Privacy policy
This privacy policy tells you about the nature, scope and purpose of the processing of personal data (hereinafter referred to as “data”) in the context of the provision of our services and within our website and the websites, functions and content associated with it, as well as external websites, such as our social media profiles (hereinafter collectively referred to as “website content”). With regard to the terms applied, such as “processing” or “controller”, we refer to the definitions set out in Art. 4 of the General Data Protection Regulation (GDPR).
Data controller
UTO Real Estate Management AG
Valentin Müller
Dufourstrasse 61
CH-8008 Zürich, Switzerland
utorem.ch
Types of data processed
– Stock data (e.g. personal master data, names or addresses).
– Contact information (e.g., e-mail, phone numbers).
– Content data (e.g. text input, photographs, videos).
– Usage data (e.g. websites visited, interest in content, access times).
– Meta/communication data (e.g. device information, IP addresses).
Categories of data subjects
Visitors to and users of the website content (hereinafter we also refer to the data subjects collectively as “users”).
Purpose of processing
– Provision of website, its functions and content.
– Responding to contact requests and communicating with users.
– Security measures.
– Reach measurement/marketing
Terms applied
“Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
“Processing” means any operation or set of operations which is performed upon personal data, whether or not by automated means. The term is broad and encompasses practically all ways of handling data.
“Pseudonymisation” means the processing of personal data in such a way that it can no longer be related to a specific data subject without additional information, provided that such additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data are not attributed to an identified or identifiable natural person.
“Profiling” means any automated processing of personal data which consists of using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location.
The term “controller” means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.
“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Applicable legal bases
Pursuant to Art. 13 GDPR, we hereby inform you about the legal basis of our data processing. The following applies to users from the area of application of the General Data Protection Regulation (GDPR), i.e. the EU and the EEA, insofar as the legal basis is not stated in the privacy policy:
The legal basis for obtaining consent is Art. 6 (1) (a) and Art. 7 GDPR;
The legal basis for processing for the fulfilment of our services and implementation of contractual measures as well as responding to enquiries is Art. 6 (1) (b) GDPR;
The legal basis for processing for the fulfilment of our legal obligations is Art. 6 (1) (c) GDPR;
In the event that vital interests of the data subject or another natural person necessitate the processing of personal data, Art. 6 (1) (d) GDPR serves as the legal basis.
The legal basis for the processing required for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller is Art. 6 (1) (e) GDPR.
The legal basis for processing to safeguard our legitimate interests is Art. 6 (1) (f) GDPR.
The processing of data for purposes other than those for which they were collected shall be determined in accordance with the provisions of Art. 6 (4) GDPR.
The processing of special categories of data (in accordance with Art. 9 (1) GDPR) is determined in accordance with the provisions of Art. 9 (2) GDPR.
Security measures
We take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk, in accordance with the law and taking into account the state of the art, the cost of implementation and the nature, scope, context and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons.
These measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as the access, input, transfer, assurance of availability and separation of the data. Furthermore, we have put procedures in place to ensure the exercise of data subjects’ rights, deletion of data and response to compromised data. Furthermore, we pay attention to the protection of personal data already during the development and selection of hardware, software and procedures, in accordance with the principle of data protection by means of technology design and default settings that support data protection.
Cooperation with processors, joint controllers and third parties
If within the scope of our processing, we disclose data to other persons and companies (processors, joint controllers or third parties), transfer it to them or otherwise grant them access to the data, this will only be done on the basis of legal permissibility (e.g. if it is necessary to transfer the data to third parties, such as payment service providers, in order to fulfil the contract), users have given their consent, a legal obligation requires it or on the basis of our legitimate interests (e.g. when employing agents, web hosts, etc.).
If we disclose or transfer data to other companies in our corporate group or otherwise grant them access, this is done in particular for administrative purposes as a legitimate interest and, in addition, on a basis that complies with statutory requirements.
Transmissions to third countries
If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA) or this is undertaken within the context of employing third-party services or disclosing or transmitting data to other persons or companies, this is only done if it is in order to fulfil our (pre-)contractual obligations, is based on your consent, a statutory requirement or our legitimate interests. Subject to any statutory or contractual permissions, we will only process or permit data to be processed in a third country if the statutory requirements are met. This means that processing is performed, for example, on the basis of special safeguards, such as the officially accepted determination of a level of data protection corresponding to that of the EU (e.g. for the USA via the “Privacy Shield”) or compliance with officially accepted special contractual obligations.
Data subject rights
In accordance with statutory provisions, you have the right to request confirmation as to whether the data in question is being processed and to obtain information about this data, as well as further information and a copy of the data.
In accordance with statutory provisions, you have the right to request that the data relating to you be completed or that any incorrect data relating to you be rectified.
You have the right to request that the data in question be deleted immediately or, alternatively, to request that the processing of the data be restricted in accordance with statutory provisions.
You have the right to request that the data relating to you that you have provided to us be received in accordance with statutory provisions and to request that it be transferred to other data controllers.
You also have the right to lodge a complaint with the competent supervisory authority in accordance with statutory provisions.
Right of revocation
You have the right to revoke any consent you have given with effect for the future.
Right to object
You can object to the future processing of data relating to you at any time in accordance with statutory provisions. The objection can be made in particular to processing for the purposes of direct advertising.
Cookies and right to object to direct advertising
“Cookies” are defined as small files that are stored on users’ computers. Cookies can be used to store different types of information. The main purpose of a cookie is to store information about a user (or the device on which the cookie is stored) while they are visiting or after they have visited a website. Temporary cookies, ” session cookies” or “transient cookies” are cookies that are deleted after a user leaves a website and closes their browser. For example, this type of cookie can store the contents of a shopping basket on an online shop or a login status. The term “permanent” or “persistent” refers to cookies that are retained even after the browser has been closed. For example, the login status can be stored if users visit the website after several days. Likewise, the users’ preferences may be stored in this type of cookie, which will be used to measure reach or for marketing purposes. The term “third-party cookie” refers to cookies that are supplied by providers other than the party responsible for operating the website (otherwise, if these are only the cookies of the provider, they are referred to as “first-party cookies”).
We may use temporary and permanent cookies and will explain this in our privacy policy.
If users do not wish cookies to be stored on their computer, they are asked to deactivate the corresponding option in their browser’s system settings. Stored cookies can be deleted in the browser’s system settings. Disabling cookies may restrict the functionality of this website.
A general objection to the use of cookies for online marketing purposes can be made for many of the services, especially in the case of tracking, via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. Furthermore, you can prevent cookies from being stored by deactivating them in the browser settings. Please note that doing so may prevent you from using all of the functions of this website.
Deleting data
The data we process will be deleted or restricted in its processing in accordance with statutory requirements. Unless expressly stated within the scope of this privacy policy, the data we store will be deleted as soon as it is no longer required for its intended purpose and deleting it does not conflict with any statutory retention obligations.
If the data is not deleted because it is not required for other legally permissible purposes, its processing will be restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.
Amendments and updates to the privacy policy
We ask you to regularly review the content of our privacy policy. This privacy policy will be amended as soon as any changes to the data processing we perform render it necessary. We will inform you as soon as the amendments necessitate your cooperation (e.g. consent) or any other individual notification.
Contact
When you contact us (e.g. via a contact form, e-mail, telephone or social media), the user’s details are used to process and handle the contact request pursuant to Art. 6 (1) (b) (in the context of contractual/pre-contractual relations), Art. 6 (1) (f) (other enquiries) GDPR. The user’s details may be stored in a customer relationship management system (“CRM system”) or comparable enquiry processing system.
We delete the enquiries when they are no longer required. We review whether this is necessary every two years; statutory archiving obligations also apply.
Google Analytics
We use Google Analytics, a web analytics service supplied by Google LLC (“Google”), on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our website within the meaning of Art. 6 (1) (f) GDPR). Google employs cookies. The information generated by the cookie on the use of the website by the user is usually transferred to a Google server in the US and stored there.
Google is certified under the Privacy Shield agreement and therefore guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google will use this information on our behalf for the purpose of evaluating your use of our website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Pseudonymous user profiles can be created from the processed data.
We only use Google Analytics with activated IP anonymisation. This means that users’ IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there.
The IP address transmitted by the user as part of Google Analytics will not be merged with other Google data. Users can prevent the storage of cookies by configuring their browser software accordingly; users can also prevent data generated by the cookie and related to their use of the online offer from being collected and processed by Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
For more information on Google’s use of data, settings and opt-out options, please see Google’s privacy policy (https://policies.google.com/technologies/ads) and the settings for the display of advertisements by Google (https://adssettings.google.com/authenticated).
Users’ personal data is deleted or anonymised after 14 months.
Social media accounts
We maintain accounts on social media networks and platforms in order to communicate with our clients, interested parties and users who are active on these networks and platforms and to keep them informed about our services.
We would like to point out that in doing so, users’ data may be processed outside the territory of the European Union. This may result in risks for users because it may, for example, make it more difficult to enforce users’ rights. With regard to US providers certified under the Privacy Shield, we would like to advise you that they undertake to comply with the EU’s data protection standards.
Furthermore, user data is usually processed for market research and advertising purposes. For example, user profiles can be created based on their usage behaviour and resulting interests. The user profiles can in turn be used, for example, to run advertisements both on and off the platforms that are presumed to correspond to the users’ interests.. To this end, cookies are usually stored on the users’ computers, in which the usage behaviour and the users’ interests are saved. Furthermore, data may also be stored in the user profiles irrespective of the devices used by the users (in particular if the users are members of the respective platforms and are logged in to them).
The processing of users’ personal data is based on our legitimate interests in effectively informing users and communicating with them pursuant to Art. 6 (1) (f) GDPR. If users are asked by the respective providers to consent to data processing (i.e. declare their consent e.g. by ticking a checkbox or confirming a button), the legal basis for processing is Art. 6 (1) (a) and Art. 7 GDPR.
For a detailed description of the respective processing and the opt-out options, please refer to the information supplied by the providers linked below.
Also in the event of requests for information and the assertion of users’ rights, we would like to advise you that the most effective way to assert your rights is by contacting the providers. Only the providers have access to the users’ data and can take appropriate measures and provide information directly. However, should you need assistance in this regard, please do not hesitate to contact us.
– Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) – privacy policy: https://www.facebook.com/about/privacy/, opt-out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.
– Google/ YouTube (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) – privacy policy: https://policies.google.com/privacy, opt-out: https://adssettings.google.com/authenticated, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
– Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA) – Privacy policy/opt-out: http://instagram.com/about/legal/privacy/.
– Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA) – Privacy policy: https://twitter.com/de/privacy, opt-out: https://twitter.com/personalization, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active.
– Pinterest (Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA) – privacy policy/opt-out: https://about.pinterest.com/de/privacy-policy.
– LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland) – privacy policy https://www.linkedin.com/legal/privacy-policy , opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active.
– Xing (XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany) – privacy policy/opt-out: https://privacy.xing.com/de/datenschutzerklaerung.
Integration of third-party services and content
Within our website, we use content or services supplied by third parties on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our website within the meaning of Art. 6 (1) (f) GDPR) in order to integrate their content and services, such as videos or fonts (hereinafter referred to uniformly as “content”).
This always presupposes that the third-party providers of this content are aware of the user’s IP address, since without the IP address they would not be able to forward the content to the user’s browser. The IP address is therefore required to display this content. We strive to only use content where the respective providers only use the IP address to deliver the content. Third-party providers may also use what are known as pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our website, and may also be linked to such information from other sources.
YouTube
We integrate videos on the YouTube platform operated by the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy https://www.google.com/policies/privacy/, Opt-out: https://adssettings.google.com/authenticated.
Google Maps
We integrate maps on the Google Maps service operated by the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The data processed may include, in particular, users’ IP addresses and location data, which, however, are not collected without their consent (usually executed within the settings on their mobile devices). The data may be processed in the US. Privacy policy: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.
Use of Facebook social plugins
We use social plugins (“plugins”) provided by the social network facebook.com on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our website within the meaning of Art. 6 (1) (f) GDPR), which is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”).
This may include, for example, content such as images, videos or texts and buttons with which users can share content of this website within Facebook. You can view a list and the appearance of the Facebook social plugins here: https://developers.facebook.com/docs/plugins/.
Facebook is certified under the Privacy Shield agreement and thereby offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
When a user accesses a function of this website that contains this type of plugin, their device sets up a direct connection with Facebook’s servers. The content of the plugin is transmitted by Facebook directly to the user’s device and integrated into the website by the user. User profiles can be created from the processed data. We therefore have no influence on the scope of the data that Facebook collects with the aid of this plugin and hence inform users based on our level of knowledge.
By integrating the plugins, Facebook receives the information that a user has accessed the corresponding page of our website. If the user is logged on to Facebook, Facebook can assign the visit to their Facebook account. When users interact with the plugins, for example by clicking the Like button or posting a comment, the corresponding information is transmitted from their device directly to Facebook and stored there. If a user does not have a Facebook account, Facebook can still obtain and store their IP address. According to Facebook, only anonymised IP addresses are stored in Germany.
The purpose and scope of the data collected and the further processing and use of the data by Facebook, as well as the relevant rights and settings options for protecting users’ privacy, can be found in Facebook’s privacy policy.: https://www.facebook.com/about/privacy/.
If a user has a Facebook account and does not consent to Facebook collecting data about them via this website and linking it to their data stored on Facebook, they must log out of Facebook and delete their cookies before using our website. Additional settings and objections to the use of data for advertising purposes are available within Facebook’s profile settings: https://www.facebook.com/settings?tab=ads or via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. The settings are platform-independent, i.e. they are adopted for all devices, such as desktop computers or mobile devices.
The functions and content of the Twitter service, supplied by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, may be integrated within our website. This may include, for example, content such as images, videos or texts and buttons with which users can share content of this website within Twitter.
If the users have an account on the Twitter platform, Twitter can assign the access to the above-mentioned content and functions to the users’ profiles on the platform. Twitter is certified under the Privacy Shield agreement and thereby offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active). Privacy policy: https://twitter.com/de/privacy, opt-out: https://twitter.com/personalization.
The functions and content of the Instagram service, supplied by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA, may be integrated within our website. This may include, for example, content such as images, videos or texts and buttons with which users can share content of this website within Instagram. If the users have an account on the Instagram platform, Instagram can assign the access to the above-mentioned content and functions to the users’ profiles on the platform. Instagram privacy policy: http://instagram.com/about/legal/privacy/.
The functions and content of the Xing service, supplied by XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany, may be integrated within our website. This may include, for example, content such as images, videos or texts and buttons with which users can share content of this website within Xing. If the users have an account on the Xing platform, Xing can assign the access to the above-mentioned content and functions to the users’ profiles on the platform. Xing privacy policy: https://privacy.xing.com/de/datenschutzerklaerung.
The functions and content of the LinkedIn service, supplied by LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland, may be integrated within our website. This may include, for example, content such as images, videos or texts and buttons with which users can share content of this website within LinkedIn. If the users have an account on the LinkedIn platform, LinkedIn can assign the access to the above-mentioned content and functions to the users’ profiles on the platform. LinkedIn privacy policy: https://www.linkedin.com/legal/privacy-policy.. LinkedIn is certified under the Privacy Shield agreement and thereby offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active). Privacy policy: https://www.linkedin.com/legal/privacy-policy, opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
The functions and content of the Google+ platform, supplied by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”) may be integrated within our website. This may include, for example, content such as images, videos or texts and buttons with which users can share content of this website within Google. If the users have an account on the Google+ platform, Google+ can assign the access to the above-mentioned content and functions to the users’ profiles on the platform.
Google is certified under the Privacy Shield agreement and therefore guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). For more information on Google’s use of data, settings and opt-out options, please see Google’s privacy policy (https://policies.google.com/technologies/ads) and the settings for the display of advertisements by Google (https://adssettings.google.com/authenticated). Prepared using Datenschutz-Generator.de by Dr Thomas Schwenke, lawyer.
