Privacy Policy

Updated on 1 September 2023

Table of Contents

  1. Introduction
  2. Definitions and key terms
  3. Contact Us
  4. Your Consent
  5. What Information Do We Collect?
  6. When does GIB use end user information from third parties?
  7. When does GIB use customer information from third parties?
  8. Do we share the information we collect with third parties?
  9. Where and when is information collected from customers and end users?
  10. How Do We Use The Information We Collect?
  11. Cookies
  12. Blocking and disabling cookies and similar technologies
  13. Links to Other Websites
  14. Data protection provisions about the application and use of monday.com
  15. Data protection provisions about the application and use of LinkedIn
  16. Data protection provisions about the application and use of Twitter
  17. How Do We Use Your Email Address?
  18. Newsletter-Tracking
  19. How Long Do We Keep Your Information?
  20. Can I update or correct my information?
  21. Governing Law
  22. Changes To Our Privacy Policy

1.   Introduction

Thank you for your interest in the Global Infrastructure Basel Foundation. The owner of the personal data that is the subject of this privacy policy (“Privacy Policy”) is the Global Infrastructure Basel Foundation (GIB) (“we,” “our,” or “us”). The protection of your personal information is very important to us, and we would like to explain what information we collect, and how we use and store it. You can use our website without any indication of personal data; however, if you want to use special services via our website, we may have to process some personal data. If that is the case, we will collect, store, and process your data according to this Privacy Policy. If there is no specific provision in this Policy and no statutory basis for such processing, we generally try to obtain consent from the data subject.

We will only ever process your personal data, such as the name, address, e-mail address, or telephone number, in accordance with the new Swiss Federal Act on Data Protection (nFADP), as well as with Regulation (EU) 2016/679(General Data Protection Regulation ”GDPR”[1]) and any other applicable national regulations. The purpose of this Privacy Policy is to inform the general public of the nature, scope, and purpose of the personal data we collect, use and process. We would also like to inform you of your rights with regard to your information, to the extent that it is collected and used by GIB.

This Privacy Policy applies to the GIB website. By accessing or using our Service, you signify that you have read, understood, and agree to our collection, storage, use, and disclosure of your personal information as described in this Privacy Policy and our Terms of Service.

2. Definitions and key terms

To help explain things as clearly as possible in this Privacy Policy, every time any of these terms are referenced, are strictly defined as:

  • Cookie: small amount of data generated by a website and saved by your web browser. It is used to identify your browser, provide analytics, remember information about you such as your language preference or login information.
  • Foundation and/or GIB: when this policy mentions “GIB”, “Foundation”, “we”, “us”, or “our”, it refers to Global Infrastructure Basel Foundation, (Elisabethenstr. 28, 4051 Basel, Switzerland), that is responsible for your information under this Privacy Policy.
  • Country: where GIB is based, in this case is Switzerland
  • Device: any internet connected device such as a phone, tablet, computer or any other device that can be used to visit GIB and use the services.
  • IP address: Every device connected to the Internet is assigned a number known as an Internet protocol (IP) address. These numbers are usually assigned in geographic blocks. An IP address can often be used to identify the location from which a device is connecting to the Internet.
  • Personal Data: any data that relates to an identifiable or identified individual. GDPR covers a broad spectrum of information that could be used on its own, or in combination with other pieces of information, to identify a person. Personal data extends beyond a person’s name or email address. Some examples include financial information, political opinions, genetic data, biometric data, IP addresses, physical address, sexual orientation, and ethnicity.
    The Data Protection Principles include requirements such as:
    • Personal data collected must be processed in a fair, legal, and transparent way and should only be used in a way that a person would reasonably expect.
    • Personal data should only be collected to fulfil a specific purpose and it should only be used for that purpose. Organisations must specify why they need the personal data when they collect it.
    • Personal data should be held no longer than necessary to fulfil its purpose.
    • Data subjects have the right to access their own personal data. They can also request a copy of their data, and that their data be updated, deleted, restricted, or moved to another organisation.
  • Data subject: Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing. In the context of this Privacy Policy, the term “data subject” may, depending on the context, refer either to the person submitting sensitive information or to the project that this sensitive information refers to.
  • Processing: Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  • Restriction of processing: Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.
  • Profiling: Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
  • Pseudonymisation: Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
  • Controller or controller responsible for the processing: Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
  • Processor: Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
  • Recipient: Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with European Union, EU Member State or Swiss law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
  • Service: refers to the service provided by GIB as described in the relative terms (if available) and on this platform.
  • Third-party service: refers to advertisers, contest sponsors, promotional and marketing partners, and others who provide our content or whose products or services we think may interest you.
  • Website: GIB’s website, which can be accessed via this URL: https://gib-foundation.org
  • You: a person or entity that is registered with GIB to use the Services.
  • Consent: Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

3. Contact Us

Don’t hesitate to contact us if you have any questions.

  • Via Email:
  • Via Phone Number: +41612051080
  • Via this Link: https://gib-foundation.org
  • Via this Address: Elisabethenstr. 28, 4051 Basel, Switzerland

4. Your Consent

We’ve updated our Privacy Policy to provide you with complete transparency into what is being set when you visit our site and how it’s being used. By using our GIB website, you hereby consent to our Privacy Policy and agree to its terms.

5. What Information Do We Collect?

We generally don’t collect information from you when you visit our website. The website uses Cookies, that allow to recognise our website users. The purpose of this recognition is to make it easier for users to use our website.Furthermore, we will also use third-party websites and platforms for surveys, newsletters and social media channels. Please visit the related section along with this Privacy Policy to read more about the collection of user data through these third parties.

6. When does GIB use end user information from third parties?

GIB will collect End User Data necessary to provide the GIB services to our users. End users may voluntarily provide us with information they have made available on social media websites. If you provide us with any such information, we may collect publicly available information from the social media websites you have indicated. You can control how much of your information social media websites make public by visiting these websites and changing your privacy settings.

7. When does GIB use customer information from third parties?

We receive some information from third parties when you contact us. We receive information from a third party that provides automated fraud detection services to GIB. We also occasionally collect information that is made publicly available on social media websites. You can control how much of your information social media websites make public by visiting these websites and changing your privacy settings.

8. Do we share the information we collect with third parties?

No, we don’t.

We will only share your information with third parties when that is necessary or appropriate in order to respond to claims, legal process (including subpoenas), to protect our rights and interests or those of a third party, the safety of the public or any person, to prevent or stop any illegal, unethical, or legally actionable activity, or to otherwise comply with applicable court orders, laws, rules and regulations.

9. Where and when is information collected from customers and end users?

GIB will collect personal information that you submit to us. We may also receive personal information about you from third parties as described above.

10. How do we use the information we collect?

Any of the information we collect from you may be used in one of the following ways:

  • To personalise your experience (your information helps us to better respond to your individual needs);
  • To improve our website (we continually strive to improve our website offerings based on the information and feedback we receive from you);
  • To administer a contest, promotion, survey or other site feature; or
  • To send periodic e-mails.

11. Cookies

GIB website uses “Cookies” to identify the areas of our website that you have visited. A Cookie is a small piece of data stored on your computer or mobile device by your web browser. We use Cookies to enhance the performance and functionality of our website. Not all Cookies are essential to the use of our website. However, without these cookies, certain functionalities (such as embedded videos) may become unavailable or require you to log in every time you visit the website. Most web browsers can be set up to block and disable the use of Cookies. However, if you disable Cookies, you may not be able to access the full functionality of our website correctly, or at all. We never place Personally Identifiable Information in Cookies.

12. Blocking and disabling cookies and similar technologies

Wherever you’re located, you may also set your browser to block cookies and similar technologies, but this action may block our essential cookies and prevent our website from functioning properly, and you may not be able to fully use all of its features and services. You should also be aware that you may also lose some saved information (e.g. saved log-in details, site preferences) if you block cookies on your browser. Different browsers make different controls available to you. Disabling a cookie or category of cookie does not delete the cookie from your browser; you will need to do this yourself from within your browser, you should visit your browser’s help menu for more information.

13. Links to Other Websites

This Privacy Policy applies only to the Services. The Services may contain links to other websites not operated or controlled by GIB. We are not responsible for the content, accuracy or opinions expressed in such websites, and such websites are not investigated, monitored or checked for accuracy or completeness by us. Please remember that when you use a link to go from the Services to another website, our Privacy Policy is no longer in effect. Your browsing and interaction on any other website, including those that have a link on our platform, is subject to that website’s own rules and policies. Such third parties may use their own cookies or other methods to collect information about you.

14. Data protection provisions about the application and use of Monday.com

On this website, the controller has integrated components of Monday.com. The Monday.com platform is a cloud-based visual work management tool that transforms the way teams work together, with the aim to build a culture of transparency, ownership and  accountability, inclusive of any and all functionalities, application programming interface and tools offered as part of the Monday.com platform, offered online and via a mobile application.

Monday.com (with its principal place of business at 6 Yitzhak Sadeh St., Tel-Aviv 6777506, Israel), is a GDPR-compliant data processor that has signed a Data Processing Addendum with us and treats any information collected and processed on their servers in accordance with the requirements of the GDPR. You can consult their privacy policy at https://monday.com/l/privacy/privacy-policy/.

15. Data protection provisions about the application and use of LinkedIn

The controller has integrated components of the LinkedIn Corporation on this website. LinkedIn is a web-based social network that enables users with existing business contacts to connect and to make new business contacts. The operating company of LinkedIn is LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, UNITED STATES. For privacy matters outside of the UNITED STATES LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland, is responsible.

With each call-up to one of the individual pages of this Internet site, which is operated by the controller and on which a LinkedIn component (LinkedIn plug-in) was integrated, the Internet browser on the information technology system of the data subject is automatically prompted to the download of a display of the corresponding LinkedIn component of LinkedIn. Further information about the LinkedIn plug-in may be accessed under https://developer.linkedin.com/plugins. During the course of this technical procedure, LinkedIn gains knowledge of what specific sub-page of our website was visited by the data subject.

If the data subject is logged in at the same time on LinkedIn, LinkedIn detects with every call-up to our website by the data subject—and for the entire duration of their stay on our Internet site—which specific sub-page of our Internet page was visited by the data subject. This information is collected through the LinkedIn component and associated with the respective LinkedIn account of the data subject. If the data subject clicks on one of the LinkedIn buttons integrated on our website, then LinkedIn assigns this information to the personal LinkedIn user account of the data subject and stores the personal data.

LinkedIn receives information via the LinkedIn component that the data subject has visited our website, provided that the data subject is logged in at LinkedIn at the time of the call-up to our website. This occurs regardless of whether the person clicks on the LinkedIn button or not. If such a transmission of information to LinkedIn is not desirable for the data subject, then he or she may prevent this by logging off from their LinkedIn account before a call-up to our website is made.

LinkedIn provides under https://www.linkedin.com/psettings/guest-controls the possibility to unsubscribe from e-mail messages, SMS messages and targeted ads, as well as the ability to manage ad settings. LinkedIn also uses affiliates such as Eire, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua, and Lotame. The setting of such cookies may be denied under https://www.linkedin.com/legal/cookie-policy. The applicable privacy policy for LinkedIn is available under https://www.linkedin.com/legal/privacy-policy. The LinkedIn Cookie Policy is available under https://www.linkedin.com/legal/cookie-policy.

16. Data protection provisions about the application and use of X (formerly known as Twitter)

On this website, the controller has integrated components of X. X is a multilingual, publicly-accessible microblogging service on which users may publish and spread short messages which are available to everyone, including those who are not logged on to X. These messages are also displayed to so-called followers of the respective user. Followers are other X users. Furthermore, X allows you to address a wide audience via hashtags, links or re-posts.

The operating company of X is X Corp, 1355 Market Street, Suite 900, San Francisco, CA 94103 U.S.A. With each call-up to one of the individual pages of this Internet site, which is operated by the controller and on which a Xcomponent (X button) was integrated, the Internet browser on the information technology system of the data subject is automatically prompted to download a display of the corresponding component of X. During the course of this technical procedure, X gains knowledge of what specific sub-page of our website was visited by the data subject. The purpose of the integration of the X component is a retransmission of the contents of this website to allow our users to introduce this web page to the digital world and increase our visitor numbers.

If the data subject is logged in at the same time on X, X detects with every call-up to our website by the data subject and for the entire duration of their stay on our Internet site which specific sub-page of our Internet page was visited by the data subject. This information is collected through the X component and associated with the respective Xaccount of the data subject. If the data subject clicks on one of the X buttons integrated on our website, then Xassigns this information to the personal X user account of the data subject and stores the personal data.

X receives information via the X component that the data subject has visited our website, provided that the data subject is logged in on X at the time of the call-up to our website. This occurs regardless of whether the person clicks on the X component or not. If such a transmission of information to X is not desirable for the data subject, then he or she may prevent this by logging off from their X account before a call-up to our website is made.

The applicable data protection provisions of X may be accessed under https://twitter.com/en/privacy.

17. How do we use your email address?

This website offers users the opportunity to subscribe to GIB’s newsletter. The input mask used for this purpose determines what personal data are transmitted, as well as when the newsletter is ordered from the controller.

GIB informs its customers and business partners regularly by means of a newsletter about GIB’s most recent activity, as well as about interesting topics from the world of sustainable development. GIB’s newsletter may only be received by the data subject if (1) the data subject has a valid e-mail address and (2) the data subject registers for the newsletter. A confirmation e-mail will be sent to the e-mail address registered by a data subject for the first time when signing up for the newsletter, for legal reasons, in the double opt-in procedure. This confirmation e-mail is used to prove whether the owner of the e-mail address is the data subject who requested the newsletter subscription.

During the registration for the newsletter, we also store the IP address of the computer system assigned by the Internet service provider (ISP) and used by the data subject at the time of the registration, as well as the date and time of the registration. The collection of this data is necessary in order to understand the (possible) misuse of the e-mail address of a data subject at a later date, and it therefore serves the aim of the legal protection of the controller.

The personal data collected as part of a registration for the newsletter will only be used to send our newsletter. In addition, subscribers to the newsletter may be informed by e-mail, as long as this is necessary for the operation of the newsletter service or a registration in question, as this could be the case in the event of modifications to the newsletter offer, or in the event of a change in technical circumstances. There will be no transfer of personal data collected by the newsletter service to third parties. The subscription to our newsletter may be terminated by the data subject at any time. The consent to the storage of personal data, which the data subject has given for the newsletter, may be revoked at any time. For the purpose of revocation of consent, a corresponding link is found in each newsletter. It is also possible to unsubscribe from the newsletter at any time directly on the website of the controller, or to communicate this to the controller in a different way.

We use the online marketing platform Mailchimp to deliver our newsletter to you. If you have any questions or concerns regarding the privacy of the information stored and processed by Mailchimp, please consult their privacy policy, using the following link: https://mailchimp.com/legal/privacy/.

18. Newsletter-tracking

The GIB newsletter contains so-called tracking pixels. A tracking pixel is a miniature graphic embedded in such e-mails, which are sent in HTML format to enable log file recording and analysis. This allows a statistical analysis of the success or failure of online marketing campaigns. Based on the embedded tracking pixel, GIB may see if and when an e-mail was opened by a data subject, and which links in the e-mail were called up by data subjects.

Such personal data collected in the tracking pixels contained in the newsletters are stored and analysed by the controller in order to optimise the newsletter, as well as to adapt the content of future newsletters even better to the interests of the data subject. These personal data will not be passed on to third parties. Data subjects are at any time entitled to revoke the respective separate declaration of consent issued by means of the double-opt-in procedure. After a revocation, these personal data will be deleted by the controller. GIB automatically regards a withdrawal from the receipt of the newsletter as a revocation.

19. How long do we keep your information?

We keep your information only so long as we need it to provide GIB to you and fulfill the purposes described in this policy. This is also the case for anyone that we share your information with and who carries out services on our behalf. When we no longer need to use your information and there is no need for us to keep it to comply with our legal or regulatory obligations, we’ll remove it from our systems.

20. Can I update or correct my information?

As user of the GIB website you have a series of rights regarding the data the website is collecting.

  1. Right of confirmation

Each data subject shall have the right to obtain from the controller the confirmation as to whether or not personal data concerning him or her are being processed. If a data subject wishes to avail himself of this right of confirmation, he or she may, at any time, contact our Data Protection Officer.

  1. Right of access

Each data subject shall have the right to obtain from the controller free information about his or her personal data stored at any time and a copy of this information. Furthermore, the subject has access to the following information:

  • the purposes of the processing;
  • the categories of personal data concerned;
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
  • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  • the existence of the right to request from the controller rectification or erasure of personal data, or restriction of processing of personal data concerning the data subject, or to object to such processing;
  • the existence of the right to lodge a complaint with a supervisory authority;
  • where the personal data are not collected from the data subject, any available information as to their source;
  • the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.

Furthermore, the data subject shall have a right to obtain information as to whether personal data are transferred to a third country or to an international organisation. Where this is the case, the data subject shall have the right to be informed of the appropriate safeguards relating to the transfer.

If a data subject wishes to avail himself of this right of access, he or she may, at any time, contact our Data Protection Officer.

  1. Right to rectification

Each data subject shall have the right granted by the European legislator to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

If a data subject wishes to exercise this right to rectification, he or she may, at any time, contact our Data Protection Officer.

  1. Right to erasure (Right to be forgotten)

Each data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay, and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies, as long as the processing is not necessary:

  • The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
  • The data subject withdraws consent to which the processing is based according to point (a) of Article 6(1) of the GDPR, or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing.
  • The data subject objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR.
  • The personal data have been unlawfully processed.
  • The personal data must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
  • The personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.

If one of the aforementioned reasons applies, and a data subject wishes to request the erasure of personal data stored by GIB, he or she may, at any time, contact any employee of the controller. An employee of GIB shall promptly ensure that the erasure request is complied with immediately.

Where the controller has made personal data public and is obliged pursuant to Article 17(1) to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other controllers processing the personal data that the data subject has requested erasure by such controllers of any links to, or copy or replication of, those personal data, as far as processing is not required. An employee of GIB will arrange the necessary measures in individual cases.

  1. Right of restriction of processing

Each data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:

  • The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
  • The processing is unlawful and the data subject opposes the erasure of the personal data and requests instead the restriction of their use instead.
  • The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise, or defence of legal claims.
  • The data subject has objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.

If one of the aforementioned conditions is met, and a data subject wishes to request the restriction of the processing of personal data stored by GIB, he or she may at any time contact our Data Protection Officer, who will arrange the restriction of the processing.

  1. Right to data portability

Each data subject shall have the right to receive the personal data concerning him or her, which was provided to a controller, in a structured, commonly used and machine-readable format. He or she shall have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, as long as the processing is based on consent or on a contract pursuant to point (b) of Article 6(1) of the GDPR, and the processing is carried out by automated means, as long as the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Furthermore, in exercising his or her right to data portability, the data subject shall have the right to have personal data transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others.

In order to assert the right to data portability, the data subject may at any time contact our Data Protection Officer.

  1. Right to object

Each data subject shall have the right to object, on grounds relating to his or her particular situation, at any time, to processing of personal data concerning him or her. This also applies to profiling based on these provisions.

GIB shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.

If GIB processes personal data for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing. This applies to profiling to the extent that it is related to such direct marketing. If the data subject objects to the processing of his or her information for direct marketing purposes, GIB will no longer process the personal data for these purposes.

In addition, the data subject has the right, on grounds relating to his or her particular situation, to object to processing of personal data concerning him or her by GIB for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

In order to exercise the right to object, the data subject may contact our Data Protection Officer. In addition, the data subject is free in the context of the use of information society services to use his or her right to object by automated means using technical specifications.

  1. Automated individual decision-making, including profiling

Each data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her, or similarly significantly affects him or her, as long as the decision (1) is not is necessary for entering into, or the performance of, a contract between the data subject and a data controller, or (2) is not authorised by any law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, or (3) is not based on the data subject’s explicit consent.

If the decision (1) is necessary for entering into, or the performance of, a contract between the data subject and a data controller, or (2) it is based on the data subject’s explicit consent, the Global Infrastructure Basel shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and contest the decision.

If the data subject wishes to exercise the rights concerning automated individual decision-making, he or she may, at any time, contact our Data Protection Officer.

  1. Right to withdraw data protection consent

Each data subject shall have the right to withdraw his or her consent to processing of his or her personal data at any time.

If the data subject wishes to exercise the right to withdraw the consent, he or she may, at any time, contact our Data Protection Officer.

21. Governing law

This Privacy Policy is governed by the laws of Switzerland without regard to its conflict of laws provision. You consent to the exclusive jurisdiction of the courts in connection with any action or dispute arising between the parties under or in connection with this Privacy Policy except for those individuals who may have rights to make claims under Privacy Shield, or the Swiss-US framework.

The laws of Switzerland, excluding its conflicts of law rules, shall govern this Agreement and your use of the website. Your use of the website may also be subject to other local, state, national, or international laws.

By using the GIB website, you acceptance this Privacy Policy. If you do not agree to this Privacy Policy, you should not engage with our website, or use our services. Continued use of the website, direct engagement with us, or following the posting of changes to this Privacy Policy that do not significantly affect the use or disclosure of your personal information will mean that you accept those changes.

22. Changes to our privacy policy

We may change our Service and policies, and we may need to make changes to this Privacy Policy so that they accurately reflect our Service and policies. Unless otherwise required by law, we will notify you (for example, through our Service) before we make changes to this Privacy Policy and give you an opportunity to review them before they go into effect. Then, if you continue to use the Service, you will be bound by the updated Privacy Policy. If you do not want to agree to this or any updated Privacy Policy, please do not use our website.

[1] GDPR is an EU-wide privacy and data protection law that regulates how EU residents’ data is protected by companies and enhances the control the EU residents have, over their personal data. The GDPR is relevant to any globally operating company and not just the EU-based businesses and EU residents. Our customers’ data is important irrespective of where they are located, which is why we have implemented GDPR controls as our baseline standard for all our operations worldwide – https://gdpr.eu/what-is-gdpr/?cn-reloaded=1