The California Consumer Privacy Act (CCPA) is a federal law designed to improve the rights to privacy and consumer protection for California residents in the United States. The law was passed by the California legislature and signed by Jerry Brown, Governor of California, on June 28, 2018 to amend Part 4 of Section 3 of the California Civil Code. It has been in force since January 1, 2020.

Source and further information: WIKIPEDIA.

The Data Protection Basic Regulation (GDPR) is a European Union regulation that harmonises the rules on the processing of personal data by most data processors, both private and public, throughout the EU. This is intended to ensure, on the one hand, the protection of personal data within the European Union and, on the other hand, the free movement of data within the European internal market.

The Regulation replaces Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data, which dates from 1995.

Together with the so-called JHA Directive for data protection in the police and judicial sectors, the GDPR has formed the common data protection framework in the European Union since May 25, 2018.

Source and further information: WIKIPEDIA.

The Federal Act on Data Protection (FADP) is Switzerland's data protection law. Its purpose is to protect the personality and fundamental rights of natural and legal persons about whom data is processed.

The ordinance has been in force since 1993 and is currently undergoing a total revision.

The Directive on Privacy and Electronic Communications (also: ePrivacy Directive) is a European Community Directive adopted in 2002 that sets binding minimum standards for data protection in telecommunications. The directive was amended in 2009 and since then has been referred to primarily as the Cookie Law. One of the amendments in the amendment requires, for example, that users give their consent for some types of cookies on websites. This is intended to ensure "that data and media companies no longer record what users search, read or buy on the internet without their consent".

The ePrivacy Directive is not to be confused with the ePrivacy Regulation (ePrivVO), which was intended to replace the ePrivacy Directive, but failed in the European legislative process at the end of 2019 for the time being because the Member States could not agree on a common text.

The Directive and the national transpositions will continue to apply after the entry into force of the basic data protection regulation (Art. 95 DS-GVO). They are to be replaced by a regulation.

Source and further information: WIKIPEDIA.

The law requires any website/app that collects personal information to disclose relevant information to users through specific privacy and cookie notices.

The Privacy Policy must contain certain basic elements that are specific to your particular processing activities, including:

• the contact details of the data controller
• which personal data is processed
• the purposes and methods of processing
• the legal basis of the processing (e.g. consent)
• the third parties who also have access to the data - including third party tools (e.g. Google Analytics)
• Details of the transmission of data outside the European Union (if applicable)
• user rights
• Description of the notification process for changes or updates to the Privacy Policy
• the effective date of the Privacy Policy.

The Cookie Policy expressly describes the different types of cookies that are installed through the Site, any third parties to which these cookies relate - including a link to the relevant documents and opt-out forms - and the purposes of processing.

It should be noted that still many organisations that do not have a website or do their accounting or membership administration manually on paper or with a spreadsheet. The same rules apply to them: they process personal data of natural persons and are therefore subject to GDPR.

Cookies are small files that are used to store or track certain information while a user visits a website.

With regard to data protection, a distinction is made between session cookies and tracking cookies. Today, session cookies are indispensable for the smooth functioning of a website, while tracking cookies analyse the behaviour of users (e.g. Google Analytics). Tracking cookies require the consent of the user (cookie banner).

In addition to providing an easily accessible and accurate cookie policy, in order to adapt a Web site to the Cookie Law, it is also necessary to display an informative cookie banner that refers to a detailed cookie policy on each user's first visit and gives the user the opportunity to decline to install cookies or consent to the installation. Most types of cookies, including those issued by tools such as social sharing buttons, should not be released until the user has given valid consent.

In addition, many third-party networks may limit advertising reachability if you do not have a cookie management system that meets industry standards - which could affect your ability to generate advertising revenue.

If your user has to enter personal data directly on the website/app, e.g. by filling out a contact form, a service registration or a newsletter subscription, it is necessary to obtain a freely given, specific and informed consent. It is also necessary to keep clear records to prove that a valid consent has been obtained.

We use various technical and organizational measures at different levels to protect the personal data of our customers in the best possible way:

• the data is stored exclusively in data centres that are at least ISO 27001 certified
• for the fccDataPrivacy website as well as for the fccDataPrivacy Admin Portal, regular independent CyberSecurity Scans are carried out and possible findings are implemented as quickly as possible
• access to the data is protected by defined password rules and a two-factor authentication (for the website as well as the Admin Portal)