Data Protection Statement of Profond Investment Foundation

1. What is this data protection statement about?

In this data protection statement, we will inform you how we process your personal data (also called your "data").

By processing, we mean obtaining, storing, using, reworking, disclosing, archiving or destroying data.

You will learn:  
-    which data,  
-    for what purpose, 
-    for how long and 
-    for what reason 
is processed by us. 

We will also show you, 
-    to whom we disclose your data, 
-    how we protect your data and 
-    what your rights are. 
 

 

2. Who is responsible for data processing?

Profond Investment Foundation is responsible for data processing under this statement.

Profond Investment Foundation
Zollstrasse 62
8005 Zürich

Our officer responsible for data protection can be reached at the aforementioned postal address, through the contact form on our website or by telephone on 058 589 89 81.

 

3. Who is the data protection statement intended for?

Our data processing may in particular relate to the following persons:

 

  • Tenants of real estate properties owned by Profond Investment Foundation (in particular tenants of flats)
  • Contact persons in the case of commercial tenancies, in particular at business properties of Profond Investment Foundation

  • Contact persons of real estate managers, construction companies and other service providers who assist us with the management of our real estate properties

  • Contact persons of businesses commissioned by Profond in further own matters

  • visitors to our websites,

  • people who contact us.

If you provide us with information about other people, we will assume that you are authorised to do so and that the information is accurate. By submitting the data, you confirm this. Please also ensure that these third parties have been informed of this data protection statement.

 

4. Which data do we process?

We process various categories of data about you. The most important categories are the following:

4.1 Master data

What we call "master data" is the basic data that we need in addition to the contract data (see below) for the fulfilment of our legal and contractual obligations or for marketing and advertising purposes.

The master data includes, for example: 
-    your first name, last name 
-    your address, e-mail address, telephone number and other contact details

4.2 Contract data

Contract data is data that we process in connection with the conclusion of a contract or the performance of a contract. This includes, for example, personal data we required for letting the real estate properties.

4.3 Financial data

By this we mean personal data that relates to your financial circumstances. This also includes data relating to payments and bank details.

4.4 Communication data

If you are in contact with us by e-mail, telephone, letter or other means of communication, we collect the data exchanged between you and us, including your contact details.

4.5 Technical data

When you use our websites or other electronic services, we may collect certain technical data (e.g. the IP address of your device or logs in which the use of our websites is recorded).

4.6 Other data

We also collect your data in other situations. Data is collected in connection with official or judicial proceedings, for example (such as files, evidence, etc.) which may also relate to you. We may also collect data for reasons of health protection (e.g. in the context of health and safety plans).

Finally, we may also collect data about: 
-    who enters certain buildings and when, or 
-    who participates in events or activities and when they do so.

The above-mentioned personal data is, in some cases, particularly sensitive personal data. We process particularly sensitive personal data only if you have consented to processing.

5. Where does the personal data come from?

We receive personal data from yourself, from visits to our website, from our property managers, from third parties such as authorities, courts, contractual partners, financial service providers and from publicly accessible sources such as public registers or the Internet.

6. For which purposes do we process your data?

Personal data is processed in particular for the conclusion and the execution of rental agreements. We also process personal data for related purposes, in particular:

 

  • For answering inquiries and for customer care
  • For contract execution and contract initiation

  • To prevent fraud and scam prevention and to ensure security - in particular IT security -;

  • To comply with laws, directives and recommendations from public authorities and internal regulations (compliance)

  • To ensure risk management, internal audit and prudent corporate management (including business organisation and corporate development)

  • For safeguarding rights , for example in courts or towards authorities;

  • For other purposes; e.g. as part of our administration and for safeguarding our operations, this includes, for example, accounting, the archiving of data and the training and education of employees.

  • For application procedures.

7. On what basis do we process the data?

To the extent that consent to the processing of personal data is required, we do not process the data until you have given your consent. Consent can be revoked at any time by written notice with effect for the future. Once we have received the notice of withdrawal of your consent, we will no longer process your data for the purposes you originally consented to, unless we have another legal basis for doing so. The revocation of your consent does not affect the legality of the processing before the revocation.

Where we do not ask for your consent for processing, we base the processing of your personal data on the fact that the processing is necessary for the initiation or processing of a contract or that we have a legitimate interest in pursuing the purposes described under Point 6. This also includes the marketing of our services and our interest in improving our understanding of your needs and managing and developing our company securely and efficiently, including our operations.

If we receive particularly sensitive data, we may also process your data on other legal bases, for example in the event of disputes due to the need of processing for possible legal proceedings or to enforce or defend legal claims. In specific cases other legal grounds may apply. We will inform you of these separately if necessary.

 

8. To whom do we disclose your data?

In connection with the letting of real estate properties, we also transfer your personal data to third parties, in particular to the following categories of recipients:

Service providers

We work with service providers in Switzerland and abroad who receive data from us on our behalf and use it as a processor in accordance with our instructions. They must take appropriate data protection and data security measures. Other service providers may be so-called data controllers, who individually or jointly with us decide on the purpose and means of processing (e.g. real estate managers, lawyers, financial service providers).

Third parties

Third parties can be involved in the checking of addresses and credit worthiness as well as the collection of receivables;

Public authorities, offices and courts

Public authorities, offices and courts may receive personal data from us if we are required or authorised to do so or if it appears necessary to protect our interests.

Other persons

Data may also be disclosed to other recipients if the involvement of third parties results from the purposes described in Section 6.

All of these categories can, in turn, involve third parties, so that your data can also be made accessible to them. The processing by certain third parties may be partially restricted (e.g. in the case of IT providers), but not by other third parties (e.g. public authorities, financial service providers, etc.).

9. Will your personal data also be sent to foreign countries?

As explained in Section 7, we also disclose data to other bodies.  These are located not only in Switzerland. Your data can, therefore, also be processed in Europe, but in exceptional cases in any country in the world. 

If the recipient is located in a country without adequate legal data protection, we place the recipient under a contractual obligation to comply with the applicable data protection, unless they are already subject to a legally recognised set of rules to ensure data protection and we cannot rely on an exemption clause. An exception may, in particular:

  • apply to legal proceedings abroad, 
  • in cases of overriding public interest,
  • where the performance of a contract requires such disclosure; or
  • if you have given your consent. 

Please also note that data exchanged over the Internet is often transmitted via third countries. Your data can, therefore, even be transferred abroad if the sender and recipient are in the same country.

10. How long do we process personal data for?

We process your data for as long as our processing purposes, the legal retention periods and our legitimate interests in processing for documentation and evidence purposes require, or for as long as storage is technically necessary.

We usually retain your data for 10 years from the last exchange with you, but at least from the end of the contract. This period may be longer insofar as this is necessary for reasons of evidence or to comply with legal or contractual requirements or is technically required.

If there are no legal or contractual obligations to the contrary, we will delete or anonymise your data after the storage or processing period has expired as part of our usual procedures.

11. How do we protect your data?

We take reasonable security measures to maintain the confidentiality, integrity and availability of your personal data, to protect it against unauthorised or unlawful processing and to minimise the risk of loss, accidental alteration, unwanted disclosure or unauthorised access.

The security measures of a technical and organisational nature may include, for example, measures, such as the encryption and pseudonymisation of data, logging, access restrictions, the storage of backup copies, instructions to our employees, confidentiality agreements and audits. However, security risks cannot be completely ruled out in general; residual risks are unavoidable.

12. What are your rights?

You have the following rights in connection with our data processing:

  1. The right to request information from us as to whether and which data of yours we process; 
  2. The right to have data corrected if it is inaccurate; 
  3. The right to request the deletion of data; 
  4. The right to demand the surrender of certain personal data by us in a common electronic format or its transfer to another controller; 
  5. The right to withdraw consent, insofar as our processing is based on your consent; 
  6. The right to request further information necessary for the exercise of these rights;

If you wish to exercise the above rights, please contact us in writing; our contact details can be found in Section 2. In order for us to prevent misuse, we must identify you (e.g. with a copy of your identity card). Please note that these rights may be subject to conditions, exceptions or restrictions under applicable data protection law (e.g. for the protection of third parties or trade secrets).

If you do not agree with our handling of your rights or data protection, please let us know. You also have the right to complain to the Federal Data Protection and Information Commissioner (FDPIC).

13. Do we use online tracking and online advertising techniques?

On our website, we use various techniques by which we and third parties we engage can recognise you when you use our website and may also track you over several visits. We will inform you about this in this section.

It is essential that we can distinguish between your access (through your system) and access by other users, so that we can ensure the functionality of the website and carry out evaluations and personalisations. We do not want to infer your identity, even if we can do so, to the extent that we or third parties we involve can identify you by a combination of registration data. Even without registration data, however, the technologies used are designed in such a way that you are recognised as an individual visitor every time you visit our website, for example by our server (or the servers of third parties) assigning you or your browser a certain identification number (a so-called  "cookie").

Cookies are individual codes (e.g. a serial number) that our server or a server of our service providers or advertising contractual partners transmits to your system when you connect to our website and that your system (browser or mobile) accepts and stores until the programmed expiry date. With each further access, your system transmits these codes to our server or the server of the third party. This means that you will be recognised even if your identity is unknown.

Other techniques can also be used, with which you are more or less likely to be recognised (i.e. differentiated from other users), e.g. fingerprinting. Fingerprinting combines your IP address, the browser you use, your screen resolution, language selection and other information your system shares with each server, resulting in a more or less unique fingerprint. This means that cookies can be dispensed with.

Whenever you access a server (e.g. when using a website or an app or because an image is visibly or invisibly integrated into an e-mail), your visits can, therefore, be tracked. If we integrate offers from an advertising partner or the provider of an analysis tool on our website, they can track you in the same way, even if you cannot be identified in individual cases.

We use such techniques on our website and allow certain third parties to do the same. Depending on the purpose of these techniques, however, we ask for your consent before they are used. You can access your current settings here. You can program your browser to block, deceive or delete certain cookies or alternative techniques. You can also supplement your browser with software that blocks tracking by certain third parties. Further information can be found on the help pages of your browser (usually under the keyword "data protection") or on the websites of the third parties which we list below.

The following cookies are distinguished (techniques with comparable functions, such as fingerprinting, are also meant here):

 

Necessary cookies

Some cookies are necessary for the functioning of the website as such or for certain functions. For example, they can make sure that you can switch between pages without losing information entered in a form. They also ensure that you stay logged in. These cookies are only temporary (“session cookies”). If you block them, the site may not work.

Performance cookies

In order to optimise our website and corresponding offers and to better tailor them to the needs of users, we use cookies to record and analyse the use of our website, possibly even beyond the end of the session. We do this through the use of third-party analytics services. We have listed these below.

Marketing cookies

Marketing Cookies store information about the pages visited by users on our website. This information may be used to deliver relevant advertising and measure the performance of marketing campaigns.

Before we use such cookies, we ask for your consent. You can revoke this consent via the cookie settings here at any time. Cookies have an expiry date of up to 24 months. Details can be found on the third-party websites.

We currently use offers from the following service providers (insofar as they use data from you or cookies set by you for advertising control):

Google Analytics

Google Analytics: Google Ireland (based in Ireland) is the provider of the “Google Analytics” service and acts as our data processor. Google Ireland relies on Google LLC (based in the USA) as its processor (both referred to as "Google"). Google uses performance cookies (see above) to track the behaviour of visitors to our website (duration, frequency of pages viewed, geographical origin of access, etc.) and to generate reports on the use of our website on this basis. We have configured the service in such a way that the IP addresses of visitors to Google in Europe are abbreviated before being forwarded to the USA and, therefore, cannot be traced. We have disabled the “Data sharing” and “Signals” settings. Although we can assume that the information we share with Google is not personal data for Google, it is possible that Google can draw conclusions about the identity of visitors from this data for its own purposes, create personal profiles and link this data to the Google accounts of these persons. If you agree to the use of Google Analytics, you explicitly consent to such processing, which also includes the transfer of personal data (in particular usage data for the website, app and device information as well as individual IDs) to the USA and other countries. You can find information about Google Analytics' data protection here and if you have a Google account, you can find more information about Google's processing here here.

14. What data do we process on our pages in social networks?

We may operate online presences on social networks and other platforms operated by third parties. We receive data from you and the platforms when you come into contact with us via our online presence (e.g. when you communicate with us, comment on our content or visit our presence). At the same time, the platforms evaluate your use of our online presence and link this data with other data about you known to the platforms (e.g. your behaviour and your preferences). They also process this data for their own purposes on their own responsibility, in particular for marketing purposes and to manage their platforms (e.g. which content they display to you).

We can distribute the content published by you (e.g. comments) ourselves (e.g. in our advertising on the platform or elsewhere). We or the operators of the platforms may also delete or restrict content from or to you in accordance with the terms of use (e.g. inappropriate comments).

Further information on the processing by the operators of the platforms can be found in the data protection statements of the platforms. There you will also learn the countries in which they process your data, which information they process, its deletion and other data subject rights you have and how you can exercise these or receive further information. We currently use the following platforms:

 

  • LinkedIn (https://ch.linkedin.com/)

15. Can this data protection statement be changed?

This data protection statement is not part of a contract with you. We can, therefore, adjust this data protection statement at any time. The version published on this website is the current version.

 

Last updated: 16.08.2023