Data protection is very important to us. When processing personal details, ZUG ESTATES undertakes to abide by the applicable data protection provisions.
In this Privacy Statement, we inform you of how and why we collect, process, and use personal data.
We have based this Privacy Statement on both the Swiss Data Protection Act and the European Union’s General Data Protection Regulation (GDPR). Whether these and/or other data protection laws apply depends on the individual case.
1. Scope of application of this privacy statement
This privacy statement applies to the processing of personal data of
- website visitors in connection with our website www.zugestates.ch, www.metalli.ch, www.suurstoffi.ch
- prospective tenants
each referred to as “User”, by ZUG ESTATES and its parent company as well as all subsidiaries.
ZUG ESTATES collects, stores and processes (hereinafter referred to as “handle” or “process”) only those data and information described below and processes them solely for the purposes defined in this privacy statement.
This privacy statement does not apply to our tenants, employees and suppliers. For these parties, data protection is governed by each individual contract and in accordance with the applicable local legislation.
Use of this website’s service applies to individuals and legal entities aged over 16 years and resident in Switzerland.
2. Contact details for the parties responsible and the company data protection officer
This privacy statement applies to data processed by:
The party responsible for all websites listed under point 1
Federal Data Protection and Information Commissioner, FDPIC
3. Processing of personal data; method, purpose, and use
a) To process a contract
As part of the precontractual process or the processing of the contract and service, you provide us with the following data and information:
As a prospective tenant:
- Title, last names, first names of the prospective tenants and any guarantors
- Contact details (e-mail address, phone number)
- Date of birth, marital status, place or country of birth, status and duration of residency,
- Occupation, employer, information about income,
- Number and age of any children, number of adults
- Number of vehicles
- Information about pets and music
- Information as to whether the prospective tenant has ever been the subject of debt collection proceedings
- Payment information
- Addresses for the last 5 years
- Information about the existence of personal liability insurance
- Request for permission from employer to be a reference
As a prospective buyer:
- Title, last names, first names
- Residential address, company address, billing address
- Contact details
- Extract from the debt collection register
- Place of birth, country of birth
- Residence permit B or C
- Date of birth
- Marital status
- Matrimonial property regime
- Confirmation of residence from the municipality
- Copy of residence permit
- Contract of employment
- Tax statement
- Copy of vehicle registration certificate and driver's license
- Confirmation of fitness center membership, etc.
- Confirmation of where children attend school
These data are collected exclusively to enable us to make a decision about whether we wish to enter into a contractual relationship with you.
The legal basis for data processing arises from the justification of the precontractual handling in accordance with Art. 13 para. 1 FADP and Art. 6 para. 1 (1) b) GDPR.
b) When visiting the website
When visiting our website, information is stored temporarily in a log file on our server. This is information that your device's browser sends automatically.
The following data from the website visitor is stored in the server log files (Apache2 "common" log file format):
- IP address
- Date/time of access
- URL (domain name and path) of access
- Referrer URL
- Browser/user agent
- User name in the case of HTTP authentications of the websites and/or logins
These data are collected and processed by us solely for the following purposes:
- for establishing an easy and smooth connection to the website;
- for easy use of our website;
- to ensure system security and stability;
- to improve our specialist knowledge and service, for analytical, advertising and marketing activities.
The legal basis for data processing is based on legitimate prevailing interests in accordance with Art. 13 para. 1 FADP and Art. 6 para. 1 (1) f) GDPR. Our legitimate interests are a result of our intention to provide a user-friendly website, continuously keep information up to date, meet the needs of our customers and website visitors, and fulfill our business interests to the utmost satisfaction of all stakeholders.
We never use the data we collect for the purpose of forming conclusions about your person.
Forwarded data may be used by the above-mentioned third parties exclusively for the purposes stated. We guarantee that data processing is adequately protected.
c) Contact form
When you contact ZUG ESTATES via e-mail or the contact form, we use the contact details you voluntarily provide to us, including:
- title, last names, first names;
- contact details;
- language setting and e-mail address.
Contacting us via e-mail and providing us with this information is always voluntary. These data are collected and processed by us solely for the following purposes:
- providing a competent response to your inquiry;
- providing a competent response to your request for a service;
This data is processed to allow us to communicate with you, and is based on our legitimate prevailing interests in accordance with Art. 13 para. 1 FADP and Art. 6 para. 1 (1) a) GDPR.
Please note that data exchange via e-mail is not secure. In the case of confidential information or sensitive personal data and/or certain categories of personal data in particular, we recommend using an encrypted method of transmission. We therefore ask that you expressly notify us if you would like us to communicate with you in an encrypted form.
d) Press releases and ad-hoc releases
The following information outlines the content of our ad-hoc releases as well as the processes for registration, sending, and statistical evaluation, as well as your right to object. By subscribing to our ad-hoc releases, you declare that you agree to receive them and to the process outlined below.
a) Content of ad-hoc releases
We send ad-hoc releases containing information about our company only with the approval of the recipient.
A double opt-in process is required to register to receive our ad-hoc releases: After registering, you will receive an e-mail inviting you to confirm your registration. This confirmation is required to prevent people from registering with e-mail addresses which do not belong to them. Records are kept of registrations for ad-hoc releases to prove that the registration process conforms to the legal requirements. This involves storing the time of registration and confirmation, as well as the IP address.
c) Registration data
To register for our ad-hoc releases, it is sufficient to provide your last names, first names (to be addressed personally) and your e-mail address.
d) Statistical analyses
Ad-hoc releases contain a web beacon which is retrieved by our server when they are opened. When retrieving the beacons, technical information such as information about the browser and your system, as well as your IP address and time of retrieval, is collected. This information is used to provide technical improvements to the services based on the technical data or the target groups, and your reading habits based on the places it is retrieved (which are located with the help of the IP address) or the times of access.
Statistical investigations also involve determining whether the ad-hoc releases were opened, when they were opened, and which links were clicked on. For technical reasons, it is possible to trace this information back to individual recipients. However, it is not our intention to monitor individual Users. Rather, the evaluations help us to learn the reading habits of our Users so that we can adapt our content to them or send different content depending on our Users’ interests.
You can unsubscribe from receiving our ad-hoc releases at any time, i.e. revoke your permission. You will find a link enabling you to cancel the subscription at the bottom of each ad-hoc release.
f) Legal basis for the General Data Protection Regulation
In accordance with the provisions of the applicable General Data Protection Regulation (GDPR) which came into force on May 25, 2018, we hereby inform you that the permissions for sending e-mail addresses are based on Art. 6 para. 1 a), 7 GDPR and section 7 para. 2 no. 3, and para. 3 UCA. Statistical investigations and analyses, as well as the recording of the registration process, are carried out on the basis of our legitimate interests in accordance with Art. 6 para. 1 f) GDPR. Our interest is in providing a user-friendly and secure system that serves our business interests while also meeting the Users’ expectations.
We would also like to point out that you may at any time revoke your consent to your personal data being processed in future, in line with the statutory requirements in accordance with Art. 21 GDPR. In particular, you may revoke consent to processing for the purpose of direct advertising.
4. Forwarding of data to third parties / abroad
Your personal data may be forwarded to parent companies and subsidiaries, as well as their associated companies, for the purposes outlined above.
ZUG ESTATES is also authorized to transfer your personal data to third parties (i.e. contracted service providers) within Switzerland and abroad, if this is required to process data as outlined in this privacy statement and to fulfill the above-mentioned purposes. These third parties are obliged to observe data protection to the same extent as ZUG ESTATES. If the level of data protection in a country does not meet the Swiss or European standards, we ensure that the third party is contractually obliged to protect your personal data to the same standards as in Switzerland or the EU at all times.
ZUG ESTATES may forward personal data to the authorities in Switzerland and abroad as part of civil, administrative, and criminal proceedings insofar as a legally valid and enforceable ruling or decree has been issued, or if a statutory obligation applies. System activity and marginal data is recorded by ZUG ESTATES or third-party providers and preserved to the statutorily prescribed extent for the requisite statutory period. These records are used to deliver agreed services and fulfill statutory requirements, as well as for troubleshooting, the accumulation of performance data, and the purposes stated above.
External recipients of personal data include:
- service providers in the areas of finance, marketing, customer feedback, print, IT, payment services and legal;
- credit agencies;
- platforms for sending newsletters and press releases;
- companies of Zug Estates Holding AG;
- government agencies and authorities;
- hosting providers;
- platform operators.
Third-party access to your personal data is based on our legitimate prevailing interests in accordance with Art. 13 para. 1 FADP and Art. 6 para.1 (1) f) and/or in connection with c) GDPR. The legitimacy of this is guaranteed in that ZUG ESTATES undertakes to meet its legal and contractual obligations.
The information that ZUG ESTATES receives and saves through cookies during the course of ordinary visits to its website is used exclusively within ZUG ESTATES or the companies affiliated to it for purposes of optimizing the website and the user experience.
- record the frequency of use, number of Users and behavior on our website;
- make our offering more attractive, effective, safe and user-friendly;
- increase the security of the use of the website;
- present our information in a user-friendly manner;
- optimize user-friendliness;
- recognize you on future visits and recall the details you entered on your previous visit so that you do not have to enter these again.
By continuing to use our website or agreeing to this privacy statement you consent to our using cookies. You can revoke this consent at any time by setting your browser to reject cookies from third parties.
The data collected and processed by cookies are required for the above-mentioned reasons to maintain our legitimate prevailing interests and the interests of third parties within the scope of Art. 6 para. 1 (1) f) GDPR.
Most Internet browsers are set up in such a way that they automatically accept cookies. If you do not wish for our websites to store cookies on your device, you can set up your browser so that you receive a warning before certain cookies are stored. You can also change your settings so that your browser rejects the majority of our cookies or just certain cookies, or deactivates them completely. You can also revoke your approval of cookies by deleting cookies which have already been stored. Please also see the instructions for each search engine provider:
Internet Explorer: https://support.microsoft.com/...
Mozilla Firefox: https://support.mozilla.org/en...
Google Chrome: https://support.google.com/chr...
If you restrict or deactivate cookies, it is possible that certain functions of the website will no longer be available to you. Completely deactivating cookies may mean that you will no longer be able to use all of the functions of our website.
Please refer to the table here for information on the purposes and life of the cookies as as the third parties involved.
6. Analytical Tools
a) Google Analytics, Google Tag Manager
Google observes the data protection regulations of the “Swiss and EU-USA Privacy Shield“ agreement and thus has an adequate level of data protection. Google uses the information it collects to evaluate the use of our websites for us, create reports about this for us, and execute other services for us in this regard. Find out more at http://www.google.com/intl/en/...
You can deactivate Google Analytics at http://tools.google.com/dlpage... .
We use Google Analytics and Google Tag Manager in accordance with the purposes and justifications listed under point 5.
Google Tag Manager is used exclusively to implement Google Analytics on our websites.
Our website uses AddThis, provided by Oracle Parkway, Redwood Shores, CA 94065, USA, tel.: +1 650 506 7000, http://www.addthis.com.
AddThis is a bookmarking service that allows websites to be bookmarked more easily. This is done by using buttons which show a list of bookmarking and sharing services when the mouse cursor hovers over them or when they are clicked on. This allows Users to bookmark any pages they wish to from this website or share them on social media channels.
AddThis observes the data protection regulations of the “Swiss and EU-USA Privacy Shield“ agreement and thus has an adequate level of data protection.
You will find more information about AddThis technology in the provider's data protection regulations: http://www.addthis.com/privacy
To deactivate AddThis, see http://www.addthis.com/privacy/opt-out
On our website, we use the social plugins listed below to:
- increase awareness of our company;
- make the website user-friendly.
The underlying advertising purpose is considered a legitimate interest under the scope of Art. 13 para. 1 FADP and Art. 6 para. 1 f) GDPR.
The responsibility for ensuring that operation conforms to data protection provisions lies with each individual provider. Data processing in connection with these plugins occurs when you use these plugins, with your permission.
If you use these social networks’ services independently or in connection with our website, the social networks evaluate your use of the plugin. In this case, information is forwarded to the social networks via the plugin.
By changing the data protection settings and permissions for each social network, you decide which of the personal data you share with us (when granting access to your personal data stored in each social network) we can access.
Plugins from the short message service Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA are integrated in our website. The Twitter plugins (“Tweet” button) can be recognized by the Twitter logo and “Tweet”.
When you load a page from our website that contains a plugin such as this, a direct connection is made between your browser and the Twitter server. This allows Twitter to receive the information that you (your IP address) have visited our site. If you click on the Twitter button while you are logged into your Twitter account, you can link the content from our sites to your Twitter profile. In doing so, Twitter can assign the visit to our sites to your user account.
We would like to point out that as the provider of the sites, we do not receive any information about the content of the data transmitted to Twitter, nor about how Twitter uses this data. You will find more information on this topic here at https://twitter.com/en/privacy and https://help.twitter.com/en/ru...
Our website uses plugins from the social network LinkedIn, provided by LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland. cs.linkedin.com
Plugins are a quick way to integrate LinkedIn functionality into your website. You will find an overview of the LinkedIn plugins and their appearance here: https://developer.linkedin.com...
When you visit a page from our website that contains a plugin such as this, your browser creates a direct connection to the LinkedIn servers. LinkedIn sends the content of the plugin directly to your browser and integrates it into the page.
We would like to point out that as the provider of the sites, we are not privy to the content of the data transmitted to LinkedIn, nor how LinkedIn uses this data. You will find more information at:
https://www.linkedin.com/legal... and https://www.linkedin.com/legal...
Our website uses plugins from the social network Xing provided by Xing AG (“XING”), Dammtorstrasse 30, 20354 Hamburg, Germany, email@example.com / firstname.lastname@example.org. To this end, the Xing share button is used on our website. When loading up this website, your browser creates a temporary connection to the XING servers, which provide the use of the XING share button functions (especially the calculation/display of the counter value). Xing does not store any personal data from you when you access this website. In particular, XING does not store any IP addresses. In addition, using the XING share button does not enable cookies which evaluate your user behavior. The latest information about the XING share button and additional information can be found on this website: https://www.xing.com/app/share...
8. Your rights
You have the right:
- to request information about your personal data processed by us (in accordance with Art. 8 FADP). In particular, you may request information regarding the purposes of processing, the category of the personal data, the categories of recipients who were or are provided with your data, the planned storage period, the existence of a right to the correction, deletion, or restriction of processing or revocation, the existence of a right to lodge complaints, the origin of your data if they were not collected by us, as well as the existence of an automated decision-making tool, including profiling, and meaningful information about its specific details where applicable (Art. 8 FADP and Art. 15 GDPR). If disproportionate effort is required, we reserve the right to request proof of identity from you, and that you assume the actual costs in advance.
- to request the immediate correction of incorrect personal data or the completion of your personal data stored by us (Art. 5 para. 2 FADP and Art. 16 GDPR).
- to request the deletion of your personal data stored by us, as long as the processing of data is not required to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons in the public interest or to assert, exercise or defend legal rights (Art. 15 FADP and Art. 17 GDPR).
- to request the restriction of processing of your personal data, if the accuracy of the data is disputed by you, the processing is unlawful, you refuse deletion but we no longer require the data, you need them to assert, exercise or defend legal rights or you have objected to their processing in accordance with Art. 21 GDPR (Art. 15 FADP and Art. 18 GDPR).
- to receive your personal data that you provided to us in a structured, accessible and machine-readable format or to request that they are transmitted to another responsible party (Art. 20 GDPR).
- to revoke at any time the permission you once gave us. As a consequence, we will no longer be allowed to process data affected by this permission in future (Art. 7 para. 3 GDPR).
- to lodge a complaint with a regulatory authority (Art. 77 GDPR).
- Parents or legal representatives of persons under 16 years of age can request the deletion or deregistration of stored personal data, in particular in accordance with Art. 15 FADP, Art. 17 GDPR and Art. 77 GDPR.
9. Right of objection
If your personal data are processed on the basis of our legitimate interests in accordance with Art. 6 para. 1 (1) f) GDPR, you have the right, in accordance with Art. 21 GDPR, to object to the processing of your personal data, as long as there are reasons to do so arising from an exceptional situation or if your objection is to direct advertising. In the case of the latter, you have a general right of objection which we will implement without requiring details of an exceptional situation.
10. Data security
We take appropriate measures to ensure that your personal data cannot be viewed or stolen by unauthorized third parties. In particular, we use adequate technical (e.g. firewall, password protection, etc.) and organizational (e.g. restricting authorized persons, training authorized persons, etc.) measures to ensure that only authorized persons have access to these data.
However, you should always be aware that the transmission of information over the Internet and other electronic means carries certain security risks and that we cannot guarantee the security of information transmitted in this way.
Your personal data in connection with our website are transferred to us from this website using SSL encryption. We take technical and organizational measures to protect our website from unauthorized access.
Your personal data are transferred to us from this website using SSL encryption. We take technical and organizational measures to protect our website from unauthorized access.
11. Retention period
We retain your data for the following duration:
- We retain data that we are legally required to process for the statutory retention period, e.g. if dictated by labor, social insurance or tax law or by the Accounts Ordinance.
- We retain data that we require to fulfill a contract for at least the duration of the contract and a maximum of 10 years afterwards, unless we need the data to assert our rights.
- We retain data that we process to maintain our legitimate interests for a maximum of 10 years after the end of the contractual relationship, unless we need the data to assert our rights.
- Application documents are deleted or destroyed after six months.
- Data that we no longer require are deleted or destroyed if the purpose of processing and the basis for processing are invalid, unless there is a statutory retention period.
12. Validity and changes to this privacy statement
We reserve the right to change this privacy statement or adapt it to new processing methods at any time. The valid privacy statement can be viewed at any time on the website mentioned above. Older versions of the privacy statement can also be viewed there.
13. IT Security Audit
Zug, 28 July 2023