Legal

Impressum

Fachverein Informatik ICU

Binzmühlestrasse 14

8050 Zürich

Switzerland


Kontaktinformationen:

Telefon: +41 44 635 71 63

E-mail: board@icuzh.ch

Bevollmächtigte Vertreter:

Nils Reusch (Präsident)

Chiara Wooldridge (Vize-Präsidentin)


Eingetragener Sitz: Schweiz

Registergericht: Zürich

UID: CHE-395.791.502


Privacy Policy

Effective date: February 24, 2026

This Privacy Policy explains how Fachverein Informatik ICU ("we", "us", "our") collects and processes personal data when you use https://icuzh.ch (the "Website").

We are a student association of the University of Zurich and are based in Switzerland. We process personal data in accordance with the Swiss Federal Act on Data Protection (FADP) and other applicable Swiss law.

1. Controller

Fachverein Informatik ICU  

Binzmühlestrasse 14  

8050 Zurich  

Switzerland


Email: tech@icuzh.ch

2. Scope

This Privacy Policy applies to personal data processed through:

  • Account creation and account management
  • Membership subscriptions
  • Event ticketing
  • Product sales
  • Website analytics and operational security

3. Categories of Data We Process

Depending on your use of the Website, we may process:

  • Identity and contact data: full name, email address, university email address (if applicable)
  • Membership and account data: student ID, Stripe customer ID, login identifiers
  • Billing data: billing address (street, ZIP, city, country), subscription status
  • Ticket and order data: event registrations, ticket identifiers, QR code data, order information
  • Communications data: messages and email preferences
  • Technical data: basic usage and device/browser metadata collected through Vercel Analytics
  • Future optional profile data: semester status and major/minor, if introduced

We do not intentionally process sensitive personal data.

Required fields are marked during sign-up and checkout. If required data is not provided, we may be unable to create an account, provide membership services, issue tickets, or complete purchases.

4. Data Sources

We receive personal data:

  • Directly from you (for example during sign-up, purchases, and support requests)
  • From University of Zurich Azure Active Directory, if you use university login
  • From Stripe, limited to payment and subscription metadata required for our records
  • From our hosting and analytics systems (Vercel) for technical operation and performance analysis

Under Swiss law, we process data for the following purposes and legal bases:

  • Service delivery and account operation: contract performance
  • Membership subscriptions, tickets, and product sales: contract performance
  • Payment processing and accounting compliance: contract performance and legal obligations
  • Security, fraud prevention, and system integrity: legitimate interests
  • Website performance measurement (Vercel Analytics): legitimate interests
  • Newsletter delivery via Mailchimp (if you opt in): consent
  • Transactional and important account communications: contract performance and legitimate interests

6. Payments

All payments are processed by Stripe. Card and bank details are collected and stored by Stripe, not by us. We keep only the payment-related identifiers and status information needed to manage memberships, orders, and accounting.

7. Authentication

You may sign in through University of Zurich Azure Active Directory. In that case, we receive the identity attributes needed for authentication and account linking, such as your university email address and related login identifiers.

8. Tickets and Product Sales

We currently deliver tickets digitally (for example via QR code and event pickup/check-in workflows). We do not currently store shipping addresses. If physical shipping is introduced later, this policy will be updated before that processing begins.

9. Newsletter and Emails

If you subscribe to newsletters, we process your email through Mailchimp based on your consent. You can unsubscribe at any time.

We may still send essential non-marketing emails for account, membership, ticket, order, or legal/operational notices.

10. Cookies and Analytics

We use Vercel Analytics to understand website usage and performance. Vercel Analytics may use cookies or similar technologies depending on implementation. You can control cookies through your browser settings.

11. Recipients and Processors

We share data only where necessary, especially with:

  • Stripe (payment processing)
  • Vercel (hosting and analytics)
  • Mailchimp (newsletter delivery, if opted in)
  • Microsoft / University of Zurich Azure Active Directory (authentication, if used)

12. International Transfers

Some processors may process data outside Switzerland.

Typical destination countries/regions include:

  • Stripe: Switzerland, EEA/EU, and the United States (depending on account and processing flow)
  • Vercel: EEA/EU and the United States (depending on deployment and analytics setup)
  • Mailchimp: United States
  • Microsoft / Azure Active Directory: EEA/EU and the United States

Where required, we rely on appropriate safeguards under Swiss law, such as contractual protections (for example standard contractual clauses) and recognized adequacy mechanisms.

13. Retention

We keep personal data only as long as needed for the purposes above, unless legal obligations require longer retention.

General retention approach:

  • Account and membership data: kept while the account is active and as needed afterward for legitimate operational reasons
  • Deletion requests: personal data is deleted within up to 30 days, unless retention is legally required
  • Financial and transaction records: retained as required by law (typically up to 10 years for accounting/tax records)
  • Ticket and event data: may be deleted or anonymized when no longer necessary

14. Your Rights

Under Swiss law, you may have the right to:

  • Request information about your personal data
  • Request correction of inaccurate data
  • Request deletion, subject to legal retention obligations
  • Object to or request restriction of processing in certain cases
  • Withdraw consent for consent-based processing (for example newsletters)
  • Request data portability for data processed in an automated manner based on consent or contract, where legally and technically applicable

To exercise your rights, contact: tech@icuzh.ch

15. Security

We apply appropriate technical and organizational measures to protect personal data from unauthorized access, loss, alteration, or misuse. No system can be fully secure.

16. Automated Decisions

We do not use automated individual decision-making that produces legal or similarly significant effects on users.

If this changes, we will update this Privacy Policy, inform affected users as required by Swiss law, and provide a way to request human review where legally required.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The current version is published on the Website with the effective date above.