent, you may have the right to withdraw that consent at any time, without affecting the processing carried out prior to the withdrawal of consent.

Changes to the privacy policy

The controller reserves the right to change this privacy policy at any time without prior notice.