Data Protection Policy & Strategy
With a responsibility for development and implementation of information strategy and associated policies, the Swiss Institute of Management and Innovation ensures that the Institute complies with the Freedom of Information Act, FoIA, the Swiss Federal Act on Data Protection (FADP), we are also involved with developing and implementing policies and staff guidance on Data Protection.
The Swiss Institute of Management and Innovation is committed to processing data in accordance with its responsibilities under the GDPR.
Article 5 of the GDPR requires that personal data shall be:
- processed lawfully, fairly and in a transparent manner in relation to individuals;
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.”
- This policy applies to all personal data processed by the Swiss Institute of Management and Innovation.
- The Responsible Person shall take responsibility for the Swiss Institute of Management and Innovation.’s ongoing compliance with this policy.
- This policy shall be reviewed at least annually.
- The Swiss Institute of Management and Innovation shall register with the Information Commissioner’s Office as an organisation that processes personal data.
- To ensure its processing of data is lawful, fair and transparent, the Swiss Institute of Management and Innovation shall maintain a Register of Systems.
- The Register of Systems shall be reviewed at least annually.
- Individuals have the right to access their personal data and any such requests made to the Swiss Institute of Management and Innovation shall be dealt with in a timely manner.
- All data processed by the charity must be done on one of the following lawful bases: consent, contract, legal obligation, vital interests, public task or legitimate interests (see ICO guidance for more information).
- The Swiss Institute of Management and Innovation shall note the appropriate lawful basis in the Register of Systems.
- Where consent is relied upon as a lawful basis for processing data, evidence of opt-in consent shall be kept with the personal data.
- Where communications are sent to individuals based on their consent, the option for the individual to revoke their consent should be clearly available and systems should be in place to ensure such revocation is reflected accurately in the SIMI’s systems.
- The Swiss Institute of Management and Innovation shall ensure that personal data are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
- SIMI use Eduner systems as Learning Management Systems and University Management Systems
- The Swiss Institute of Management and Innovation shall take reasonable steps to ensure personal data is accurate.
- Where necessary for the lawful basis on which data is processed, steps shall be put in place to ensure that personal data is kept up to date.
- To ensure that personal data is kept for no longer than necessary, the Swiss Institute of Management and Innovation shall put in place an archiving policy for each area in which personal data is processed and review this process annually.
- The archiving policy shall consider what data should/must be retained, for how long, and why.
- The Swiss Institute of Management and Innovation shall ensure that personal data is stored securely using modern software that is kept-up-to-date.
- Access to personal data shall be limited to personnel who need access and appropriate security should be in place to avoid unauthorised sharing of information.
- When personal data is deleted this should be done safely such that the data is irrecoverable.
- Appropriate back-up and disaster recovery solutions shall be in place.
In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, the Charity shall promptly assess the risk to people’s rights and freedoms and if appropriate report this breach to the ICO.
Copyright is an intellectual property right that provides automatic protection against unauthorised reuse of original creative works. Switzerland copyright law gives exclusive rights to creators and owners of copyright to control how their works are used (copyright restrictions) and sets out limitations to copyright for users in specific circumstances (copyright exceptions).
Copyright does not protect facts or ideas but may protect original expressions of facts or ideas, once ‘fixed’ in a written or otherwise recorded form. Eight categories of work can be protected: literary, dramatic, musical and artistic works, and sound recordings, films, broadcasts and the typographical arrangement of published editions.
Navigating copyright issues often involves consideration of the context and an element of judgement: what you’re allowed to do with protected works depends largely on the nature of the material and the purpose of your intended use. These pages are structured around the main ways you are likely to use and create copyright work in the course of teaching and research.
The Institute is committed to acknowledging and protecting the copyright of rights holders and adhering fully to the terms and conditions of the licences it holds. The SIMI copyrights policy applies to all information used within the scope of SIMI activity and relates to all material covered by relevant legislation.
All staff, other individuals working on behalf of the Institute, students and visitors must comply with copyright legislation and regulations in every endeavour.
Any use of third-party copyright content in research and teaching material that is not covered by a special licence or exception in the Copyright Act should only occur with the express written permission or licence from the copyright-holder. Using third-party material for other activities, including but not limited to promotion or marketing, general administration, publication, public lectures or performances requires permission from the rights-holder. All staff, other individuals working on behalf of the Institute, students and visitors must ensure necessary permissions or licences are obtained during the development of a project and prior to its completion. Copyright records should be captured in line with the Information Management Framework – Governing Policy and associated procedures.
Failure to comply is unacceptable and exposes the Institute to unnecessary risk.
The Institute will investigate allegations of, and impose penalties for, copyright infringement by staff and students of the Institute. Disciplinary proceedings, including termination or expulsion, may be initiated against those responsible for misconduct in accordance with the Staff Code of Conduct – Governing Policy and Student Conduct – Governing Policy.
All academic staff are to adhere to the statutory licences provided for in the Copyright Act. Under these licences, text, artistic works and broadcasts can be used in teaching materials. Anyone involved in the production, reproduction or delivery of teaching materials at the Institute must be familiar with their obligations under the statutory licences, including copying limits, communication restrictions and labelling requirements. These licences require the use of copyright notices near copying equipment, in classroom presentations and on the learning management system. Academic staff are also required to participate in periodic surveys as required by contractual obligation and legislation. More detailed information can be found on UMS (the staff intranet).
All staff, other individuals working on behalf of the Institute, students and visitors who use musical works and sound recordings must familiarise themselves with the conditions of the music licence. The licence covers reproduction, public performance and communication within strict guidelines. Those involved in the development, production, reproduction or delivery of teaching material or coursework, Institute events, or any Institute activity involving music, must ensure they understand and meet the terms of the licence. Labelling requirements, the hire of Institute facilities, public screenings, student-run events and ticketed functions require particular attention. Staff are required to cooperate with any sampling exercises that arise as part of this licence. More information about the music licence can be found on the Institute intranet.
Academic staff must ensure that material included in Books of Readings complies with the statutory licence provided for in the Copyright Act, unless written permission or a licence has been granted by the copyright-holder. Content sourced from Library databases should not be incorporated into Books of Readings, unless permitted by the individual licence terms.
The Institute’s position on the ownership of copyrighted material created by staff, other individuals working on behalf of the Institute, and students is outlined in the Intellectual Property – Governing Policy. Staff and students should, where possible, make use of open access content in the development and delivery of material. Open access should be a consideration when publishing.
The Institute is required to ensure its networks, facilities and equipment are not used to infringe copyright. Staff, other individuals working on behalf of the Institute, students and visitors are not permitted to unlawfully download, receive, copy, compress, store, transfer, distribute or share copyrighted material. Institute staff, students, visitors and other individuals should not knowingly use or provide links to unlawful material or websites. Directing others to such material is to authorise an infringement and could have both disciplinary and legal consequences.
Any notices from third-parties alleging Institute material or activities infringe copyright shall be promptly investigated and actioned, as required. Any correspondence relating to allegations of copyright infringement should be sent to the Information Officer (Copyright and Compliance), as per the Copyright Infringement/Takedown Notice – Procedures.
Receipt of a copyright infringement notice does not indicate the Institute’s acceptance that the material identified has been used unlawfully.
Staff of the Institute who feel their copyright, or the institution’s copyright, has been infringed should contact the Information Officer (Copyright and Compliance) for guidance.
Moral rights include the right of attribution, the right not to be falsely attributed and the right of integrity. Institute staff and students must ensure that creators of works are acknowledged in every instance, including in all teaching material and coursework. Works should not be used in a manner that could be construed as derogatory or that could negatively impact the creator’s character or reputation.
The Institute will provide copyright compliance information, advice and support through resources and training prepared, maintained and delivered by the Information Officer (Copyright and Compliance).