Data Privacy

Last amended: [May 5th 2026]

  1. Introduction

ETH Zurich (“we”, “us”) is committed to protecting personal data. We process personal data in accordance with Swiss data protection law and, where applicable, with the EU General Data Protection Regulation (GDPR).

This Privacy Policy describes which personal data we collect when you use the MatchMinds website and web application (together, “MatchMinds”), for what purposes we use it, how we protect it, and what rights you have.

General information on data protection at ETH Zurich is available at: https://ethz.ch/en/footer/data-protection.html

  1. Meaning and purpose of MatchMinds

MatchMinds is an ETH Zurich service that supports collaboration between students, researchers, and external partners (for example companies or organisations) around projects such as internships, theses, and other academic or innovation-related activities. Personal data is processed to provide accounts, profiles, matchmaking and project workflows, communication features, administration and moderation, and related support functions.

We apply the principle of data minimisation: we only process personal data that is needed for these purposes.

  1. Scope and responsibility

This Privacy Policy applies to MatchMinds operated by ETH Zurich. Unless stated otherwise here, ETH Zurich is the controller for the processing described below.

For the legally responsible office and service-specific contact details, please refer to the imprint / legal notice published on MatchMinds https://matchminds.ethz.ch/en/imprint.

  1. Categories of personal data

Depending on how you use MatchMinds, we may process in particular:

• Account and authentication data, for example name, email address, organisational affiliation, identifiers, and security-related data managed through our identity system.

• Profile and eligibility information that you provide or that is required for onboarding (for example study level, department, skills or interests, CV-related information if you upload it).

• Content you create in MatchMinds, such as project descriptions, applications, messages, comments, uploads, and contract-related documents where the platform is used for document exchange.

• Matchmaking and workflow metadata, such as statuses, timestamps, and records needed to operate features you use.

• Technical and security data, such as server logs (which may include IP addresses, device/browser information, timestamps, and error information), audit trails, and monitoring data needed to ensure reliability and security.

We do not use the data described in this policy for unrelated automated decision-making that produces legal effects concerning you or similarly significantly affects you, unless we inform you separately and such use is permitted by law.

  1. Purposes and legal bases

We process personal data to:

• provide and operate MatchMinds (including registration, authentication, and core features)

• organise and document collaboration processes you initiate or join

• communicate with you about the service (for example transactional emails and, if applicable, service announcements)

• ensure IT security, prevent misuse, and comply with legal obligations

• improve stability and quality of the service (for example error diagnostics), where compatible with data protection requirements.

Depending on the situation, processing is based on performance of a contract or pre-contractual steps, our legitimate interests in operating a secure platform (balanced against your rights), or legal obligations. Where consent is required for specific processing (for example certain optional communications or non-essential cookies/analytics, if used), we will obtain it separately.

  1. Disclosure to third parties and processors

Personal data is processed within ETH Zurich by persons who require access for their role (“need to know”).

We may instruct carefully selected service providers (processors) to process personal data on our behalf, for example for hosting, identity management, email delivery, backups, and monitoring. Such providers process data only according to our instructions and subject to contractual safeguards required by applicable law.

Where personal data is transferred to countries without an adequate level of data protection, we implement appropriate safeguards (for example standard contractual clauses), as required.

Certain information may be visible to other users by design of the platform (for example profile fields or project-related content you choose to share). You control, within the limits of the product, what you publish or share with other participants.

We may disclose personal data to authorities if required by mandatory law or enforceable official orders.

  1. Hosting, outsourcing, and security measures

MatchMinds is operated using cloud infrastructure approved under ETH Zurich’s internal information security and IT governance processes. In line with ETH guidance, we generally prefer processing within Switzerland and the European Economic Area where feasible.

We implement appropriate technical and organisational measures, including encrypted transmission (HTTPS/TLS) and access controls. The specific measures depend on the sensitivity of the information, the purpose of processing, and the state of the art.

Internal ETH documentation classifies categories of information by confidentiality and risk. Particularly sensitive content should only be shared through MatchMinds when doing so is appropriate for the intended collaboration and any additional requirements (for example export control or non-disclosure obligations) are respected.

  1. Retention

We store personal data only as long as necessary for the purposes described in this policy, unless longer retention is required by law or justified by overriding legitimate interests (for example limited security backups). When data is no longer needed, we delete or anonymise it in line with our retention practices.

  1. Cookies and similar technologies

MatchMinds may use cookies or similar technologies that are technically necessary for operation and security (for example session management). If we use optional analytics or marketing technologies, we will inform you separately and, where required, ask for your consent before activating them.

You can adjust your browser settings to block or delete cookies; please note that some functions may not work without necessary cookies.

  1. External links and embedded services

MatchMinds may contain links to third-party websites or services. Their operators are solely responsible for their content and privacy practices. ETH Zurich does not control external sites and is not responsible for their data processing.

  1. Your rights

Subject to applicable law, you may have the right to:

• request information about personal data concerning you

• request correction of inaccurate data

• request deletion, restriction of processing, or object to certain processing

• receive personal data you provided in a structured, commonly used format (data portability), where applicable

• withdraw consent where processing is based on consent, without affecting the lawfulness of processing before withdrawal

• lodge a complaint with a competent supervisory authority.

To exercise your rights, please contact the address given in the imprint https://matchminds.ethz.ch/en/imprint. You may also contact the ETH Zurich Data Protection Officer; contact details are published on the ETH data protection page linked in section 1.

  1. Changes

We may update this Privacy Policy when the service, underlying technology, or legal requirements change. The current version is published on MatchMinds with its “last amended” date.

Manage your cookie preferences below. Essential cookies are required for the website to function properly and cannot be disabled.

Cookie Preferences

Manage your cookie preferences below. Essential cookies are required for the website to function properly and cannot be disabled.

Required for the website to function. These cannot be disabled.

Help us understand how visitors interact with our website by collecting and reporting information anonymously.

Allow embedding of content from external platforms like YouTube.