Responsible for the processing of personal data:
Novavest Real Estate AG
Data Protection Officer
Feldeggstrasse 26
8008 Zurich
Email: info@novavest.ch
This Privacy Statement is written in simple and understandable language and avoids legal and technical terminology wherever possible.
Version of 1 September 2023
1. General information on data processing
1.1 Purpose of the Privacy Statement
When you contact Novavest Real Estate AG, usually only personal data is processed which falls under the Data Protection Act (FADP) and the Data Protection Ordinance (DPO). This data typically includes name, mail address, phone number as well as personal information which is related to contractual relationships with us. In addition, technical data that can be assigned to a person is considered to be personal data.
This Privacy Statement explains the nature, scope and purpose of the processing of your personal data by us.
1.2 Legal basis
The legal basis for our data processing is, in particular, Art. 5-9 FADP (“Terms and Principles”). The measures we take are guided by the “Industry recommendation on the revised Data Protection Act” of SVIT Switzerland.
In order to protect the managed data in accordance with the current state of the art against manipulation, loss, destruction or access by unauthorised persons, we implement organisational and modern technical security measures, which we are continuously improving.
1.3 Processed personal data
The personal data we process includes sensitive personal data within the scope of the FADP. Particularly sensitive personal data is only processed in individual cases and following an appropriate declaration of consent (for example, debt enforcement register, criminal records excerpts, credit reports).
1.4 Your rights
Each person has the right, according to Art. 25 FADP to request information from us free of charge about whether their personal data is being processed. Subject to the conditions of Art. 28 Abs. 1 FADP, each person has the right to request that we surrender their personal data which they have disclosed to us, in a common electronic format. Requests for information and surrender must be addressed to: info@novavest.ch
2. Processing method
2.1 Leasing process
Personal data of prospective tenants and tenants is accrued during the leasing process, insofar as this is required for the process or for rental agreements. By disclosing personal data, the persons concerned declare their consent to data processing.
Personal data of prospective tenants is deleted after completion of the leasing process if the process does not result in a lease or if the person concerned does not give their consent for the personal data to be used in a later leasing process.
Rental agreements and the personal data associated with them is retained for 10 years beyond the last contractual activity according to the principles of the general prescriptive period (Art. 127 CO).
2.2 Transaction process
In the transaction process, personal data of sellers and prospective buyers as well as buyers and personal data connected with the transaction process accrues, if this is required for the process.
Personal data of sellers and buyers as well as documents relating to the process will be retained for a retention period of 20 years (Art. 70 VATA; VAT industry info 17, section 3.2) plus a statutory limitation period of 5 years (Art. 42 and Art. 91 VATA).
All personal data of prospective buyers/sellers as well as personal data connected with the transaction process will be deleted within 5 years after termination of the transaction process, provided the persons concerned do not give their consent to use the personal data for a subsequent transaction process. The right to anonymous retention is reserved.
2.3 Cooperation with third parties
We work together with a wide range of external partners to provide our services. We only have a very restricted influence on the processing of personal data by these third parties. The privacy statements of these third parties must be observed.
Personal data can be forwarded to the following companies, for example:
- Partners and suppliers such as planners, general and turnkey contractors
- Property management and facility managers
- Property valuers
- Auditing companies
- Insurers and insurance brokers
- Law firms and notaries
- IT providers and IT service companies
Personal data is only disclosed to third parties for the purpose of fulfilling our services and only to the extent required for this purpose.
2.4 Data transfer and data transmission abroad
We can forward your data to third-party recipients, where necessary based on your consent, or if they need your data to fulfil our contractual and statutory obligations or to fulfil their respective tasks. We can then share your data to protect our legitimate interests.
In particular, the recipients listed below may receive your data:
- Third parties such as consultants, marketing companies, translation agencies or providers of IT services who process your data as well as other external service providers and offices such as banks, asset managers, insurance companies, auditors, associations
- Our contractual partners, including our customers, in other words, possibly your employer
- Public bodies and authorities (such as FINMA, tax authorities) in the case of a legal or regulatory obligation or quality controls
- Third parties who have access to the personal data processed in the course of visiting our website
- Other third parties, such as different delivery addressees, payment and service recipients, third parties in the context of M&A, transactions, lawyers, industry organisations, etc.
The recipients of your data may in turn involve third parties. We restrict the processing by certain selected third parties contractually, for example. This is not always possible with other third parties (such as with public bodies and authorities such as financial intermediaries).
The recipient of your data might be located in Switzerland or in Europe but in exceptional cases also in any other country in the world.
If the data recipient is located in a country without adequate statutory data protection and is not already subject to a recognised set of rules to ensure data protection, appropriate additional protection measures will be necessary, for example, through contractually agreed specific data protection clauses. However, exceptions to this rule may occur (for example, in direct connection with the conclusion or performance of a contract, legal proceedings abroad, overriding public or private interest or your consent).
2.5 Customer relationship management
Personal data in our customer relationship management system (CRM system) only includes the information required for contact or the business relationship. The personal data will be deleted as soon as the data is no longer bound for a specific purpose or the person concerned has withdrawn their consent.
2.6 Newsletter
We use the solution CleverReach from the provider CleverReach for digital newsletters. Personal data is stored on its servers for dispatch. Recipients have the option at all times to view the personal data, to edit it and to delete it.
We do not send any unsolicited newsletters.
2.7 Events
Personal data from registrations and participation in events that we organise will be deleted as long as the data is no longer bound for a specific purpose or the person concerned has withdrawn their consent.
2.8 Data backups
In the interests of data security, we regularly back up our business data, which is stored on data carriers and cloud services in Switzerland. The frequency of the data backups is based on relevant recommendations.
2.9 Website/s
Visitors to the website www.novavest.ch as well as the project-specific websites are not obliged to submit personal data unless we specifically refer to this in individual cases.
2.10 Use of cookies
Cookies are data that is stored by our website via the browser on the end device of the user. We only use temporary “session cookies” which are required for operation and are automatically deleted from your end device once you have closed the browser. No permanent “persistent cookies” are used which remain in your browser until they are expire or are deleted. We also do not use cookies to collect statistical data on website usage or to use the data acquired in this manner for analysis and advertising purposes.
2.11 Server log files
We automatically collect a range of technical data, all personal data, each time you access this website.
This is:
- IP address of the user
- Name of the accessed website or file
- Date and time of access
- Notification of successful access
- Browser type and version
- Operating system of user
- Referrer URL (the site visited before)
Server log files are not merged with other personal data. We collect server log files for the purpose of managing and improving the website, as well as for recognising and averting unauthorised access. Server log files are collected and analysed by our order processors (IT service providers).
The server log files are deleted with the data mentioned above after one month at the latest, unless there is a legitimate interest or a service-oriented concern. We reserve the right to save the server log files for a longer period of time if facts are available which suggest the assumption of unauthorised access.
2.12 Changes
This Privacy Statement can be adjusted at any time without prior notice. The version published on our website or sent to you by other means applies if it is dated more recently. Unless otherwise agreed, this Privacy Statement is not a contractual component of a contract concluded with you.