GDPR Compliance Statement

GDPR & Swiss nFDAP Compliance Statement


Rushford Business School is committed to safeguarding the privacy and personal data of our students, staff, and associates. We understand the importance of robust data protection practices and adhere to the requirements of the European Union’s General Data Protection Regulation (GDPR) and the revised Swiss Federal Act on Data Protection (nFDAP).


This compliance statement outlines our principles and practices governing the collection, processing, storage, and transfer of personal data within the scope of the GDPR and nFDAP. This applies to all personal data Rushford Business School processes, regardless of the individual’s residency or the location where processing occurs.

Data Protection Principles

Rushford Business School’s data processing activities adhere to the following principles:

Lawfulness, Fairness, and Transparency: We process personal data only with lawful grounds, in a fair manner, and inform individuals transparently about our processing purposes and practices.
Purpose Limitation: Personal data is collected and processed only for specified, legitimate, and explicit purposes outlined at the time of collection. It will not be reused for incompatible purposes.
Data Minimization: We collect only the personal data that is adequate, relevant, and strictly necessary for the intended purposes.
Accuracy: We take reasonable steps to ensure personal data is accurate and kept up-to-date, including providing mechanisms for individuals to rectify inaccuracies.
Storage Limitation: Personal data is retained only for as long as necessary to fulfill the purposes it was collected for, or as mandated by legal or regulatory requirements.
Integrity and Confidentiality (Security): We implement robust technical and organizational security measures to protect personal data against unauthorized access, alteration, disclosure, or destruction.
Accountability: Rushford Business School is accountable for its data protection practices and establishes internal procedures and documentation to demonstrate compliance.

Rights of Data Subjects

Rushford Business School respects and facilitates the rights of individuals under the GDPR and nFDAP, including:

Right to Information: Individuals have the right to transparent information about how their data is processed.
Right to Access: Individuals may request access to the personal data we hold about them.
Right to Rectification: Individuals have the right to request correction of inaccurate or incomplete personal data.
Right to Erasure (Right to be Forgotten): Under certain circumstances, individuals may request deletion of their personal data.
Right to Restriction of Processing: Individuals may request restrictions on how their data is processed in specific scenarios.
Right to Data Portability: Individuals have the right to receive their personal data in a structured, machine-readable format and transmit it to another controller.
Right to Object: Individuals may object to the processing of their data for certain purposes, including direct marketing.
Right not to be Subject to Automated Decision-Making: Individuals have the right not to be subject to solely automated decisions with significant effects, unless exceptions apply.

Data Processing

Lawful Basis: We always establish a valid lawful basis for processing personal data, such as consent, legal obligation, contractual necessity, or legitimate interests.
Notice and Consent: We provide clear privacy notices and obtain freely given, specific, informed, and unambiguous consent where required.
Data Processing Agreements: We establish appropriate contracts with third-party processors to ensure compliance and protection of personal data.
International Data Transfers: Transfers of personal data outside the EU/EEA and Switzerland are conducted only with appropriate safeguards, such as Standard Contractual Clauses.

Contact & Inquiries

We reserve the right to update this statement in accordance with evolving regulatory requirements.