Data protection
We treat your data as confidential. ETH Zurich endeavours only to collect personal data that is absolutely necessary for carrying out its tasks (data minimisation).
General information
We handle the data we store with care and protect it from misuse. We also choose not to share usage data about our web presence with third parties without your consent. In accordance with Article 13 of the Swiss Federal Constitution and data protection regulations, every person is entitled to have their privacy protected and to have their personal data protected against misuse. ETH Zurich upholds this principle on its web presence.
Scope
This Privacy Policy applies for the centrally managed web presence of ETH Zurich under the domain “ethz.ch” and personal data collected there, as well as for all subdomains (e.g. “sce.ethz.ch”), provided they explicitly refer to this Privacy Policy. For all other subdomains or websites connected with ETH, different or additional privacy policies and notices may apply and, in this case, we refer you to the creators of the websites in question for more precise information. Individual departments, projects or teams at ETH Zurich operate applications that can be used via the web or smartphones. In these cases, different or additional data protection regulations may apply for specific use cases.
This privacy policy may be amended at any time without advance notice.
Hyperlinks
ETH Zurich does not have any influence over external pages to which it shares hyperlinks, nor over external pages that share hyperlinks to the content of ETH Zurich. By extension, we cannot guarantee in respect of external pages that the information and services they contain are correct or that they are free of malware (such as viruses). The respective external service provider bears full responsibility for these and we therefore do not accept any responsibility for such websites or web services.
What happens to your data?
Storage and deletion
Where possible, we try to limit the processing of personal data on ETH Zurich web pages to data that is required to provide a functioning, user-friendly internet presence and to fulfil our statutory duty, and, in addition, to data that you provide us with of your own accord. Personal data that we collect is only stored for as long as required to fulfil the purpose in question. Legal requirements or other obligations may result in longer periods of storage.
Storage of data when filling in a form
If you fill in a form on an ETH web page, we will collect the data that you enter. This data may also be shared with third parties to fulfil the purpose in question. In addition, we store metadata (IP address, timestamp, browser) in order to trace abuse or for troubleshooting and bug fixing.
Storage of data when commenting on news posts
If you comment on a news post on an ETH web page, we will store and publish the information that you enter when sending the comment. This includes your surname, first name, location and text. In the case of forms, we also store certain metadata (IP address, timestamp, browser) in order to trace abuse or for troubleshooting and bug fixing.
This data is stored on our servers alongside the comment and will remain in the system for the same amount of time as the comment itself or up to a maximum of ten years. After ten years, news posts are archived in a web archive. Under certain circumstances, the publicly visible data is forwarded to applications, such as the ETH smartphone app.
Storage of data for the purpose of sending newsletters
In order to send newsletters, we use Adobe Experience Manager, Sympa1 or Inxmail Professional2, in addition to our content management system (CMS). In doing so, we store your email address and all other specific details that we collected when you signed up for the newsletter in question. All of this data is stored in Switzerland or the EU and may be deleted by the end user via a link in the respective email.
Storage of data for the purpose of web analytics
We use the “Piano Analytics” web analytics service provided by Applied Technologies Internet GmbH, Leonardstrasse 52-58, 80636 Munich, Germany (“AT Internet”) and Google Tag Manager to process data left behind when you visit ETH websites. Both tools perform targeted statistical evaluation and analysis of usage data to optimise and develop our web presence and to find new and maintain existing customers. This data may include your (anonymised) IP address, geographical location, browser type and version, operating system, referral source, duration of the visit, pages visited and website navigation routes, as well as information about duration, frequency and patterns of use of the website. Some data is transferred directly to Piano Analytics, while other data is first sent to Google Tag Manager. Google Tag Manager does not store any usage data, but only forwards it on to Piano Analytics. In both cases, we anonymise your IP address prior to processing, so that your identity can no longer be inferred. Web analytics data is stored in the cloud at Piano Analytics for a maximum of four years.
ETH Zurich has concluded a data processing agreement with the service provider of Piano Analytics (AT Internet). All web analytics data will remain within the EU in anonymised form. You can find more information about data protection at AT Internet on their website3. Google provides information about data protection for Google services4, such as Google Tag Manager which we use.
Cookies
We use cookies on our website. Cookies are small text files that are stored on your computer for a set period of time when you visit an ETH page. Cookies help us to statistically measure your usage of our website and continuously improve it. For example, we receive information about how many visitors are affiliated with ETH or whether they would prefer not to be tracked by us. You can deactivate some or all cookies at any time by adjusting your browser settings or you can delete them manually. If cookies are deactivated, you may no longer be able to use all the features of our website. Moreover, we only use first-party cookies. We do not use cookies from third-party services, such as advertising networks or social media platforms, or do not do so without your explicit consent.
General cookies
Cookie name | Provider | Purpose | Duration of storage |
---|---|---|---|
_cookie_test | ETH Zurich | Determines whether the browser accepts cookies. | 1 day |
CONSENT | YouTube | Used to determine whether the visitor has consented to allowing embedded YouTube videos to play. | 2 years |
eth-search | ETH Zurich | Is stored locally on the user’s device and contains no personal data. |
Web statistics cookies
Cookie name | Provider | Purpose | Duration of storage |
---|---|---|---|
_pctx | Piano Analytics | Registers statistical data about the behaviour of ETH website users. | 13 month |
_pcid | Piano Analytics | Registers statistical data about the behaviour of ETH website users. | 24 month |
pa_privacy | Piano Analytics | Determines whether users are located within the EU and thus subject to the EU General Data Protection Regulation (GDPR). | 13 month |
is_author | ETH Zurich | Determines whether a visitor is a user of the ETH content management system. | 6 month |
is_internal ch.ethz.user.isInternal | ETH Zurich | Determines whether a user is connecting from within the ETH network. | Browser session |
user_type ch.ethz.user.user.type | ETH Zurich | Is not stored as an actual cookie, but in local storage. Distinguishes whether the user is an ETH employee or student. | Unlimited |
Login cookies
Cookie name | Provider | Purpose | Duration of storage |
---|---|---|---|
login-token | ethz.ch | Technically necessary to determine immediately whether an ETH user is logged in. | No longer than browser session |
JSESSIONID | ethz.ch | Allocates the retrieval of visited ETH pages to a session, so that particular settings applied during your website visit can remain saved. Is set by the system as standard, but is not used by ETH. | No longer than browser session |
Social networks and other third-party services
ETH does not host any advertising on its web pages. For this reason, we do not store or transfer any personal data to advertising services (such as advertising networks, advertising brokers or exchanges).
When you visit our web pages, we only show content from social media channels with your express consent. You may grant this consent in connection with specific pieces of content or globally via the settings in our cookie preference centre (and, by extension, also revoke it). By doing so, we ensure that no personal data is transferred to the social media platform in question without your explicit consent. If you grant consent, the platform operator may collect personal data via our website depending on the interface provided by the platform. In this case, the terms of service of the platform in question apply. ETH Zurich has no influence over these terms. In the majority of cases, this processing will involve your IP address at a minimum. In the appropriate place, information will be displayed indicating that data may be sent to the external provider when you click on the page. You can find out more about the purpose and scope of data collection and further processing and use of data by the third-party service provider as well as your rights and choice of settings in this regard concerning the protection of your privacy in the privacy policies of the respective third-party providers.
The operator of the respective social media platform is responsible for processing personal data on the social media platforms where we maintain our social media presence. In many cases, the operator will process your personal data when you visit our social media pages regardless of whether you have a user account on the social media platform in question or whether you are logged in, and it does so for its own purposes. Furthermore, the operators usually use cookies and other (cross-device) tracking technologies. In this case, the terms of service of the platform in question apply. ETH Zurich has no influence over these terms.
Logs
We save certain metadata about your user behaviour in log files for troubleshooting purposes and to trace abuse of our web presence. This data includes the IP address, date, time, browser request and information transmitted about the device used, including the operating system and browser. We do not use log files to analyse your user behaviour or associate it with other collected data. We periodically delete this type of data.
Search
For the search function on ethz.ch (including subdomains), we use Google as our search provider. Your search queries are not personalised unlike usual Google searches. We forward the search terms themselves (with ETH Zurich as sender) on to Google. In this case, Google’s terms of service apply. ETH Zurich has no influence over these terms. Moreover, we collect anonymised statistics about common search terms in order to provide auto-complete functionality for user input. Search terms and settings that appear in your personal history or are active when visiting one of our web pages are stored locally in your browser and are not visible to us.
Your rights
You have the right to request information about the processing of your personal data from the responsible departments at no cost and at any time. To do this, get in touch with your direct point of contact or with the contact named in the legal notice. Additional rights such as the right to data erasure, data rectification, restriction of data processing and the right to data portability are in place as prescribed by law.
The collection of certain data for the purpose of making the website available and the storage of data in log files is strictly necessary to operate our website. As such, there is no right to object to this on the part of users of our website. We do not use log files to analyse your user behaviour or associate it with other collected data.
Data security
During website visits, ETH Zurich uses encrypted data communication based on TLS in conjunction with the highest level of encryption supported by your browser. You will recognise whether a particular web page is being transmitted over an encrypted connection by the closed key or lock symbol in your browser’s address bar.
When processing your data, ETH Zurich also takes appropriate technical and organisational security measures in general to protect your data against accidental or intentional tampering, partial or complete loss, destruction and any unauthorised access by third parties. Our security measures are in line with the current state of technology and are improved accordingly on an ongoing basis.
Operation
The web servers for operating the ETH Zurich website are generally managed by the IT Services department of ETH Zurich itself. Certain services may also be operated by external partners. In these cases, it is particularly important to us that data is processed within Switzerland or the EU and that no data is transferred to countries with an inadequate level of data protection (in accordance with Annex 1 of the Data Protection Ordinance5 [DPO; SR 235.1]) The same data protection requirements apply to external partners as to internally operated applications.
Contact details of our Data Protection Officer
If you have any questions about our Privacy Policy or require more information that your direct point of contact at ETH Zurich cannot provide you with, you can get in touch with our Data Protection Officer at ds@ethz.ch. You can also write to the following address by post: ETH Zurich, Legal Office (Data Protection), Rämistrasse 101, 8092 Zurich, Switzerland.
The Data Protection Officer at ETH Zurich is currently Tomislav Mitar. The supervisory authority for data protection law is the Federal Data Protection and Information Commissioner (FDPIC).
1 external page https://www.sympa.community/sympa
2 external page https://www.inxmail.com/platform
3 external page https://www.atinternet.com/en/data-protection/
4 external page https://support.google.com/tagmanager/answer/9323295?hl=en
5 external page https://www.bj.admin.ch/bj/en/home/staat/datenschutz/internationales/anerkennung-staaten.html