We want you to understand the type of information we collect. In this Notice, “Personal Data” means any information relating to an individual who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data or an online identifier.

We do not collect or process sensitive data as defined by the FADP and the GDPR.

--

1.1. Personal Data provided by you

We obtain Personal Data from you when you communicate or share information with us, or when you use one of our online services, such as subscribing to newsletters, registering for an event, applying for a job, making a donation, purchasing carbon credits...

This information is only collected with your knowledge and permission and is stored in various GSF databases and mailing lists.

We collect Personal Data that you make available to us, including:

• contact information: name, surname, gender, nationality, address, postal code and country, email address, telephone number, social network details, your job title, your company/organization’s name.
• payment and financial information: any information that we need in order to fulfil an order, or that you use to make a purchase, such as your debit or credit card details (cardholder name, card number, expiration date, etc.) or other forms of payment (if provided). In each case, we or our payment processing provider(s) will handle payment and financial information in a manner that complies with applicable laws, regulations and security standards such as PCI DSS.
• market research & consumer feedback: any information that you voluntarily share with us about your experience of using our products and services.
• any other materials you willingly submit to us: on career opportunities, you can provide your CV, references and motivation for applying to a vacancy, job title, availability date, salary desired, linkedin account, eligibility to work in targeting countries.

--

1.2. Personal Data collected automatically

We and our third-party partners automatically collect information when you navigate and interact with our Website or newsletters such as your browser type and operating system, the web pages you view, the links you click, your device address (IP), the time and  date of access, your language preferences, the length of time you spend on our Website, and the referring URL, or webpage that led you to our Website, the information or keywords you search for on the Website.

This information is captured using automated technologies such as cookies and web beacons, and third-party tracking for analytics and advertising purposes. 

We also rely on analytics and tools used to prevent spam and other security risks associated with the use of abusive automated software. You can choose your preferences about cookies and other trackers by accessing the preference center on our Website. Visit our Cookie policy for more information on the types of cookies and other trackers we use on our Website.

You have the right to object to the use of such technologies for further details please see Article 7.1.

--

1.3. Third-party sources

We have third-party sources and our Website has links to websites or social media platforms, such as (without limitation) Facebook, X, Instagram, Youtube, Linkedin and Tiktok, that collect information about you when you visit them.

GSF does not control the processing of Personal Data by these third parties, and we encourage you to review the privacy notices of these third parties for more information.

--

1.4. Minors

Our Website is typically intended for general audiences. We do not knowingly collect or solicit Personal Data from anyone under the age of 18. If you are under 18, please do not attempt to register on our Website or send any Personal Data about yourself to us. If we learn that we have collected Personal Data from a child under the age of 18, we will delete that information as soon as possible. If you believe that a child under the age of 18 has provided us with Personal Data, please contact us at [email protected]. To use our Website, you must be at least 18 years old and capable of entering into legally binding agreements.

We are using and processing your Personal Data to:

• provide and manage our Website and Services;
• manage and administer our relationship with you;
• process donations and manage donor relations;
• improve our Website and Services;
• improve our communication and marketing;
• ensure legal and regulatory obligations;
• ensure the security of our Website and Services and prevent payment fraud;
• inform you about our activities, events, and updates;
• improve our analytics and reporting.

--

2.1. Purpose of Personal Data we collect directly from you via our Website

We use Personal Data mainly for the following purposes:

a) for purposes made clear to you at the time you submit your Personal Data through these situations:

• when you place an order on the project marketplace and confirm your purchases, we will fulfil your orders, manage your orders, deliver your products or services and may ask for post-purchase customer testimonials;
• when you support us with a donation, we will manage your orders, send you administrative information or ask for post customer testimonials;
• when you sign-up to our newsletter, we will send you GSF information, or marketing and promotional communications;
• when you sign up for technical updates, we will send you the relevant information and offer support;
• when you wish to attend GSF events such as webinars, training sessions, workshops, physical events, roundtables, we will manage your participation or send you administrative information, marketing and promotional communications, or request user feedback to improve the user experience or inquire post customer testimonials;
• when you complete a helpdesk contact form, we will respond to enquiries and offer support;
• when you complete a branding contact form, we will respond to enquiries and offer support;
• when you complete a survey, enquiry or provide feedback, we will respond to enquiries, improve user experience and ask for post customer testimonials;
• when you complete a VVB exam;
• when you sign-up to become an NGO supporter;
• when you open an account in the GSF impact registry, we will create and manage user accounts, send administrative information and enforce terms, conditions and policies;
• when you apply for a job, we will manage and process your job application in line with our recruitment obligations – for example, we may process data to obtain references, or to conduct criminal and background checks.

b) GSF will retain your shopping history and use details of the Services you have purchased to suggest other Services that we think may interest you.

c) GSF will retain and evaluate information about your recent visits to our Website and how you move around different sections of our Website for analytics purposes to understand how people use our Website so that we can make it more intuitive.

d) GSF will retain and evaluate your feedback to improve the user experience and make your journey smoother, to help us improve our services and better meet your needs.

e) GSF will keep a record of the articles on our Website that you have clicked on and will use this information to provide you with targeted advertising on this Website that is relevant to your interests as identified by us based on the articles you have read.

--

2.2. Purpose of Personal Data collected automatically

The Personal Data collected automatically is mainly used to identify, monitor and prevent potential cases of abuse and fraud.

The Personal Data collected automatically is also used for our purposes, such as data analysis, establish statistical information regarding the usage and traffic of the Website and Services, audits, developing new Services, enhancing, improving or modifying the Website, identifying usage trends, determining the effectiveness of our promotional campaigns, and operating and expanding our activities, some of which may be shared with or used by our vendors and their technologies and tools.  

The statistical information is not otherwise aggregated in such a way as to identify any particular user of the system. Log files are kept to ensure the functionality and security of the website and server infrastructure.

--

2.3. Purpose of Personal Data received from other sources

We may receive Personal Data about you from third parties acting on your behalf or from our partners who work with us.

--

2.4. Purpose of Personal Data from Payment processing

For Services that require payment, you may be required to provide your credit card details or other payment account information, which will be used solely for the purpose of processing payments. We use third-party payment processors ("Payment Processors") to help us securely process your payment information.

Payment Processors comply with the latest security standards as managed by the PCI Security Standards Council. We will only share payment data with the Payment Processors to the extent necessary for the purposes of processing your payments, refunding such payments, and dealing with complaints and queries relating to such payments and refunds.

The Payment Processors’ use of your Personal Data is governed by their respective privacy notices which may or may not contain privacy protections as protective as this Notice. We encourage you to review their respective privacy notices.

The provision of Personal Data on our Website is optional. If you choose not to provide Personal Data you can still browse and use our Website but you will not be able to carry out certain actions such as (without limitation) purchasing items, registering for a newsletter or applying for a job.

4.1. GSF do not sell your Personal Data or disclose Personal Data we collect about you, except as described in this Notice or as disclosed to you at the time of data collection.

--

4.2. GSF operates globally and will share your Personal Data with the following parties in each case always in accordance with applicable data protection laws, including obtaining your consent where required under law:

• GSF headquarter in Geneva, our affiliates, our subsidiaries, other entities within GS;
• our trusted donors;
• our partners, our NGO supporters, our approved vendors;
• our contracted companies' partners, our sub-processors;
• our service providers: these are external companies that we use to help us run our activities. For example, we engage support providers to provide (a) general office support including printing, document production and management, archiving, and translation services; (b) accounting, finance and billing support; (c) IT functions including systems management and security, data storage, analytics, business applications, voice mail and system replication for business continuity/disaster recovery purposes; (d) marketing service providers; (e) payment service providers and (f) conflict checking, risk management and quality reviews.
• the people you have named as references in your application, should they be of interest to GSF; your name, surname and the details of your resume on which we wish to receive feedback;
• third parties for compliance, anti-fraud, and security purposes, including where required to do so by applicable law or legal process, as evidence in litigation in which we are involved or where we believe disclosure is necessary to protect the individuals’ personal safety and vital interests of individuals, to enforce our terms and conditions, protect GSF from harm or financial loss, or in connection with an investigation of suspected or actual fraudulent or illegal activity;

We require those parties to only process Personal Data in accordance with our instructions and as necessary to perform services on our behalf or in compliance with applicable law. We also require them to safeguard the security and confidentiality of Personal Data by implementing appropriate technical and organizational security measures.

--

4.3. GSF will also disclose your Personal Data to governmental authorities or law enforcement officials as required by law or for administrative purposes and to the extent permitted and/or required by applicable law:  (i) to comply with the law, legal actions or lawful request of the authorities or (ii) in the good faith belief that such action is necessary in order to conform to the requirements of law or comply with legal process served on us, or to protect and defend our legitimate interests in accordance with applicable law.

The Website is controlled and operated by GSF from Switzerland.

Personal Data may be transferred to, and stored at, a destination outside Switzerland and the European Union. It may also be stored and processed by staff operating outside Switzerland and the European Union, who works for GSF, agents, service providers or contractors.

When we transfer Personal Data outside Switzerland and the European Union, GSF  will ensure that it is protected in a manner that is consistent with how we protect Personal Data in Switzerland and the European Union.

We ensure that there is a legal basis for such a transfer and that adequate protection of your Personal Data is provided as required by applicable law, for example, by using standard contractual clauses approved by the European Commission or relevant authorities (where required) and by requiring the use of other appropriate technical and organisational information security measures.

GSF may transfer your Personal Data to countries including but not limited to:

• Switzerland
• United Kingdom
• EEA
• USA
• Canada
• India
• Australia

From a geographical point of view, GSF favors whenever possible processors and hosting facilities located in Switzerland and the European Union.

We do not store your Personal Data longer than necessary and only for as long as is necessary to fulfil the purposes set out above. Retention periods may vary depending on the categories of Personal Data categories and the processing activities.

To determine the appropriate retention period for your Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether those purposes can be achieved by other means, and the applicable legal requirements:

• where you have given your consent, until you withdraw it;
• where we have entered into an agreement with you, for the duration of that agreement plus any applicable local statute of limitations;
• where we have a legitimate interest in using your Personal Data, for a limited period of time appropriate to ensure a fair processing of your Personal Data or until you object to our use of your Personal Data, unless we have compelling legitimate grounds for the continued processing which override your interest in objecting or for the establishment, exercise or defence of legal claims;
• where we are required to comply with a legal obligation, the retention period will be determined in accordance with the applicable law;
• where your Personal Data is required to for the establishment, exercise or defence of against legal claims, we will retain your Personal Data until the end of the relevant retention period or until the claims in question have been settled.

At the end of the retention period, your Personal Data will be deleted or anonymised using processes and methods that comply with data protection standards.

Please note that once the retention period is over, and except in the case of our archives, Personal Data may be deleted or anonymised, and as such, out of scope from data protection regulation and from this Notice.

7.1. Every user is entitled to the following:

• right to access: you have the right to access information about your Personal Data stored by us commonly known as “data subject access request” (DSAR). This enables you to receive a copy of the Personal Data we hold about you;
• right to rectification: you have the right to request that GSF correct any information you believe is inaccurate. You also have the right to request GSF to complete the information you believe is incomplete;
• right to erasure: you have the right to ask us to erase your Personal Data under certain conditions;
• right to restriction of processing: you have the right to request that the processing of your Personal Data be restricted under certain conditions;
• right to data portability: you have the right to request that GSF transfer the data we have collected to another organization or directly to you, under certain conditions;
• right to object to processing: you have the right to object to the processing of your information if the processing is carried out on a legal basis other than your consent;
• right to withdraw your consent at any time if the processing of your Personal Data is based on your consent;
• right not to be subject to any automated decision making and profiling;
• right to lodge a complaint to the supervisory authority.

--

7.2. Consumers residing in California are afforded certain additional rights with respect to their Personal Data under the California Consumer Privacy Act ("CCPA"). If you are a California resident, this section applies to you. In addition, to the rights set forth in this Notice, California residents who provide Personal Data as defined by the CCPA to obtain services for personal, family, or household use are entitled to request and receive from us per calendar year, information about the categories and specific pieces of Personal Data we have collected and disclosed. In this regard, California residents have the right to request deletion of their Personal Data or to opt-out of the sale of their Personal Data which may include selling, disclosing, or transferring Personal Data to another organization or a third party for monetary or other valuable consideration. To do so, simply contact us. We will not discriminate against you for exercising your rights under the CCPA.

If you have any questions about the information, we may hold about you or if you wish to exercise your rights, you may use the following data subject request form to submit your request: DSAR

We may request specific information from you to confirm your identity or to process your request.

All requests will be processed within one month of receipt. This period may be extended by an additional two months depending on the complexity and number of requests. In this case, we will contact you within one month of receiving your request to inform you of the delay and the reasons for it, and we will provide you with an estimate of when the information will be available.

Depending on the scope of the request, and where permitted by applicable law, we may charge reasonable fees to cover the costs incurred in connection with the request.

We may deny your right to access to your Personal Data in limited circumstances in accordance with applicable laws and regulations, but in all cases, we will provide you with an explanation of our position, subject to legal restrictions.

If you have any other questions, concerns, or complaints regarding this Notice, we encourage you to contact us using the details below:

Gold Standard Foundation address:

International Environment House 2.

Chemin de Balexert 7-9

1219 Châtelaine

Geneva, Switzerland.

Data Protection Office email: ,[email protected]

If you feel unsatisfied with our handling of Personal Data, you have the right to lodge a complaint with your supervisory authority.

GSF will not discriminate against you for exercising your privacy rights.

9.1. Cookies/Similar Technologies

Please see our Cookie Policy to learn how you can manage your cookie settings and for detailed information about the cookies we use and the purposes for which we use them.

--

9.2. Log Files

We collect information in the form of log files that record Website activity and compile statistics about your browsing habits. These records are automatically generated, and help us troubleshoot problems, improve performance and maintain the security of our Website.

--

9.3. Web Beacons

Web beacons (also known as “web bugs”) are small strings of code that deliver a graphic image on a web page or in an email for the purpose of transferring data back to us. The information collected via web beacons includes information such as your IP address, as well as information about how you respond to an email campaign (e.g. at what time the email was opened, what links you clicked on in the email, etc.). We may use web beacons on our Website or in emails we send to you. We use web beacon information for a variety of purposes, including but not limited to, site traffic reporting, unique visitor counts, advertising, email auditing and reporting, and personalisation.

We secure information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use, or disclosure. We maintain reasonable administrative, technical, and physical safeguards in an effort to protect against unauthorized access, use, modification, and disclosure of Personal Data in our control and custody. However, no data transmission over the Internet or wireless network can be guaranteed.

GSF maintains appropriate precautions and technical measures to protect against any loss, misuse, unauthorised access, disclosure, alteration or destruction of your Personal Data, in line with internationally recognised standards.

Therefore, while we strive to protect your Personal Data, you acknowledge that:

• there are security and privacy limitations of the Internet which are beyond our control;
• the security, integrity, and privacy of any and all information and data exchanged between you and the Website and Services cannot be guaranteed; and
• any such information and data may be viewed or tampered with in transit by a third party, despite best efforts.

As the security of Personal Data depends in part on the security of the device you use to communicate with us and the security you use to protect your credentials, please take appropriate measures to protect this information.

We reserve the right to modify this Notice or its terms related to the Website at any time at our discretion. If we do so, we will revise the updated date at the end of this page. We may also, at our discretion, provide notice to you by other means, such as through the contact information you have provided.

An updated version of this Notice will be effective immediately upon the posting of the revised Notice unless otherwise specified. Your continued use of the Website and Services after the effective date of the revised Notice (or other action specified at that time) will constitute your consent to those changes. However, we will not, without your consent, use your Personal Data in a manner materially different to what was stated at the time your Personal Data was collected.