last updated on Dec 9, 2025
Privacy Policy
What is this Privacy policy about?
1.1. The present Privacy Policy (“Policy”) explains how we process personal data, primarily in relation with the www.principlesforpeace.org website (the “Website”), which includes the Peace Navigator Platform, an AI-powered platform hosted on the Website (the “Platform”), and our dedicated pages on social media, all operated by Principles for Peace Foundation (“Principles for Peace”, “us”, “we”, “our”), whose headquarters is located in Chemin Eugène-Rigot 2C, 1202 Geneva, Switzerland.
1.2. Please read carefully this Policy, which explains how information relating to an identified or identifiable individual (“Personal Data”) will be collected, used and protected, before using the Website, the Platform and the dedicated pages on social media. Your access and use of the Website, the Platform and the dedicated pages on social media are conditional upon your acceptance of, and compliance with this Policy.
1.3. By browsing our Website, our Platform and/or our dedicated pages on social media, you agree to be bound by this Policy and you agree and consent to the collection, use and processing of Personal Data in accordance with this Policy.
1.4. If you do not consent to the terms of this Policy, we kindly ask you not to use our Website, Platform or dedicated pages on social media. However, please note that certain processing activities may be carried out on legal grounds other than consent (legitimate interests or legal obligations) and, accordingly, do not require your consent.
1.5. Please also note that you have the right to withdraw your consent at any time, it being however specified that such withdrawal:
- will not affect the lawfulness of the processing of Personal Data based on your consent before its withdrawal;
- may prevent you from using some features of our Website, Platform or dedicated pages on social media.
Who is the controller for the data processing?
2.1. For each data processing activity, there is a party that is primarily responsible for ensuring compliance, the “Controller”. For the processing described in this Policy, the Controller (also referred to as “we”) is:
Principles for Peace, Chemin Eugène-Rigot 2C, 1202 Geneva, Switzerland.
2.2. If you provide us with data about other individuals, we assume this data is accurate and that you are authorised to share it with us. As we may not directly contact these individuals or inform them about our data processing, we ask you to do so (e.g., by referring them to this Policy).
What Personal Data we collect, and why we collect them?
-
Sources of collection
3.1. Personal Data we collect via our Website, Platform and social media channels are divided into three main categories:
- Cookies, analytics and other similar tools (below B),
- Personal Data you provide to us (below C),
- Personal Data that may be included in external sources processed by the Platform (below D).
- Cookies and other similar technologies
With regard to Personal Data collected by cookies and other similar technologies that may be present on our Website or Platform, as well as the processing of these Personal Data and its justification, we refer to the Cookie Policy available at the following address: https://principlesforpeace.org/cookie-policy-eu/#cmplz-cookies-overview
- Personal Data you provide to us
a) What Personal Data you provide us?
3.9. We collect Personal Data offered by you voluntarily when, on our Website or Platform, you:
- Register on our Platform,
- Use our Platform, including its chat interface,
- Subscribe to our email list,
- Make a payment or donation in our favor.
3.10. This Personal Data includes all data you provide to us, for example your name and e-mail address, as well as any other Personal Data that can be entered during your registration on our Platform, in your subscription to our newsletter or in your inputs to our Platform’s chatbot.
3.11. To register on our Platform, you may create a login via Firebase Authentication provided by Google LLC and stored by the latter. The processing of Personal Data by Firebase Authentication is also governed by Firebase’s Privacy Policy, which can be accessed at: https://firebase.google.com/support/privacy/.
b) Subscribe to our email list
3.12. When you subscribe to our newsletter, we collect and process your email address and, where applicable, your name and any other information you voluntarily provide. These data are transmitted to and processed through our email list Management Provider.
3.13. We use the services of an email list Management Provider to manage newsletter subscriptions, send email communications, and analyze engagement to improve our content and services.
3.14. The processing of your Personal Data for newsletter delivery is based on your consent (Article 6(1)(a) GDPR) when you subscribe, and on our legitimate interest (Article 6(1)(f) GDPR) in maintaining effective communication with our users. Where applicable, Article 31 para. 2 of the Swiss Data Protection Act also applies.
3.15. Our email list Management Provideris based in the EEA and complies with GDPR requirements. Appropriate contractual and technical measures are in place to ensure the security and confidentiality of your data.
3.16. The processing of Personal Data by our email list Management Provider is also governed by its Privacy Policy.
3.17. If you have agreed to receive our newsletter or other communications from us, you can revise your preferences by clicking on the “unsubscribe” link within the e-mail you receive or you can email us.
c) Chat interface interactions on our Platform
3.18. When you use the chat interface on our Platform, you may provide Personal Data which may be stored centrally in Firebase Firestore or Firebase Realtime Database (Google Cloud) under our administration. Authentication metadata collected may include login timestamps, account ID and associated tokens.
3.19. Your messages are transmitted to a backend service running on Google Cloud and operated by us. The service forwards your messages to our AI service provider, OpenAI API or Azure OpenAI API, in order to generate responses. Please note that the cloud and AI service provider’s terms and privacy policies, or those of other third-party service providers involved, may accordingly also apply to the processing and storage of your data.
3.20. The chat history is stored in a database operated by us and may contain Personal Data if you provide it during your interactions. We handle this information in accordance with this Privacy Policy and applicable data protection laws.
1.1.1. Why we collect such Personal Data ?
3.21. We use the Personal Data you provide us with to fulfill the purposes for which you provide the data.
d) Legal basis for processing
3.22. The legal basis we rely on to process the Personal Data you provide us is our overriding legitimate interest, respectively the performance of the task for which these data were transmitted to us (Article 6(1)(f) and, where applicable, Article 6(1)(b) of the GDPR, and Article 31 para. 2 of the Swiss Data Protection Act).
- Personal Data that may be included in external sources processed by the Platform.
a) What Personal Data are concerned?
3.23. The Platform may process Personal Data contained in external sources such as publicly available databases, official registers, professional directories, publications, or other third-party sources.
1.1.2. Why we collect such Personal Data ?
3.24. Such Personal Data are processed to help the completeness and accuracy of the information available on the Platform, to enrich or verify data provided by users, and to enable the proper functioning of the services offered through the Platform (e.g., matching, compliance checks, or contextualization of content).
b) Legal basis for processing:
3.25. The legal basis we rely on to process Personal Data included in external sources is our overriding legitimate interest in ensuring the reliability and relevance of the Platform’s content and services (Article 6(1)(f) GDPR), and, where applicable, the performance of a contract or pre-contractual measures (Article 6(1)(b) GDPR), as well as Article 31 para. 2 of the Swiss Data Protection Act.
4.1. Our Website and Platform may provide links to social media (e.g. Facebook, X, LinkedIn), third-party platforms to process payments, including donations to our projects or subscription payments.
4.2. When you make a payment, your personal and financial information is collected directly by these third-party payment providers and is subject to their respective terms of service and privacy policies. We do not process or store your payment card information or other sensitive financial data on our servers. We may receive Personal Data including limited transaction information from the payment providers, such as confirmation of your payment, the amount, and the date, which we use solely for administrative purposes and to provide you with our services.
4.3. To make a donation in our favor, you may use the “Donate” function on our Website, which will redirect you to our dedicated donation page on the CAF America webpage. The processing of Personal Data by CAF America is governed by its Privacy Policy, which can be accessed at: https://cafamerica.org/privacy-policy/.
4.4. For potential payment processing, our Website may use an external payment-processing software provider. The processing of Personal Data by such provider is governed by this provider’s privacy policy. We may, for example, use Stripe services, provided by Stripe, Inc.. The processing of Personal Data by Stripe is governed by Stripe’s privacy policy, which can be accessed at: https://stripe.com/privacy.
4.5. If you establish a connection with a social network or another website, your browser connects directly to the provider’s servers. Through this integration, the social network or the other website may receive the information that your browser previously collected when you accessed the corresponding page of our Website, Platform or dedicated page on a social media, even if you do not have a profile or are currently not logged in to your account. This information (including your IP address) will be transmitted from your browser directly to a provider’s server and stored there. If you are logged in to your account, the provider can immediately assign the visit to our Website, Platform or our dedicated page on social media to your profile. If you interact with the Website, Platform or our dedicated page on social media, for example by clicking a “Like” or “Share” button, this information will also be transmitted directly to the provider’s server and stored there.
4.6. When you access another website via our Website or our Platform, responsibility for compliance with data protection is to be guaranteed by the respective providers. For information about the purpose and scope of the data collection and the further processing and use of the data by the requested social network or the other website, as well as related rights and settings options for the protection of your privacy, please refer to the privacy policy of the selected provider. We encourage you to read the privacy policies related to social media accounts and other websites you visit.
5.1. Your Personal Data may be transferred to a successor in the event of a merger, dissolution or transfer of some or all of Principles for Peace’s assets, whether as a part of bankruptcy, liquidation or similar proceeding, in which Personal Data held by Principles for Peace about our Website and Platform users is among the assets transferred.
5.2. We may give certain independent contractors and affiliates access to the Personal Data you made available to us through our Website, Platform or our dedicated pages on social media in order to assist us with the operation of our Website, Platform or our dedicated pages on social media, as well as data management and marketing activities. To date, those contractors are the following:
- Hosting company: Infomaniak Network SA, Rue Eugène Marziano 25 1227 Les Acacias Geneva, Switzerland, which stores data in Switzerland.
- Cookies: […]Complianz, which does not data on its own servers, but on the Hosting company’s servers.
- Google Cloude/Firebase: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, which stores data in the EU.
- Open AI: OpenAI Ireland Ltd, 1st Floor, The Liffey Trust Centre, 117-126 Sheriff Street Upper, Dublin 1, D01 YC43, which stores data in the US.
- Azure OpenAI Service: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P521, which stores data in the EU.
- Email list Management Provider: Mailjet SAS, 13 rue de l’Aubrac, Paris, Ile de France 75012, France, which stores data in the EU.
- Sentry (error monitoring system): Functional Software, Inc. (dba Sentry), 45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA, which stores data in the EU.
- Payment processing: Stripe Inc., 510 Townsend Street, San Francisco, CA 94103, USA, which stores data in the US.
5.3. We will take the necessary steps to ensure that your Personal Data is treated securely and in accordance with this Policy and applicable laws.
5.4. The purpose for sharing your Personal Data to the above-mentioned third-party is to support our activities and to maintain and to constantly improve our Website and Platform and the services it offers to our users. The legal basis we rely on to process your personal data is our overriding legitimate interest, respectively the performance of the task for which these data were transmitted to us (Article 6(1)(f) and, where applicable, Article 6(1)(b) of the GDPR, and Article 31 para. 2 of the Swiss Data Protection Act). When the sharing of your Personal Data cannot be justified on our legitimate interests, we will justify the sharing of your Personal Data by your acceptance through the means of our cookie banner.
6.1. We maintain presences on social networks and platforms (e.g., Facebook, X, LinkedIn, YouTube). If you communicate with us, comment on, or share content there, we collect information for communication, marketing, and statistical purposes. Please note that social networks and platform providers also collect and use data (e.g., user behavior) independently, potentially combining it with other data they hold (e.g., for marketing or content personalization).
7.1. We may also transfer your Personal Data (including your communications) if we think it is necessary for security purposes, to investigate possible fraud or other violations of this Policy and/or attempts to harm other users of our Website, Platform or our dedicated pages on social media. Hence, we may share or transfer your Personal Data to investigate, respond to and resolve complaints and issues relating to our Website, Platform or our dedicated pages on social media.
7.2. It is possible that we will need to disclose your Personal Data when required by law or if we have a good faith belief that disclosure is necessary to:
- investigate, prevent or take action regarding suspected or actual illegal activities or to assist government enforcement agencies,
- enforce our agreements with you,
- investigate and defend ourselves against any third-party claims or allegations,
- protect the security or integrity of our Website, Platform or our dedicated pages on social media, or
- exercise or protect the rights and safety of our users, personnel, or others.
7.3. We attempt to notify users about legal demands for their Personal Data when appropriate in our judgment and technically feasible, unless prohibited by law or court order or when the request is an emergency. We may dispute such demands when we believe, in our discretion, that the requests are overbroad, vague or lack proper authority, but we do not promise to challenge every demand.
7.4. The purpose for sharing your Personal Data to the above-mentioned authorities is to comply with our legal obligations (article 6(1)(c) of the GDPR, respectively article 31 para. 1 of the Swiss Data Protection Act).
8.1. We will not sell your Personal Data to third parties. We will not share or otherwise make available your Personal Data to third parties except as provided in this Policy.
9.1. Not all data recipients of Personal Data are located in Switzerland. This includes certain service providers, particularly in IT. These providers may be based in the EU or EEA or in other countries not offering adequate data protection. To address this, we implement appropriate safeguards and, where applicable, rely on adequacy decisions. The list of countries and safeguards can be provided upon request. In some cases, data may be shared abroad without such safeguards as allowed by applicable law, for instance, with your consent.
10.1. We implement appropriate technical and organizational measures to ensure the security of your Personal Data is commensurate with the respective risk. However, absolute data security cannot be guaranteed, and some residual risks may remain.
10.2. In the event of a data breach, or in the event that we suspect a data breach, we will (i) do our best efforts to promptly notify you, where technically feasible, and (ii) cooperate with you to investigate and resolve the data breach, including without limitation by providing reasonable assistance to you in notifying injured third-parties. We will give you prompt access to such records related to a data breach as you may reasonably request; provided that we shall not be required to provide you with records belonging to, or compromising the security of, other users.
10.3. In the event of a data breach, or in the event that we suspect a data breach, we will in addition notify the competent authorities in accordance with applicable law.
11.1. We do not provide services directly to minors or proactively collect their personal information.
11.2. Accordingly, minors may be restricted from participating in certain features of our Website and our dedicated pages on the following social media channels. If we are made aware that we have collected Personal Data from a minor in a manner that is inconsistent with applicable law, we will delete this information as soon as possible.
12.1. We process your Personal Data as long as necessary for the relevant purpose, as long as we have a legitimate interest in its retention (e.g., to enforce legal claims), or as required by statutory retention obligations. Once these periods expire, we delete or anonymize your data. Specific retention periods applicable to your Personal Data will be communicated to you upon request.
13.1. You have certain rights, subject to conditions and restrictions under applicable law:
- You can request a copy of your Personal Data and further information about our data processing.
- You can object to our data processing.
- You can have incorrect or incomplete Personal Data corrected or completed or supplemented by a note of dispute.
- You can request the erasure or restriction of processing of your Personal Data where the legal conditions are met.
- You also have the right to receive the Personal Data that you have provided to us in a structured, common, and machine-readable format, insofar as the corresponding data processing is based on your consent or is necessary for the performance of the contract.
- To the extent that we process data based on your consent, you can withdraw your consent at any time. The withdrawal is only valid for the future, and we reserve the right to continue to process data based on another basis in the event of a withdrawal.
13.2. If you wish to exercise such a right, please feel free to contact us. We will usually have to verify your identity (e.g. by means of a copy of your ID card). You are also free to file a complaint against our processing of your data with the competent supervisory authority, in Switzerland the Federal Data Protection and Information Commissioner (FDPIC).
14.1. We may change this Policy at any time by posting a new version on this page or on a successor page, without prior notification. If we make changes to this Policy, we will notify you through a notice on the Website home page. By continuing to access or use our Website, our Platform or our dedicated pages on social media after those revisions become effective, you agree to be bound by the revised terms. If you do not agree to the new terms, please stop using the Website, the Platform and our dedicated pages on social media.
14.2. However, we will always handle your Personal Data in accordance with the Policy that was in effect at the time of collection.
14.3. The new version will become effective on the date it is posted, which will be listed at the top of the page as the new effective date.
15.1. Our failure to enforce any right or provision of this Policy will not be considered a waiver of those rights.
15.2. If any provision of this Policy is held to be invalid or unenforceable by a court, the remaining provisions of this Policy will remain in effect.
15.3. This Policy constitutes the entire agreement between us regarding the Privacy Policy of our Website, our Platform and our dedicated pages on social media, and supersedes and replaces any prior agreements we might have between us regarding the Website, the Platform and our dedicated pages on social media.
16.1 Should you have questions or complaints regarding this Privacy Policy, please contact us:
- by email: info@principlesforpeace.org
- by mail: Principles for Peace Foundation, Chemin Eugène-Rigot 2A, 1202 Geneva, Switzerland
16.2. Please further note that you have the right to lodge a complaint with a supervisory authority should you consider that your Personal Data is not processed in accordance with this Privacy Policy or in compliance with applicable regulations.
