- What is this Privacy Notice about?
- Who is responsible for processing your data?
- How do we process data in relation with the membership in our association?
- How do we process data in relation with ethical complaints?
- How do we process data in relation with our products and services?
- How do we process data in relation with advertising?
- How do we process data in relation with our website?
- How do we process data via social media?
- Are there other processing activities?
- How do we work with service providers?
- To whom else do we disclose your personal data?
- Can we disclose data abroad?
- How long do we process personal data?
- What are the legal basis for data processing?
- What are your rights?
- What else is there to consider?
1. What is this Privacy Notice about?
This Privacy Notice explains how we process personal data, primarily in relation with our operations and with our website. If you would like more information about our data processing, please feel free to contact us (sec. 2).
«Personal data» means any information that can be related with a specific individual, and «processing» means any handling of personal data, such as collecting, using, and sharing it.
2. Who is responsible for processing your data?
For the data processing, the following entity is the «controller», i.e., the party that is primarily responsible to ensure compliance with data protection laws (also «we»):
International Association for Analytical Psychology
General-Wille-Strasse 19
8002 Zürich
Switzerland
If you have any questions regarding data protection, please feel free to contact us at the following address: datenschutz@iaap.org or dataprotection@iaap.org
You may provide us with data that relates to other individuals as well (e.g., authorized representatives, family members etc.). In this case, we understand that these data are correct and that you act within your rights when sharing it with us. We may not be in direct contact with these individuals and cannot inform them directly about our data processing, but we ask that you to inform these individuals about our data processing (e.g., by pointing them to this Privacy Notice).
3. How do we process data in relation with the membership in our association?
We carry out data processing activities in relation with the membership in our association, which are also dependent on the kind of membership (Group Membership, Individual Membership or Honorary Membership):
- When a society applies for Group Membership, we process data for the admission process. If you are a founding member of the applying group, we process information about you including name, address, contact details, CV, all according to the guidelines for applying for Group Membership of the IAAP (see “Guidelines for Applying for Group Membership in the IAAP”).
- When a person wishes to become an Individual Member of our association, we (also) process data for the admission process. All applicants for this kind of membership have to follow the Router Training Program to become an Individual Member of our association (see also “Router Handbook” which is handed out to every router and available on request). In this context, we process your name, address, contact details, information on your biography, academic background, professional training, clinical experience as a psychotherapist, participation in the training activities and exam results. Furthermore, we receive and process the data contained in the evaluation reports from your supervisor and in your auto-evaluation. Regarding the data processing in the context of screening interviews and exams for routers see also sec. 5.
- If you are considered as an Honorary Member, we process publicly available data about you, including name, address, contact details, information on your biography, academic background, professional training and experience.
- We process data to manage the membership as well as defend or enforce our rights in relation with our position as an association. We mainly process data you provide to us as a member or that we receive from the Group Members of our association, e.g., name, address, contact details, date of birth, bank account details to pay expenses. As part of your membership, we may inform you by post, e-mail, fax and telephone about current events, upcoming events and reports of events held in order to fulfil the purposes of the association.
- As a member or a router you may become subject to an ethical complaint and thus to a procedure in front of a body of our association. More details are set out in sec. 4.
- We also conduct membership surveys. If the survey is not conducted anonymously, we process data that you provide to us, e.g. master data such as name, address and contact details as well as information from the content of the survey such as current training activities, number of trainees and demographic characteristics of the trainees. The gathered information and compiled statistics support the improvement and development of our association and of analytical psychology generally.
- Photos and videos of members of the association from events may be published on our association website for the purpose of publicity, dissemination of analytical psychology, teaching and announcements. You will receive information about your consent at the events. Of course, you can object to the publication of photos and videos of you at any time. After your objection, we will no longer publish the pictures.
4. How do we process data in relation with ethical complaints?
Complaints against routers are dealt with by the Executive Committee, the executive organ of our association. Its power to conduct investigations and to impose sanctions against routers is laid down in the “Router Handbook” which is available on request.
Complaints against individual members are dealt with by the Ethics Committee, a statutory body of our association, that has the power to conduct investigations and to impose sanctions, according to the rules laid down in “The Responsibilities and Procedures of the Ethics Committee of the IAAP”.
In these contexts, we carry out mainly the following data processing:
- To receive, manage, investigate, and decide on the complaint, we process the complainant’s and respondent’s name, address, contact details, information regarding and contained in the communication between us, the complainant and the respondent and any other necessary information for the purposes mentioned. In particular, we may also process information contained in analytic notes, supervisory notes, personal correspondence and similar materials. The processed data may qualify as sensitive personal data according to the Swiss Federal Data Protection Act (FDPA) and data within the meaning of Art. 9 European General Data Protection Regulation (GDPR).
- In order to investigate a complaint, we must inform the respondent about the complaint, which is done only with the written permission of the complainant. Witnesses may be invited to the meetings held as part of the investigation. The findings of the investigation and the finaldetermination of the competent body are notified to the complainant and respondent and may be notified to IAAP Group Members, Developing Groups and other third parties including competent authorities. In case of an appeal, an Appeals Committee, composed of three senior IAAP members, will consider the grounds for the appeal.
5. How do we process data in relation with our products and services?
When you use our products and services (collectively «services»), we process data for the onboarding/application procedure, the conclusion of a service agreement and for its performance and management:
- We may advertise our services, e.g., through newsletters. More details are set out in sec. 6.
- If we are in contact with you in view of an agreement, we process data, for example if you apply for a screening interview or take an intermediate/final exam. This is mostly data you provide to us, e.g., your name, contact details, date of birth, country of citizenship, information on your biography, academic background, professional training, clinical experience as a psychotherapist etc., details of services requested and the date of agreement. If you apply for a fee reduction, we process the information you provide to us in order to assess your present financial situation. Where required, we may also obtain further data from public registers, the media and the internet.
- If we enter into an agreement with you, we process the data from the onboarding/application procedure and information on the agreement (e.g. the date and the content of the agreement).
- We also process personal data during and after the agreement. Examples are information on the purchase of services, payments, claims, complaints, data on the termination of the agreement and – if there ever should be disputes in relation with the agreement – also on these and related proceedings. In the case of screening interviews and exams, we also process all data required to conduct the interview and the exam and to evaluate your performance, in particular information about your knowledge and skills in analytical psychology. We may use external examiners and interviewers.
For partners who are companies or (other) legal persons, we process less personal data because data protection law applies to data of individuals only. However, we process data of individuals with whom we are in contact, e.g. name, contact details, professional details and details from communication, and details about management persons, etc. as part of the general information about companies with which we cooperate.
6. How do we process data in relation with advertising?
We also process personal data in order to advertise our services and services of partners and to disseminate news about our associations and our partners:
- Newsletter: We send out electronic information and newsletters, which may include advertising for our services. We will ask for your consent before sending out electronic marketing, except for certain offers to existing customers. In addition to your name and e-mail address, we also process information about which services you have used, whether you open newsletters and which links you click on. For this purpose, a service provider we use includes invisible images that are loaded from a server via a coded link and transmits related information. This is a common method that helps us assess the effect of newsletters and optimize them. You can object by setting your email program accordingly (e.g. by switching off automatic loading of images).
- Target audience analysis: We also process data to improve and develop new services, e.g., information about purchases made or reactions to newsletters or information from customer surveys and polls or from social media, media
monitoring services and public sources.
7. How do we process data in relation with our website?
For technical reasons, every time you use our website, some data is collected that is temporarily stored in log files (log data), in particular the IP address of the device, information about the internet service provider and the operating system of your device, information about the referring URL, information about the browser used, date and time of access, and content accessed when visiting the website. We use this data to provide our website, to ensure security and stability, to optimize our website and for statistical purposes.
Our website also uses cookies. These are small files that your browser saves on your device. This allows us to separate individual visitors from others, but usually without identifying visitors. Cookies may also include information about content accessed and the duration of the visit. Certain cookies («session cookies») are deleted when the browser is closed. Others («persistent cookies») are stored for a certain period of time so that we can recognize recurring visitors. We may also use other technologies, such as pixels or browser fingerprints. Pixels are invisible images that are loaded from a server and transmit certain information through a coded link. Fingerprints are information about the configuration of your device that make your device distinguishable from others.
To manage the cookies and similar technologies used (tracking pixels, web beacons, etc.) and related consents, we use the consent tool “Real Cookie Banner”. Details on how “Real Cookie Banner” works can be found here.
You can also use this system to accept only essential cookies. They are grouped in to essential, functional and statistic cookies.
You can also configure your browser in the settings so that it blocks certain cookies, or deletes cookies and other stored data. You can find out more about this in the help pages of your browser (usually under the keyword «Privacy»).
Cookies and other technologies may also be used by third parties that provide services to us. These may be located outside of Switzerland and the EEA (for more information, see sec. 12). For example, we use analytics services so that we can optimize our website. Cookies and similar technologies from third-party providers also enable them to target you with individualized advertising on our websites or on other websites as well as on social networks that also work with this third party and to measure how effective advertisements are (e.g., whether you arrived at our website via an advertisement and what actions you then take on our website). The relevant third-party vendors may record website usage for this purpose and combine their records with other information from other websites. They can record user behavior across multiple websites and devices in order to provide us with statistical data. The providers may also use this information for their own purposes, e.g. for personalized advertising on their own website or other websites. If a user is registered with the provider, the provider can assign the usage data to the relevant person.
Two of the most important third-party providers are Google and Facebook. You can find more information about them below. Other third parties generally process personal and other data in a similar way.
- We use Google Analytics on our website, an analysis service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA, USA) and Google Ireland Ltd (Google Building Gordon House, Barrow St, Dublin 4, Ireland). Google collects certain information about the behavior of users on the website and about the terminal device used. The IP addresses of visitors are shortened in Europe before being forwarded to the USA. Google provides us with evaluations based on the recorded data, but also processes certain data for its own purposes. Information on the data protection of Google Analytics can be found here, and if you have a Google account yourself, you can find further details here.
- Our websites may use the so-called «Facebook Pixel» and similar technologies of Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland («Facebook»). We use these technologies to display the Facebook ads placed by us only to users on Facebook and on partners cooperating with Facebook who have shown an interest in us. We can further use these technologies to track the effectiveness of the Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called «conversion measurement»). Further details can be found here. We share responsibility (but not further processing) with Facebook for displaying advertising information that matches users’ interests, improving ad delivery, and personalizing features and content. We have therefore concluded a corresponding supplementary agreement with Facebook. Users can therefore address requests for information and other data subject requests in relation with shared responsibility directly to Facebook.
8. How do we process data via social media?
We operate our own presences on social networks and other platforms (e.g. Facebook fan pages, YouTube and Vimeo Channel). If you communicate with us there or comment on or redistribute content, we collect information for this purpose, which we use primarily for communication with you, for marketing purposes and for statistical evaluations. Please note that the provider of the platform also collects and uses data (e.g. on user behavior) itself, possibly together with other data known to it (e.g. for marketing purposes or to personalize the platform content). Insofar as we are jointly responsible with the provider, we enter into a corresponding agreement, about which you can obtain information from the provider.
9. Are there other processing activities?
Yes, because many processes are not possible without processing personal data, including standard and even unavoidable internal processes. It is not always possible to determine this precisely in advance, nor the scope of the data processed, but below you will find details of typical (though not necessarily frequent) cases:
- Communication: When we are in contact with you (e.g. when you communicate with us on a social media platform), we process the content as well as information about the nature, timing and location of the communication. For your identification, we may also process information about proof of identity.
- Compliance with legal requirements: We may disclose information to authorities as required by law or in order to comply with internal regulations.
- Organizing and holding of conferences: When you send in proposals for presentations before a congress or a conference and/or when you register for such an event organized by our association alone or jointly with a university or other third party, we process your master data as well as other data necessary for the organization and holding of the conference, e.g. contact details and affiliation. This is mostly data you provide to us, but we may also obtain data from partners involved in the organization and holding of the conference such as a university. We disclose personal data to the service providers who support us in organizing the conferences, insofar as this is necessary for their services. We may also publish your data on our website, e.g. if you act as a presenter or panelist at the conference and subsequently send them to a publisher for publication. Moreover, we conduct surveys to evaluate the conference. If the survey is not conducted anonymously, we process data that you provide to us, e.g. master data and information on how you experienced the conference. We may also analyze the latter data for statistical purposes and in particular to improve future conferences.
- Job applications: If you apply for a job with us, we will process the data we receive from you as part of the application process and, possibly, other data from public sources such as job-related social media. We use this data as part of your application and may also use it for non-personalized statistical purposes. Except for your name and the application date, we will delete the data from unsuccessful applications after six months, unless you give your consent that we may retain your details for further application processes.
- Prevention: We process data to prevent crime and other misuse, for example fraud prevention or for internal investigations.
- Legal proceedings: Where we are involved in legal proceedings (e.g. court or administrative proceedings), we process data such as information about other parties to the proceedings and individuals involved such as witnesses and disclose data to such parties, courts and authorities, possibly also abroad.
- IT security: We also process data for monitoring, controlling, analyzing, securing and assessing our IT infrastructure, as well as for backups and archives.
- Transactions: If we sell or acquire assets, business units or companies, we process data to prepare and execute transactions, e.g. information about customers or their contact persons or employees, and we may also disclose such information to potential buyers or sellers.
- Other purposes: We process data to the extent necessary for other purposes such as training and education, administration (e.g. contract management, accounting, enforcement and defense of claims, evaluation and improvement of internal processes, preparation of anonymous statistics and evaluations; acquisition or disposal of receivables, businesses, parts of businesses or companies and safeguarding other legitimate interests.
10. How do we work with service providers?
We use services from various third parties, especially IT services (examples are providers of hosting or data analysis services), shipping and logistics services and services from banks, the post office, consultants, publishers, etc. In relation with service providers for our website, please see sec. 7.
11. To whom else do we disclose your personal data?
In connection with our processing activities, we also disclose your personal data to other recipients.
We further disclose personal data to service providers as required for their services. This particularly concerns IT service providers, but also consulting companies, analysis and survey service providers, payment service providers, debt collection service providers, marketing service providers, etc. As far as service providers process personal data as processors, they are obliged to process personal data exclusively according to our instructions and to implement data security measures.
Data may also be disclosed to other recipients, e.g. courts and authorities as part of legal proceedings and legal information and cooperation duties, (other) members of our association, to buyers of companies and assets, to financing companies in the case of securitizations, to universities and other partners to organize conferences and other events and to collection agencies.
In individual cases, it is possible that we also disclose personal data to other third parties for their own purposes, e.g. if you have given us your consent to do so or if we are legally obliged or entitled to disclose such data.
12. Can we disclose data abroad?
The recipients of data are not all located in Switzerland, in particular certain service providers (especially in IT). These providers may have locations within the EU or the EEA (e.g. Denmark and Germany), but also in other countries worldwide (e.g. United Kingdom and USA). We may also share data with authorities abroad if we are legally compelled to do so or, for example in relation with a sale of assets or with legal proceedings (see sec. 9). Not all of these countries have adequate data protection. We therefore use appropriate safeguards, in particular the EU standard contractual clauses, which can be found here. In certain cases, we may share data abroad without such safeguards, as permitted under applicable data protection law, e.g., with your consent or where the disclosure is necessary for the performance of the contract, for the establishment, exercise or enforcement of legal claims or for overriding public interests.
13. How long do we process personal data?
We process your personal data as long as it is necessary for the purpose of processing (in the case of contracts, usually for the duration of the contractual relationship), as long as we have a legitimate interest in storing it (e.g. if in order to enforce legal claims, for archiving and or to ensure IT security) and as long as data is subject to a statutory retention obligation (for certain data, for example, a ten-year retention period applies). After these periods have expired, we delete or anonymize your personal data.
14. What are the legal basis for data processing?
Depending on the applicable law, data may only be processed on the basis of legal grounds. This does not apply un der the Swiss Federal Data Protection Act (FDPA), but it does under the European General Data Protection Regulation (GDPR), where it applies. In this case, our processing is based on the following legal bases:
- on your consent (e.g. processing in the context of the Ethics Committee (sec. 4); Article 6(1)(a) and Article 9(2)(a) GDPR),
- that the processing is necessary for the performance of the contract or pre-contractual measures (e.g. regarding the membership of our association (sec. 3) and our services ( 5); Article 6(1)(b) GDPR),
- that the processing is necessary for the establishment or defence of legal claims or civil proceedings (Article 6(1)(f) and Article 9(2)(f) GDPR),
- that the processing is necessary for compliance with domestic or foreign legal provisions (Article 6(1)(c) and (f); Article 9(2)(g) GDPR),
- that the processing is necessary for a legitimate interest in the data processing (e.g. marketing purposes (sec. 6) or the operation and security of our website (see sec. 7)) (Article 6(1)(f) GDPR).
15. What are your rights?
You have certain rights, subject to conditions and restrictions under applicable law:
- You can request a copy of your personal data and further information about our data processing;
- You can object to our data processing, especially in relation with direct marketing;
- You can have incorrect or incomplete personal data corrected or completed or supplemented by a note of dispute;
- You also have the right to receive the personal data that you have provided to us in a structured, common and machine-readable format, insofar as the corresponding data processing is based on your consent or is necessary for the performance of the contract;
- Insofar as we process data on the basis of your consent, you can revoke your consent at any time. The revocation is only valid for the future and we reserve the right to continue to process data based on another basis in the event of a revocation.
If you wish to exercise such a right, please feel free to contact us (sec. 2). As a rule, we will have to verify your identity (e.g. by means of a copy of your ID card). You are also free to file a complaint against our processing of your data with the competent supervisory authority, in Switzerland the Federal Data Protection and Information Commissioner (FDPIC).
16. What else is there to consider?
This Privacy Notice is for information purposes and is not part of a contract with you, even if a contract refers to this Privacy Notice.
You are not obliged to provide data to us, except in some cases (e.g. if you have to fulfil a contractual obligation and this involves disclosing data to us). However, we must process data for legal and other reasons when we conclude and fulfil contracts.
Status of this privacy policy: 22.05.2024