Who is eligible for support from WILLEN:ORG?

Led by registered nonprofits or groups with clear social missions. Demonstrate measurable positive impact plans. Align with collaboration, transparency, and sustainability values.

What does WILLEN:ORG not support?

For-profit ventures. Initiatives without clear social missions. Projects that discriminate. Misaligned initiatives.

What services does WILLEN:ORG offer?

Growth & Strategy: Strategic planning, organizational development, and growth frameworks to help nonprofits expand their reach. Operations & Technology: Streamlining workflows, implementing technology solutions, and optimizing day-to-day operations. Marketing & Communications: Brand development, digital marketing, storytelling, and communication strategies that amplify your message. Program Design & Impact Measurement: Designing effective programs and building frameworks to measure and communicate real-world impact. We Also Offer Financial Aid to Kickstart or Scale Impactful Projects.

Privacy Policy

Last updated: 2026-02-21

1. Introduction and Scope

This Privacy Policy explains how your personal data is collected, processed, and used when you visit willen.org (the "Website"). It applies to all visitors of the Website.

The responsible party within the meaning of the Swiss Federal Act on Data Protection (nDSG, SR 235.1) and, where applicable, the EU General Data Protection Regulation (GDPR) is:

Maurice Willen
Switzerland
Email: mail@willen.org

We take the protection of your personal data very seriously and process it in compliance with the applicable data protection legislation, in particular the Swiss nDSG and, where applicable, the GDPR.

2. Data Processing When Visiting the Website

When you access the Website, the following technical data is automatically transmitted by your browser to our hosting provider and stored in server log files:

• IP address (anonymised where technically possible)
• Date and time of the request
• HTTP method and requested URL
• HTTP status code
• Volume of data transferred
• Referring URL (previously visited page)
• Browser type and version
• Operating system

This data is necessary for the secure and reliable operation of the Website and is processed on the basis of our legitimate interest (Art. 31 para. 1 nDSG; Art. 6 para. 1 lit. f GDPR). Server log files are retained for a maximum of 30 days and then automatically deleted.

3. Hosting

The Website is hosted by Vercel Inc., 440 N Barranca Ave #4133, Covina, CA 91723, USA ("Vercel"). When you visit the Website, your personal data (in particular the technical data described in Section 2) is processed on Vercel's servers, which may be located outside of Switzerland and the European Economic Area (EEA).

Vercel is certified under the EU-U.S. Data Privacy Framework and provides appropriate safeguards in accordance with Art. 16 et seq. nDSG and Art. 46 GDPR.

For more information, see Vercel's privacy policy: https://vercel.com/legal/privacy-policy

4. Contact via Email

If you contact us by email, the personal data you provide (e.g. name, email address, message content) will be processed solely for the purpose of handling and responding to your inquiry.

The legal basis for this processing is your consent by initiating contact (Art. 31 para. 1 nDSG; Art. 6 para. 1 lit. a GDPR) and, where applicable, our legitimate interest in responding to your request (Art. 6 para. 1 lit. f GDPR).

Your data will be retained for as long as necessary to process your inquiry and for any applicable statutory retention periods. It will be deleted once it is no longer required.

5. Cookies

Cookies are small text files that are stored on your device when you visit a website.

5.1 Essential Cookies
We use technically essential cookies that are required for the basic functioning of the Website. These cookies do not require your consent under Swiss law (Art. 45c para. 3 FMG) or the GDPR (Art. 5 para. 3 ePrivacy Directive).

5.2 Analytics Cookies (Google Analytics 4)
With your explicit consent, we use Google Analytics 4 (GA4), a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). GA4 uses cookies to enable the analysis of your use of the Website.

The information generated by the cookie about your use of the Website is transmitted to and stored on Google servers, which may be located in the USA. We have activated IP anonymisation, so that your IP address is shortened by Google within the EU/EEA before transmission.

Google Analytics 4 sets the following cookies:
• _ga — Distinguishes unique users. Duration: 2 years.
• _ga_[ID] — Maintains session state. Duration: 2 years.

You may revoke your consent at any time by clearing your browser cookies and reloading the Website. The cookie consent banner will reappear, allowing you to make a new choice.

For more information, see Google's privacy policy: https://policies.google.com/privacy

You can also prevent data collection by Google Analytics by installing the Google Analytics Opt-out Browser Add-on: https://tools.google.com/dlpage/gaoptout

6. Purpose of Data Processing

We process personal data for the following purposes:

• Providing, operating, and maintaining the Website
• Responding to inquiries and communications
• Analysing the use of the Website to improve its content and functionality (only with your consent)
• Ensuring the security of the Website and preventing misuse
• Fulfilling legal obligations

7. Legal Basis for Processing

Depending on the specific processing activity, we rely on the following legal bases:

• Your consent (Art. 31 para. 1 nDSG; Art. 6 para. 1 lit. a GDPR) — in particular for analytics cookies
• Our legitimate interests (Art. 31 para. 1 nDSG; Art. 6 para. 1 lit. f GDPR) — in particular for the operation and security of the Website
• Compliance with legal obligations (Art. 6 para. 1 lit. c GDPR)

Where processing is based on consent, you have the right to withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing carried out prior to withdrawal.

8. Data Sharing and Recipients

We do not sell, trade, or rent your personal data. Your data may be disclosed to the following categories of recipients:

• Vercel Inc. — Hosting and content delivery
• Google Ireland Limited — Web analytics (only with your consent)

All service providers are contractually bound to process data exclusively in accordance with our instructions and to implement appropriate technical and organisational measures to protect your data.

We do not engage in automated decision-making or profiling within the meaning of Art. 21 nDSG or Art. 22 GDPR.

9. International Data Transfers

Some of our service providers are based in the United States. In such cases, we ensure that appropriate safeguards are in place:

• EU-U.S. Data Privacy Framework certification
• Standard Contractual Clauses (SCCs) approved by the European Commission and recognised by the Swiss Federal Data Protection and Information Commissioner (FDPIC)

The FDPIC maintains a list of countries with adequate data protection levels. For transfers to countries not on this list, we rely on the safeguards described above.

10. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy or as required by law.

• Server log files: Maximum 30 days
• Email correspondence: For the duration of the business relationship and any applicable statutory retention periods
• Analytics data: 14 months (Google Analytics default retention period)
• Cookie consent preferences: Stored locally in your browser until you clear your data

Once the retention period expires, data is securely deleted or anonymised.

11. Your Rights

Under the nDSG and, where applicable, the GDPR, you have the following rights:

• Right of access — You may request information about whether and what personal data we process about you (Art. 25 nDSG; Art. 15 GDPR).
• Right to rectification — You may request the correction of inaccurate personal data (Art. 32 para. 1 nDSG; Art. 16 GDPR).
• Right to erasure — You may request the deletion of your personal data, provided there is no overriding legal basis for its continued processing (Art. 17 GDPR).
• Right to restriction of processing — You may request the restriction of processing under certain conditions (Art. 18 GDPR).
• Right to data portability — You may request to receive your data in a structured, commonly used, and machine-readable format (Art. 28 nDSG; Art. 20 GDPR).
• Right to object — You may object to data processing based on legitimate interests (Art. 21 GDPR).
• Right to withdraw consent — You may withdraw any consent given at any time with future effect.

To exercise your rights, please contact us at mail@willen.org. We will respond within 30 days.

You also have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC), Feldeggweg 1, 3003 Bern (https://www.edoeb.admin.ch), or, where applicable, with a competent EU supervisory authority.

12. Data Security

We implement appropriate technical and organisational security measures in accordance with Art. 8 nDSG to protect your personal data against unauthorised access, loss, destruction, or alteration. These measures include:

• TLS/HTTPS encryption for all data in transit
• Secure hosting infrastructure with access controls
• Regular review of security practices

Despite these measures, no method of transmission or storage is completely secure. We cannot guarantee the absolute security of your data.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our data practices or legal requirements. The current version is always available on this page with the date of the last update.

We recommend reviewing this Privacy Policy periodically.

14. Contact

If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact:

Maurice Willen
Email: mail@willen.org