About > Data Protection Policy

Your privacy matters to us


We care about the privacy of those who support us. If you are a valued supporter of GreenLamp you are on our mailing list to receive updates, invitations and newsletters.


We want to make sure we are in line with the new European regulations (General Data Protection Regulations) introduced for your protection in May 2018, so you will find below our full data protection policy.


Please take the time to read our policy and if you have any questions contact us on greenlamp@greenlamp.ch


GreenLamp Data Protection Policy

Why this policy exists

This data protection policy (“Policy”) is issued by GreenLamp or “GL”. The Policy requires that GL:

• Complies with data protection law and follows good practice

• Protects the rights of donors, partners, and all individuals from whom GL collects data

• Is transparent about how it stores and processes individuals’ data

• Protects itself from risks of a data breach


Data protection law

The EU General Data Protection Regulation (GDPR) comes into force on 25th May 2018. At the heart of the GDPR is a requirement for transparency. It is required that individuals understand how GreenLamp collects and uses personal information.

GreenLamp has the following policy and procedures for the collection, holding and use of data:

• The Data Controller is normally part of the role of Treasurer for GreenLamp. Reference herein to Data Controller shall include any person appointed or delegated by the Data Controller to perform specific duties under the Policy.

• Data is normally collected on-line, in routine correspondence, in written form at fundraising or promotional events, when given by a donor, or from bank transfer information at the time of donations.

• GL does not purchase data, nor does it take data from any public sources (such as telephone books, electoral registers or donation websites).  GL does not sell data to any other organisation.

• GL collects and retains the following personal data:

1) Postal addresses and email addresses to enable the production and distribution of receipts for donations.

2) Email addresses for:

a) communication of information about progress of GL sponsored students at our partner the Hamlin College of Midwives;

b) the production of periodic update newsletters;

c) invitations to fundraising and information events;

3) Details of GL sponsored students at the Hamlin College of Midwives, including, for example, their date of birth and general family circumstances, to enable a connection between the student and his or her sponsor(s).

Individuals have the right to request the removal of their personal data from the database at any time by sending an email to the Data Controller.

• Individuals have a right to lodge a complaint with the relevant local body.


For example, in the UK this would be the Information Commissioner’s Office and in Switzerland the Federal Data Protection and Information Commissioner.

• Individuals who have donated to GL are considered as having a legitimate interest in the progress of the aims of GL and to see that their donations have been used wisely and as directed.

• No personal data is ever shared with other organizations, nor is it bought from or sold to commercial mailing lists.

On the GL website, any links to external sites are not the responsibility of GL. Once users click on an external site, they will be subject to the privacy policy of the third-party organization and not that of GL.

Personal data is kept by the Data Controller and is not passed to other members of GL unless specifically authorized by the Data Controller and for a specific purpose relevant to GL their aims and objectives.

All individuals are entitled to know what personal data is held about them and why. Should they wish to know this information, they may request this information from the Data Controller. This data will be released subject to an administration fee of 15CHF/£10 being paid to the GL account, per subject access request. The Data Controller will aim to provide the relevant data within 14 days. The Data Controller will always verify the identity of the person making the subject request before handing over any information.