Fondation Orbis Pictus

Fondation

Orbis Pictus

Privacy Policy

Data protection and privacy information.

Last updated: April 2026

1. Controller

The controller responsible for data processing on this website is:

Fondation Orbis Pictus
Route de Pré-Bois 14, c/o Acris Management SA
1216 Cointrin, Switzerland
Email: contact@orbispictus.org

2. Legal Framework

This privacy policy is issued pursuant to the Swiss Federal Act on Data Protection (nFADP/nDSG), in force since 1 September 2023, and the associated Data Protection Ordinance (DPO/DSV). Where the Foundation processes personal data of individuals in the European Union or European Economic Area, the General Data Protection Regulation (EU GDPR) also applies.

3. Personal Data We Collect

We may collect the following categories of personal data:

  • Contact data: Name, email address, postal address, telephone number, organisation affiliation — when you contact us via the enquiry form, email, or post.
  • Technical data: IP address, browser type, operating system, referral source, pages visited, date and time of access — collected automatically by our web server.
  • Communication data: Content of messages you send us, including any attachments or supplementary materials.

4. Purposes and Legal Basis

We process personal data for the following purposes:

Responding to enquiries

Legal basis (nFADP): legitimate interest in communicating with interested parties. GDPR: Art. 6(1)(f) legitimate interests.

Website operation and security

Legal basis (nFADP): legitimate interest in maintaining a secure, functional website. GDPR: Art. 6(1)(f) legitimate interests.

Institutional communications

Legal basis (nFADP): consent. GDPR: Art. 6(1)(a) consent. You may withdraw consent at any time.

Legal compliance

Legal basis (nFADP): legal obligation. GDPR: Art. 6(1)(c) compliance with a legal obligation.

5. Data Sharing

We do not sell or rent personal data to third parties. We may share personal data with:

  • Service providers: Third-party providers who assist with website hosting, email delivery, or IT services, under appropriate data processing agreements.
  • Legal obligations: Authorities or courts where required by Swiss or applicable law.

Where data is transferred to a country outside Switzerland or the EU/EEA, we ensure that adequate safeguards are in place (e.g. standard contractual clauses, adequacy decisions by the Swiss Federal Council or the European Commission).

6. Data Retention

Personal data is retained only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Specifically:

  • Enquiry data: Retained for the duration of the correspondence plus 2 years, unless a longer retention period is required for legal or regulatory reasons.
  • Technical logs: Automatically deleted after 90 days.
  • Communication subscriptions: Retained until you withdraw consent.

7. Cookies and Tracking

This website uses cookies — small text files stored on your device. We distinguish between:

  • Essential cookies: Required for the website to function correctly. These do not require consent.
  • Non-essential cookies: Used for analytics or similar purposes. These are only set with your explicit consent, which you may provide or withdraw at any time via our cookie settings.

You may also manage cookies through your browser settings. Note that blocking essential cookies may impair website functionality.

8. Your Rights

Under the nFADP and, where applicable, the GDPR, you have the following rights regarding your personal data:

  • Right of access: You may request information about whether and what personal data we process about you.
  • Right to rectification: You may request correction of inaccurate personal data.
  • Right to erasure: You may request deletion of your personal data, subject to legal retention obligations.
  • Right to data portability: You may request that your data be provided in a commonly used, machine-readable format (GDPR only).
  • Right to object: You may object to the processing of your personal data where it is based on legitimate interests.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at contact@orbispictus.org or by post at the address above. We will respond within 30 days.

9. Supervisory Authority

If you believe that the processing of your personal data infringes applicable data protection law, you may lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC):

Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter (EDÖB)
Feldeggweg 1
3003 Bern, Switzerland
www.edoeb.admin.ch

If the GDPR applies to your situation, you may also lodge a complaint with the relevant supervisory authority in your EU/EEA member state.

10. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or applicable law. The date of the most recent revision is indicated at the top of this page. We encourage you to review this policy periodically.