Privacy Policy

With this Privacy Policy, we inform you about the processing of personal data in connection with our activities and operations, including our website at the domain name walden-impact.com. In particular, we inform you which personal data we process, for what purpose, in what manner, and where. We also inform you about the rights of individuals whose data we process.

We have drafted this Privacy Policy in German. If published in another language, the German-language Privacy Policy shall remain authoritative.

For individual or additional activities and operations, we may publish further privacy policies or other data protection information.

We are subject to Swiss law and, where applicable, foreign law — in particular that of the European Union (EU) with the European General Data Protection Regulation (GDPR).

The European Commission recognised, by decision of 26 July 2000, that Swiss data protection law ensures an adequate level of data protection. By report of 15 January 2024, the European Commission confirmed this adequacy decision.

1. Contact details

The party responsible in the data protection sense is:

Bakel Walden
Walden Impact GmbH
c/o SHIFT Integrale Entwicklung AG
Limmatstrasse 291a
8005 Zurich, Switzerland

bakel@walden-impact.com

In individual cases, third parties may be responsible for the processing of personal data, or joint responsibility with third parties may exist. We are happy to provide affected individuals with information about the respective responsibility upon request.

2. Definitions and legal bases

2.1 Definitions

Data subject: A natural person about whom we process personal data.

Personal data: All information relating to an identified or identifiable natural person.

Sensitive personal data: Data relating to trade union, political, religious, or ideological views and activities; data relating to health, the private sphere, or membership of an ethnic group or race; genetic data; biometric data that uniquely identifies a natural person; data relating to criminal or administrative sanctions or proceedings; and data relating to social welfare measures.

Processing: Any handling of personal data, regardless of the means and procedures applied — for example, querying, matching, adapting, archiving, retaining, reading, disclosing, collecting, recording, gathering, deleting, revealing, organising, storing, modifying, disseminating, linking, destroying, and using personal data.

European Economic Area (EEA): Member States of the European Union (EU) as well as the Principality of Liechtenstein, Iceland, and Norway.

2.2 Legal bases

We process personal data in accordance with Swiss law, in particular the Federal Act on Data Protection (FADP) and the Ordinance on Data Protection (ODP).

Where and to the extent that the European General Data Protection Regulation (GDPR) is applicable, we process personal data on the basis of at least one of the following legal grounds:

• Art. 6(1)(b) GDPR — processing necessary for the performance of a contract with the data subject or to take pre-contractual steps.
• Art. 6(1)(f) GDPR — processing necessary for the purposes of legitimate interests pursued by us or by third parties, unless overridden by the fundamental freedoms, fundamental rights, and interests of the data subject. Such interests include in particular the permanent, user-friendly, secure, and reliable conduct of our activities and operations, the safeguarding of information security, protection against misuse, the enforcement of our own legal claims, and compliance with Swiss law.
• Art. 6(1)(c) GDPR — processing necessary for compliance with a legal obligation to which we are subject under applicable law of Member States in the European Economic Area (EEA).
• Art. 6(1)(e) GDPR — processing necessary for the performance of a task carried out in the public interest.
• Art. 6(1)(a) GDPR — processing based on the consent of the data subject.
• Art. 6(1)(d) GDPR — processing necessary to protect the vital interests of the data subject or another natural person.
• Art. 9(2) et seq. GDPR — processing of special categories of personal data, in particular with the consent of the data subjects.

3. Nature, scope, and purpose of the processing of personal data

We process those personal data that are necessary to conduct our activities and operations in a permanent, user-friendly, secure, and reliable manner. The personal data processed may fall in particular into the categories of browser and device data, content data, communication data, metadata, usage data, master data including inventory and contact data, location data, transaction data, contract data, and payment data. The personal data may furthermore constitute sensitive personal data.

We also process personal data that we receive from third parties, obtain from publicly accessible sources, or collect in the course of our activities and operations, where such processing is permissible.

We process personal data, where necessary, with the consent of the data subjects. We may process personal data without consent in many cases — for example, to fulfil legal obligations or to safeguard overriding interests. We may also request the consent of data subjects where their consent is not required.

We process personal data for the duration necessary for the respective purpose. We anonymise or delete personal data in particular in accordance with statutory retention and limitation periods.

4. Disclosure of personal data

We may disclose personal data to third parties, have it processed by third parties, or process it jointly with third parties. Such third parties may include, for example, specialist service providers whose services we use. Such third parties may in turn disclose personal data to other third parties.

In the course of our activities and operations, we may disclose personal data in particular to banks and other financial service providers, authorities, educational and research institutions, consultants and lawyers, accounting and fiduciary service providers, debt collection agencies, interest groups, IT service providers, cooperation partners, credit and commercial information agencies, logistics and shipping companies, marketing and advertising agencies, media, parent, sister, and subsidiary companies, organisations and associations, social institutions, telecommunications companies, insurers, and payment service providers.

5. Communication

We process personal data in order to communicate with individuals, as well as with authorities, organisations, and companies. In doing so, we process in particular data that a data subject provides us when making contact — for example, by post or email. We may store such data in an address book or using comparable tools.

Third parties who transmit data about other persons to us are legally obliged to ensure data protection for those data subjects independently. They must in particular ensure that they are permitted to transmit such data and must also guarantee the accuracy of the data transmitted.

6. Data security

We implement appropriate technical and organisational measures to ensure a level of data security commensurate with the respective risk. Our measures serve in particular to ensure the confidentiality, availability, traceability, and integrity of the personal data processed — without, however, being able to guarantee absolute data security.

Access to our website and our other digital presence is secured by means of transport encryption (SSL / TLS, in particular via the Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers display a warning when visiting a website without transport encryption.

Our digital communication is — like digital communication in general — subject to mass surveillance without cause or suspicion by security authorities in Switzerland, the rest of Europe, the United States of America (USA), and other countries. We have no direct influence over the corresponding processing of personal data by intelligence services, police authorities, and other security agencies. We also cannot exclude the possibility that a data subject is subject to targeted surveillance.

7. Personal data abroad

We process personal data as a general rule in Switzerland and in the European Economic Area (EEA). We may, however, also export or transmit personal data to other states, in particular to process it or have it processed there.

We may export personal data to all countries on earth and elsewhere in the universe, provided that the law there ensures an adequate level of data protection pursuant to a decision of the Swiss Federal Council and — where and to the extent that the GDPR is applicable — also pursuant to a decision of the European Commission.

We may transfer personal data to countries whose law does not ensure adequate data protection, provided that data protection is guaranteed for other reasons — in particular on the basis of standard contractual clauses or with other appropriate safeguards. In exceptional cases, we may export personal data to countries without adequate or appropriate data protection if the special data protection law requirements for doing so are met — for example, the express consent of the data subjects or a direct connection with the conclusion or performance of a contract. We are happy to provide data subjects with information about any guarantees or a copy of any guarantees upon request.

8. Rights of data subjects

8.1 Data protection rights

We grant data subjects all rights under applicable law. Data subjects have in particular the following rights:

• Right of access: Data subjects may request information as to whether we process personal data about them and, if so, what personal data is involved. Data subjects also receive the information necessary to assert their data protection rights and to ensure transparency. This includes the personal data itself, as well as, amongst other things, information on the purpose of processing, the retention period, any disclosure or export of data to other countries, and the source of the personal data.
• Right to rectification and restriction: Data subjects may have inaccurate personal data corrected, incomplete data completed, and the processing of their data restricted.
• Right to express a view and to human review: In the case of decisions based solely on automated processing of personal data that have a legal effect on data subjects or significantly affect them (automated individual decisions), data subjects may express their own view and request review by a human being.
• Right to erasure and right to object: Data subjects may request the deletion of personal data (the “right to be forgotten”) and object to the processing of their data with effect for the future.
• Right to data portability: Data subjects may request the disclosure of personal data or the transfer of their data to another controller.

We may defer, restrict, or refuse the exercise of rights by data subjects to the extent permitted by law. We may draw data subjects’ attention to any requirements that must be fulfilled in order to exercise their data protection rights. We may, for example, refuse to provide information in whole or in part with reference to confidentiality obligations, overriding interests, or the protection of other individuals. We may also, for example, refuse to delete personal data in whole or in part — in particular with reference to statutory retention obligations.

In exceptional cases, we may charge a fee for the exercise of rights. We will inform data subjects of any applicable fees in advance.

We are obliged to identify data subjects who request information or assert other rights using appropriate measures. Data subjects are required to cooperate in this process.

8.2 Legal protection

Data subjects have the right to enforce their data protection rights through legal proceedings or to lodge a complaint with a data protection supervisory authority.

The data protection supervisory authority for private controllers and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

European data protection supervisory authorities are organised as members of the European Data Protection Board (EDPB). In some Member States of the European Economic Area (EEA), data protection supervisory authorities are organised on a federal basis — in particular in Germany.

9. Use of the website

9.1 Cookies

We may use cookies. Cookies — both our own cookies (first-party cookies) and cookies from third parties whose services we use (third-party cookies) — are data stored in the browser. Such stored data need not be limited to traditional text-format cookies.

Cookies may be stored temporarily in the browser as “session cookies” or for a defined period as so-called persistent cookies. Session cookies are deleted automatically when the browser is closed. Persistent cookies have a defined storage duration. Cookies enable, in particular, a browser to be recognised on the next visit to our website, thereby allowing us to measure, for example, the reach of our website. Persistent cookies may also be used for online marketing purposes.

Cookies may be deactivated, restricted, or deleted in full or in part at any time via the browser settings. Browser settings frequently also permit the automated deletion and other management of cookies. Without cookies, our website may no longer be fully available. We actively seek — at least where and to the extent required under applicable law — express consent to the use of cookies.

9.2 Server log files

We may log at least the following information for each access to our website and our other digital presence, provided that such information is routinely determined or transmitted during such access to our digital infrastructure: date and time including time zone, IP address, access status (HTTP status code), operating system including user interface and version, browser including language and version, the specific sub-page of our website accessed including the volume of data transferred, and the last web page accessed in the same browser window (referrer).

We log such information — which may also constitute personal data — in log files. This information is necessary in order to provide our digital presence on a permanent, user-friendly, and reliable basis. The information is also necessary in order to ensure data security — including by or with the assistance of third parties.

9.3 Tracking pixels

We may incorporate tracking pixels into our digital presence. Tracking pixels are also referred to as web beacons. Tracking pixels — including those from third parties whose services we use — are typically small, invisible images or scripts formulated in JavaScript that are automatically retrieved when our digital presence is accessed. Tracking pixels can capture at least the same information as the logging of data in log files.

10. Social media

We maintain a presence on social media platforms and other online platforms in order to communicate with interested individuals and to provide information about our activities and operations. In connection with such platforms, personal data may also be processed outside Switzerland and the European Economic Area (EEA).

The general terms and conditions (GTCs) and terms of use, as well as the privacy policies and other provisions of the individual operators of such platforms, apply in each case. These provisions inform users in particular about the rights of data subjects directly vis-à-vis the respective platform — including, for example, the right of access.

11. Third-party services

We use the services of specialist third parties in order to conduct our activities and operations on a permanent, user-friendly, secure, and reliable basis. By means of such services, we may, amongst other things, embed functions and content into our website. When content is embedded in this way, the services used necessarily capture, at least temporarily, the IP addresses of users for technical reasons.

For necessary security-related, statistical, and technical purposes, third parties whose services we use may process data in connection with our activities and operations in aggregated, anonymised, or pseudonymised form — for example, performance or usage data required in order to provide the respective service.

11.1 Digital infrastructure

We use the services of specialist third parties in order to access the digital infrastructure required for our activities and operations. These include, for example, hosting and storage services from selected providers.

In particular, we use:

• Cyon: Hosting; provider: cyon AG (Switzerland); data protection information: “Data Protection”, Privacy Policy.

11.2 Fonts

We use third-party services to embed selected fonts as well as icons, logos, and symbols into our website.

In particular, we use:

• Adobe Fonts: Fonts; providers: Adobe Inc. (USA) for users in North America / Adobe Systems Software Ireland Limited (Ireland) for users in the rest of the world; data protection information: “Adobe Privacy Centre”, Privacy Policy (Adobe Fonts), Privacy Policy (Adobe), “Privacy Questions”, “Adobe Privacy Settings”, Cookie Policy.

12. Final notes on the Privacy Policy

We created this Privacy Policy using the data protection generator from Datenschutzpartner on 22 May 2026.

We may update this Privacy Policy at any time. We will notify you of updates by publishing the current version of the Privacy Policy on our website.