Webster University Geneva Privacy Statement
Webster understands that privacy is important to all employees. We want all employees to know that we respect their privacy and that we are committed to safeguarding their personal data (see “Personal Data” below). This is why we want to provide everyone with a clear picture of how the Personal Data that is provided to us in connection with working contracts at Webster is processed, managed, and protected by us.
This Staff Privacy Notice (“Privacy Notice”) contains important information regarding our privacy practices and the choices we offer our current and prospective staff/faculty with respect to their Personal Data. If an employee chooses to provide us with personal information, she/he is telling us that she/he understands and accepts the privacy practices detailed in this Privacy Notice and authorizes us to take actions consistent with this Privacy Notice.
We strongly advise all employees to read thoroughly this Privacy Notice in its entirety (see web address below) to understand Webster’s privacy practices in advance of submitting any Personal Data to us. If one has any questions regarding this Privacy Notice or any of our related privacy policies, please do not hesitate to contact the Campus Privacy Manager.
This Privacy Notice will inform about :
- Scope of the Notice
- How We Collect Employees Information
- The Types of Information Webster Collects
- How Webster Uses Current and Prospective Employee Information
- The Bases for Processing Employee Personal Information
- Sharing Employee Personal Information with Others
- International Transfers of Employee Personal Information
- Changes to Employee Personal Information
- How Long We Keep Employee Personal Information
- Rights of all Employees with Respect to their Personal Information
- Privacy Concern Handling Process
- Privacy and Children
- Revisions to this Privacy Notice
- Our Contact Information
(Entire Privacy Notice can be found at http://www.webster.edu/gdpr/employee_applicant_privacy_notice.html)
Employees agree that Fondation Webster can conserve, transfer, amend and erase personal data in relation to their employment relationship. In particular, they agree that personal data or data related to themselves may be transferred to a subsidiary or a parent company of Fondation Webster outside Switzerland, even if this foreign company is submitted to data protection rules not comparable to the ones applicable in Switzerland.
The General Data Protection Regulation (GDPR) is the new European Union (EU) privacy law governing how institutions handle personal data of EU citizens. The regulation went into effect on May 25, 2018. Fines for failing to comply can be up to €20,000,000 or 4% of an institution's annual revenue. Although Webster University Geneva abides by the swiss law on data protection (LPD – Loi sur la protection des données), it has chosen to also respect GDPR requirements as indicated in the Webster global network’s policy.
GDPR outlines several rights of the individual for explicit consent on how personal data can be used, processed, transmitted, as well as how any such data must be protected. As part of compliance, Webster documents the processes it has in place for collecting, using and managing personal data, and maintain records of consent for such data.
As general principles, GDPR says personal data must be:
- Processed fairly, lawfully and in a transparent manner
- Collected for specified, explicit and legitimate purposes and not further processed for other purposes incompatible with the original purpose
- Adequate, relevant and limited to what is necessary in relation to the purposes
- Accurate and kept up to date, rectified without delay
- Kept in a form that permits identification no longer than is necessary
- Processed in a way that ensure appropriate security of the personal data
Personal data refers to “any information relating to an identified or identifiable natural person (‘data subject’)”. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as:
- A name
- An identification number
- Location data
- Online identifier
- Or to one of more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person
Requirements for consent
There are several requirements to establish consent under GDPR:
- Consent must be freely given, specific, informed and unambiguous.
- Consent requires some form of clear affirmative action. ("Opt-out" or silence does not constitute consent).
- Consent must be demonstrable. A record must be kept of how and when consent was given.
- Individuals have the right to withdraw consent at any time.
The GDPR provides the following rights for individuals:
- The right to be informed
- The right of access
- The right to rectification
- The right to erase
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
Further information can be found on