Website Terms and Conditions
and Student Data Consent Form

Youth Career Accelerator in Health - Geneva Workshop

Geneva, Switzerland

Privacy and Student Data Consent Notice

Data Controller / Responsible Organisation

The organisation responsible for deciding how registration and participant data is used is: Empower School of Health / Empower Swiss, [Chemin des Mines, 2 Secheron Geneva 1202, Switzerland], (the "Controller" or "Responsible Organisation").

Categories of Personal Information Collected

Depending on the registration form and programme requirements, the organisers may collect:

• Identity and contact details: name, email, phone number, country, city, nationality, age/date of birth if required, emergency contact if required.
• Education and career details: school/university/employer, degree/programme, year of study, field of interest, CV or LinkedIn profile if requested, professional background, motivation statement, career interests, session preferences, and workshop expectations.
• Administrative information: registration status, payment status, invoice details, scholarship or discount information, attendance, certificate eligibility, dietary/accessibility needs where provided, travel or visa support information where necessary.
• Communication and engagement data: email interactions, survey responses, feedback, questions submitted, mentor matching preferences, and post-workshop outcomes where voluntarily provided.
• Technical data: IP address, browser/device information, cookies or analytics data where the webpage uses such tools, subject to applicable cookie notice and consent requirements.
• Optional media data: photos, videos, testimonials, quotes, and interview responses, where separately consented to or lawfully collected.

Sensitive Data and Special Categories

The organisers should avoid collecting sensitive personal data unless necessary for participation, safety, accessibility, legal compliance, or participant support.

If health, disability, dietary, religious, biometric, passport/visa, or other sensitive information is collected, it should be limited to what is necessary, clearly explained, protected with enhanced safeguards, and processed only where a valid legal basis exists, including explicit consent where required.

Purposes of Processing

Personal information may be used for the following purposes:

1. To receive, assess, and manage registrations, applications, expressions of interest, waiting lists, admissions, and participant eligibility.
2. To communicate with applicants and participants about application status, programme details, payments, logistics, preparation, schedules, site visits, certificates, surveys, and follow-up.
3. To plan and deliver the Workshop, including participant support, grouping, mentoring, speaker engagement, site visits, attendance, safeguarding, accessibility, and operational administration.
4. To analyse participant interests, profiles, preferred career pathways, learning needs, feedback, attendance, and outcomes in aggregated or de-identified form for programme improvement, reporting, and impact assessment.
5. To share limited participant information with Programme Partners, speakers, mentors, venue providers, service providers, and site visit hosts where necessary for programme delivery, security, certificates, reporting, or participant opportunities.
6. To comply with legal, accounting, tax, audit, security, contractual, institutional, or regulatory obligations.
7. To send optional updates about future educational programmes, career opportunities, scholarships, alumni engagement, and related initiatives, where consent has been given or where otherwise permitted by law.

Legal Bases for Processing

The organisers may rely on one or more of the following legal bases, depending on the processing activity and applicable law:

• Consent: for optional marketing, optional alumni engagement, optional testimonials, optional media use, and sensitive data where explicit consent is required.
• Contract or pre-contractual steps: to process applications, administer registration, confirm participation, issue invoices, and deliver the Workshop.
• Legitimate interests: to manage programme operations, improve the Workshop, analyse aggregated participant interests, protect safety and security, prevent misuse, and communicate necessary programme information, provided participant rights and interests are respected.
• Legal obligation: to comply with accounting, tax, audit, safety, regulatory, or other legal requirements.

Consent Statement for Communication and Analysis

By ticking the relevant consent box and submitting the registration form, the student/applicant confirms:

• I consent to the collection and use of my personal information for registration, programme communication, participant administration, workshop planning, participant support, and certificate or attendance administration.
• I consent to my information being analysed in aggregated or de-identified form to understand participant interests, improve the Workshop, design future programmes, prepare internal reports, and evaluate programme impact.
• I understand that aggregated or de-identified results may be shared with Programme Partners, institutional collaborators, sponsors, or stakeholders, but will not identify me personally unless I separately consent or disclosure is legally required.
• I understand that I may withdraw consent at any time by contacting the privacy contact, and that withdrawal will not affect processing already carried out lawfully before withdrawal.

Sharing of Personal Information

Personal information may be shared only where necessary and proportionate with:

• Programme organisers, authorised staff, project managers, admissions/registration teams, finance teams, mentors, speakers, and support personnel.
• Programme Partners, institutional collaborators, site visit hosts, venue providers, trainers, certificate partners, and event service providers for programme delivery and participant management.
• Technology providers, CRM/email systems, website hosting providers, cloud storage providers, payment processors, analytics providers, survey tools, and other processors acting under appropriate instructions and safeguards.
• Legal, regulatory, governmental, law enforcement, insurance, accounting, audit, or professional advisers where required by law or necessary to protect rights, safety, or legitimate interests.

The organisers should not sell student personal information. Identifiable participant data should not be shared with sponsors or external partners for their own marketing unless the participant has given a separate, specific consent or another valid legal basis applies.

International Data Transfers

Because the Workshop may involve participants, partners, service providers, and cloud systems in different countries, personal information may be transferred or accessed outside Switzerland and the European Economic Area.

Where such transfers occur, the organisers should use appropriate safeguards, such as adequacy decisions, standard contractual clauses, data processing agreements, technical and organisational security controls, and transfer risk assessments where required.

Data Retention

Personal information will be kept only for as long as necessary for the purposes described in this notice, including registration administration, programme delivery, certificates, reporting, finance/accounting, legal compliance, and dispute handling.

Suggested retention schedule:

• Incomplete enquiries or non-selected expressions of interest: up to 24 months unless earlier deletion is requested or longer retention is justified.
• Registered participants: up to 7 years for finance, audit, certificate, and legal record purposes where necessary.
• Optional marketing lists: until consent is withdrawn or the contact is inactive for a defined period.
• Aggregated or de-identified analytics: may be retained for longer because they do not identify individuals.

The final retention periods should be confirmed with legal/accounting advisers and reflected in internal records.

Security Measures

The organisers should implement appropriate technical and organisational measures to protect personal information against unauthorised access, loss, misuse, alteration, or disclosure.

• Access should be limited to authorised personnel and partners with a need to know.
• Files should be stored in secure systems with appropriate permissions, passwords, encryption where appropriate, and audit controls where available.
• Data processors should be assessed and bound by appropriate confidentiality and data processing obligations.
• Sensitive data should be minimised, separated where practical, and protected by enhanced controls.

Student Rights

Subject to applicable law and any legal limitations, students/applicants may have the right to:

• Request access to their personal information.
• Request correction of inaccurate or incomplete information.
• Request deletion of information where there is no overriding legal reason to retain it.
• Object to or restrict certain processing activities.
• Withdraw consent where processing is based on consent.
• Request portability of certain data where GDPR applies.
• Lodge a complaint with a competent data protection authority, including the Swiss Federal Data Protection and Information Commissioner (FDPIC) where applicable.

Minors and Guardian Consent

If applicants under the applicable age of majority are permitted to register, the organisers should obtain consent from a parent or legal guardian before confirming participation.

Suggested guardian wording: I confirm that I am the parent/legal guardian of the applicant named below. I consent to the applicant’s registration and to the processing of their personal information for the purposes described in this notice.

Cookies and Website Analytics

If the registration webpage uses cookies, pixels, analytics tools, advertising tools, embedded videos, or third-party tracking technologies, the webpage should include a cookie notice and, where required, a cookie consent mechanism.

Non-essential analytics or marketing cookies should not be activated unless the user has provided any consent required by applicable law.

Updates to this Notice

This notice may be updated from time to time. The latest version should be published on the registration webpage with the effective date. Material changes should be communicated to registered participants where appropriate.

Reference Notes Used for Alignment

• Swiss Federal Act on Data Protection (FADP), Federal Law Classified Compilation SR 235.1, including principles such as transparency, purpose limitation, proportionality, accuracy, data security, and data subject rights. [source]
• EU General Data Protection Regulation (GDPR), Regulation (EU) 2016/679, including Articles 5, 6, 7, 12-15, 17, 21, and 32 on processing principles, legal bases, consent, transparency, individual rights, and security. [source]
• Swiss Federal Data Protection and Information Commissioner (FDPIC) resources and guidance for the revised Swiss data protection framework. [source]

Implementation Checklist for the Registration Webpage

• Keep the Terms and Conditions checkbox separate from the data consent checkbox.
• Make optional marketing, alumni, testimonial, and media consents separate and unticked by default.
• Do not use pre-ticked boxes for consent.
• Provide a clear privacy contact email and postal address.
• State the exact organiser/legal entity name and registered address.
• Clearly list fees, refund rules, inclusions, exclusions, and cancellation deadlines on the registration page.
• Limit data fields to what is necessary for registration and programme delivery.
• Avoid collecting sensitive data unless necessary; use explicit consent where required.
• Use role-based access controls for registration data and restrict exports/downloads.
• Put data processing agreements in place with CRM, email, form, payment, cloud, survey, and analytics providers.
• Document international transfers and appropriate safeguards.
• Publish a cookie notice and consent tool if non-essential cookies or analytics are used.
• Maintain a consent log showing consent wording, timestamp, user identifier, version, and withdrawal status.
• Create a process to respond to access, correction, deletion, objection, portability, and withdrawal requests.
• Review the final wording with Swiss/EU counsel before publishing.