Privacy Policy

This Privacy Policy informs you, in accordance with the revised Swiss Data Protection Act (DPA, in force since September 1, 2023), about which personal data Green Nations Foundation collects when you visit our website, how we process it, on what legal basis this occurs, and what rights you have. The protection of your privacy is our highest priority.

1. Controller

Green Nations Foundation
Stockerstrasse 38
8002 Zurich, Switzerland
E-Mail: welcome@greennations.org
For privacy-related inquiries, please contact us via email with the subject line «Privacy».

2. Collection and Processing of Personal Data

2.1 Server Log Files

When you visit our website, our hosting provider Webflow Inc. automatically collects technical information in so-called server log files:

  • IP address of the requesting device
  • Date and time of access
  • Name and URL of the retrieved file
  • Browser type and version, as well as operating system
  • Referrer URL (previously visited website)
  • HTTP status code and amount of data transferred

These data are technically necessary for the secure operation of the website and are automatically deleted after a maximum of 30 days. No merging with other data sources occurs.

2.2 Contact Form

When you use our contact form, we collect the following data:

  • First and Last Name
  • Organization / Institution
  • Email Address
  • Phone Number (optional)
  • Inquiry Category (e.g., Partnership, Program, Media)
  • Content of your message and category-specific details

This data is used exclusively for processing your inquiry and will not be shared with third parties without your explicit consent.

2.3 Direct Contact via Email

If you contact us via email, we store your email address, name, and message content to process your inquiry. The data will be deleted once the inquiry has been fully processed and any statutory retention period has expired.

3. Legal Bases for Data Processing

The processing of your data is based on the following legal grounds of the Swiss DPA:

  • Consent (Art. 6 para. 6 DPA): Where you have explicitly consented, e.g., by confirming the data protection provisions in the contact form.
  • Contractual Performance: To the extent that processing is necessary for the initiation or fulfillment of a contractual or cooperative relationship.
  • Legitimate Interests (Art. 31 DPA): For technically necessary processing to ensure website operation, provided your fundamental rights do not override them.
  • Legal Obligation: To the extent that processing is required due to legal regulations, e.g., tax-related retention obligations.

4. Purpose of Data Processing

We process your data for the following purposes:

  • Processing and responding to contact and cooperation inquiries
  • Initiating and maintaining partnerships, network relationships, and program participations
  • Provision, operation, and technical improvement of our website
  • Ensuring IT security and preventing misuse
  • Fulfilling statutory retention and documentation obligations
  • Communication in the context of events, dialogue formats, and roundtables
  • Processing media and press inquiries

5. Retention Period

We store your data only for as long as necessary for the respective purposes or as required by legal retention obligations:

  • Server Log Files: automatic deletion after a maximum of 30 days
  • Contact Inquiries: typically 12 months after the inquiry is concluded
  • Cooperation and Partner Data: for the duration of the collaboration plus statutory retention periods (max. 10 years according to OR)
  • Webflow Form Data: max. 6 months in the Webflow dashboard according to Webflow's privacy policy

Upon expiration of the retention period, your data will be deleted or anonymized, provided there are no compelling legal reasons to prevent this.

6. Disclosure of Data to Third Parties

As a general rule, we do not disclose your data to third parties. Exceptions apply only in the following cases:

  • Processors: Technical service providers such as Webflow Inc. act exclusively according to our instructions and are contractually obliged to comply with data protection regulations.
  • Legal Obligation: In the event of an official order or court injunction.
  • With Your Consent: If you have given your express consent.

Your data will explicitly not be disclosed for marketing purposes or sold.

7. Third-Party Services

7.1 Webflow (Hosting)

Our website is hosted by Webflow Inc., 398 11th Street, San Francisco, CA 94103, USA. Webflow processes technical access data on servers in the USA and the EU. Data transfer to the USA is based on the EU Standard Contractual Clauses (SCCs), which Switzerland recognizes as an equivalent standard of protection. Further information can be found at webflow.com/legal/privacy.

7.2 Google Fonts

Our website may use fonts from Google Fonts (Google LLC, USA). If fonts are embedded locally, no data is transferred to Google. If fonts are loaded externally, Google may process your IP address; Google is subject to the EU-US Data Privacy Framework.

7.3 External Links

Our website contains links to external websites. The operators of linked sites are solely responsible for data protection on those pages. We recommend reading their respective privacy policies.

8. International Data Transfer

When using Webflow, your data may be transferred to the USA. The USA does not have a level of data protection comparable to that of Switzerland. The transfer is based on appropriate safeguards pursuant to Art. 16 DPA, particularly through EU Standard Contractual Clauses (SCCs). Should data be transferred to other third countries without an adequate level of data protection, we will obtain your express consent.

9. Cookies and Tracking

9.1 Technically Necessary Cookies

Our website uses technically necessary cookies that are essential for its proper operation. These cookies do not store any personal data and are deleted at the end of your browser session. Consent is not required for these cookies.

9.2 Analytics Cookies

We currently do not use any analytics or tracking cookies beyond those strictly necessary for the technical operation of the website. Should we implement web analytics services in the future, we will request your explicit consent beforehand.

9.3 Cookie Settings

You can restrict or deactivate the use of cookies at any time through your browser settings. Please note that deactivating technically necessary cookies may impair the website's functionality.

10. Your Rights under the Swiss DPA

As a data subject, you have the following rights under the revised Swiss Data Protection Act (DPA):

  • Right of Access (Art. 25 DPA): You have the right to know whether and which data we process about you, for what purpose, and for how long.
  • Right to Rectification (Art. 32 DPA): You can request the correction of inaccurate or incomplete data.
  • Right to Erasure: You can request the deletion of your data, provided there are no legal retention obligations preventing it.
  • Right to Restriction of Processing: Under certain conditions, you can request a restriction on the processing of your data.
  • Right to Object: You can object to the processing of your data based on legitimate interests at any time.
  • Right to Data Portability: You can request that your data be provided in a machine-readable format.
  • Right to Withdraw Consent: You can withdraw any given consent at any time with future effect.

To exercise your rights, please contact welcome@greennations.org (Subject: «Data Protection»). We will process your request within 30 days.

Right to Lodge a Complaint: You can lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC), Feldeggweg 1, 3003 Bern (edoeb.admin.ch).

11. Data Security

We implement appropriate technical and organizational security measures to protect your data from loss, misuse, and unauthorized access. Our measures include:

  • Encrypted data transmission via SSL/TLS (identifiable by «https://» in the address bar)
  • Access restrictions to personal data based on the need-to-know principle
  • Regular review and updating of our security measures
  • Contractual obligation of our service providers regarding data security

Despite all protective measures, complete security cannot be guaranteed when transmitting data over the internet.

12. Minors

Our website is not intended for individuals under 18 years of age. We do not knowingly collect personal data from minors. Should such data be inadvertently transmitted to us, we will delete it immediately.

13. Changes to this Privacy Policy

We reserve the right to amend this privacy policy at any time to comply with current legal requirements or changes to our services. The current version published on our website shall apply. In the event of significant changes, we will inform you in advance, where possible.

As of: April 2026

Do you have any further questions or would you like to learn more?

Get in touch with us – we look forward to hearing from you.
Get in touch