1. What is this Privacy Policy about?

Immofonds Asset Management AG, Rämistrasse 30, 8001 Zurich, Switzerland (Immofonds, we or us) processes personal data relating to you or other persons in various ways and for various purposes.

"Personal data" refers to information that can be associated with a specific person, and "process" (hereinafter also "processing") means any handling of it, e.g. collection, use and disclosure.

This Privacy Policy explains how and for what purposes we collect, process and use personal data (including in connection with the website www.immofondssuisse.com ("our website"), but also beyond). It also applies if you apply directly via the careers page on our website or by email or otherwise come into/maintain contact with us. The responsible handling of personal data is an important concern for us.

For easier readability, we use masculine designations in this Privacy Policy, but mean persons of all genders.

We have aligned this Privacy Policy with both the Swiss Data Protection Act (DPA) and the European General Data Protection Regulation (GDPR). When the Privacy Policy refers to "personal data," this also includes "personal data" as defined in the GDPR. However, whether and to what extent the GDPR is applicable depends on the individual case.

Please take the time to read this Privacy Policy to understand how and why Immofonds processes your personal data, how Immofonds protects your personal data, and to learn more about your rights. If you have questions or would like more information about our personal data processing, we are happy to assist (Section 2).

2. Who is responsible for processing your personal data?

For the personal data processing according to this Privacy Policy, the following can be considered as "Controller," i.e. the entity primarily responsible under data protection law:

Immofonds Asset Management AG
IMMOFONDS Immobilien AG
Immosol AG
Alba d'Oro SA
Colleverde SA
Garbata SA
Gioiosa SA

If you have questions about data protection, please feel free to contact the following address:

Email: dataprotection@immofondssuisse.com
Phone: +41 44 511 99 30

3. What personal data do we process?

Depending on the purpose, we process different categories of personal data. For your orientation, you will find the most important categories below. However, in individual cases we may also process additional personal data. Information on the purposes of this processing can be found in Section 4.

  • Master data: We refer to data that directly relate to your person and characteristics as master data (e.g. for newsletter registration or direct application on our website), such as title, first and last name, address, email address, date and place of birth, information from identification documents, application documents (cover letter, CV, references, etc.).
  • Communication data: We refer to data in connection with our communication with you and possibly with third parties concerning you as communication data, e.g. when you contact us via contact form or other means of communication. This includes in particular name and contact details such as address, email address and phone number, content of emails, online messages and written correspondence, recordings of phone calls or video calls. This also includes information about the type, time and place of communication as well as other metadata of communication.
  • Technical data: Technical data is generated in connection with the use of our website. This includes in particular the IP address and certain other technical data to ensure the function and security of our website. This also includes logs in which the use of our systems is recorded, as well as data in connection with the devices you use (e.g. information about the device manufacturer, device ID, browser or device ID). This also includes information about your movements and actions on our website, information about your operating system, your approximate location and the time of use. To ensure the function of our website, we may also assign you or your system an individual identification number (ID) (e.g. by means of cookies or similar technologies so that we can recognize it, see Section 6). We generally cannot deduce who you are from technical data unless you register for the newsletter, for example. In this case, we can connect technical data with master data – and thus with your person.
  • Contract data: As part of our contractual relationships, we record, in addition to master data, the respective performance obligations, remuneration owed and provided, services rendered and related time information.
  • Behavioral data: To best align our offers and services with you, we process data about your behavior. Behavioral data is information about your use of our website. It can also be collected based on technical data. This includes, for example, your specific behavior on our website, information about your use of electronic communications (e.g. whether and when you opened an email or clicked a link, particularly when sending newsletters). For this purpose, we can link behavioral data with other data (e.g. with anonymous information from statistical offices) and evaluate this data on a personal and non-personal basis.
  • Preference data: Preference data gives us insight into what needs you likely have and which services might be of interest to you (e.g. when selecting topic areas for the newsletter or download preferences for our documents). Therefore, we also process data about your interests and preferences. For this purpose, we can link behavioral data with other data and evaluate this data on a personal and non-personal basis. This allows us to draw conclusions about characteristics, preferences and likely behavior.
  • ESG data: This includes data that we evaluate as part of our efforts to improve in the areas of Environmental, Social and Governance (ESG), which may particularly include data on energy consumption, water consumption and waste generation.

4. For what purposes do we process your personal data?

We use your personal data for the following purposes:

  • For communication purposes, that is, to contact you and maintain contact with you. This includes answering inquiries and contacting you with follow-up questions, e.g. by email. For this purpose, we particularly process your communication and master data.
  • For the conclusion and execution of our contracts with our customers and business partners, also in relation to the purchase of products and services from our suppliers and subcontractors.
  • For offering and developing our offers, services and website.
  • To review an online application: The processing of your application data is for filling positions within our company. Your personal data, especially communication and master data, will only be forwarded to the internal departments of our company responsible for the specific application process.
  • For customer care and marketing purposes, to inform you about offers in a targeted manner according to your personal interests and preferences, e.g. through newsletters and personalized advertising. For this purpose, we particularly process technical data, master and communication data, as well as your preference and behavioral data.
  • To comply with legal requirements: This includes, for example, receiving and processing complaints and other reports, compliance with court or authority orders, measures to detect and investigate abuses, and generally measures to which we are obligated under applicable law, self-regulation or industry standards. For this purpose, we may particularly process your master and communication data.
  • To ensure IT security and prevention: We process personal data for security purposes, to ensure IT security, for theft, fraud and abuse prevention, and for evidentiary purposes. This includes, for example, the evaluation of system-side recordings of the use of our systems (log data), preventing, defending against and investigating cyber attacks and malware attacks, analyses and tests of our networks and IT infrastructures, system and error checks. For this purpose, we particularly process technical data.
  • For legal protection: We may also process personal data to enforce claims in court, pre-trial or out-of-court and before authorities at home and abroad or to defend ourselves against claims. For this purpose, master and communication data in particular may be processed.
  • For group-internal administration and support: To efficiently organize our internal processes, we process personal data to the extent necessary for IT administration, accounting, data archiving or training and education. For this purpose, communication, preference and behavioral data as well as technical data may be processed.
  • To pursue our portfolio management strategy: This serves to ensure smooth management of our properties. The specific purposes of data processing arise from the respective service (e.g. creation of needs analyses, valuations and evaluations, property management and care).
  • To pursue our ESG strategy: As part of the corresponding reporting, we rely on data that allows conclusions about the sustainable use of our properties.

5. How do we collect personal data?

You provide us with much of the data listed in Section 3 yourself. In particular, you usually provide us with master and communication data yourself (e.g. via the contact form, when registering for the newsletter or when submitting your application via our website, by email, online messengers, video call, phone). However, you are not obligated to do so.

We also collect personal data ourselves or automatically, e.g. when you download information documents on our website or click on a link in one of our newsletters. We may also derive personal data from already existing personal data, e.g. through the evaluation of behavioral data.

We may also receive your personal data from third parties or in cooperation with third parties. Third parties may be advertising partners.

Under certain circumstances, we also access publicly available databases. Where necessary, we use search results on the web, for example, to reach you or to update your information.

We also use various technologies on our website with which we and third parties we engage can recognize you when you use the website again (see Section 6). This allows us to distinguish accesses from you from those of other users and thereby ensure the functionality of our website and perform evaluations and controls. We generally do not draw conclusions about your identity.

6. Information about cookies and similar technologies

6.1. What are cookies and similar technologies?

Cookies are files that your browser automatically stores on your device when you visit our website. Cookies contain a unique identifier (an ID) through which we can distinguish individual visitors from others, but without identifying them. Depending on the purpose, cookies contain additional information, e.g. about pages accessed and the duration of a visit to a page. On the one hand, we use session cookies, which are deleted when you close the browser, and on the other hand, persistent cookies, which remain stored for a certain period after closing the browser (for cookie storage duration, see the "Cookie Settings" link on our website) and serve to recognize visitors on a later visit.

We may also use similar technologies such as pixel tags, fingerprints, and other technologies for storing data in the browser. Pixel tags refer to small, usually invisible images or program code that are loaded from a server and thereby transmit certain information to the server operator, e.g. whether and when a website was visited. Fingerprints are information collected during your website visit about the configuration of your device or browser, making your device distinguishable from other devices. Most browsers also support other technologies for storing data in the browser, similar to cookies, which we may also use (e.g. "Web Storage").

6.2. What types of cookies and similar technologies do we use?

We use the following types of cookies and similar technologies:

  • Necessary cookies help us make our website usable by enabling basic functions such as page navigation and access to secure areas of the website. Our website cannot function properly without these cookies.
  • Preference cookies enable – if you consent – storing previously entered information that affects the appearance or content of the website, such as your preferred language or the region in which you are located.
  • Statistics cookies help us – if you consent – understand how you interact with our website by collecting and reporting information anonymously. These cookies serve to simplify and speed up visits to the website and to generally improve user-friendliness.
  • Marketing cookies help us and our advertising partners – if you consent – address you with advertising on our website and on third-party websites for products or services that may be of interest to you, or to display our advertisements during your continued internet use after visiting our website.

6.3. How do we use cookies?

We use cookies for the following purposes:

  • Saving settings between your visits,
  • Determining whether and how we can improve our website,
  • Collecting statistical data on the number of users and their usage habits and improving website speed and performance.

You can delete cookies at any time via the settings in your internet browser or also block additional cookies (see 6.4).

6.4. How can cookies and similar technologies be deactivated?

When accessing our website, you have the option via cookie banner to activate or deactivate certain categories of cookies. You can also activate or deactivate cookies at any time under the "Cookie Settings" link. Furthermore, you can configure your browser in the settings to block certain cookies or similar technologies or to delete existing cookies and other data stored in the browser. You can also extend your browser with software (so-called "plug-ins") that blocks tracking by certain third parties. You can find more about this in your browser's help pages (usually under the keyword "Privacy"). Please note that our website may no longer function fully if you block cookies and similar technologies.

6.5. Cookies from partners and third parties on our website

We use third-party services to measure and improve the user-friendliness of the website and online advertising campaigns. For this purpose, we may integrate third-party components into our website, which in turn may use cookies. Third-party providers may also be located outside Switzerland and the EU/EEA, provided that the protection of your personal data is ensured in an appropriate manner (see Section 11).

For example, we use analysis services to evaluate how you use our website in order to optimize and personalize it. Cookies and similar technologies from third-party providers also enable them to address you with individualized advertising on our website or on other websites as well as on social networks that also work with this third party, and to measure how effective advertisements are (e.g. whether you came to our website via an advertisement and what actions you then performed on our website).

Third-party providers may record the use of the relevant website. These recordings can be linked by the respective provider with similar information from other websites. The behavior of certain users can thus be recorded across multiple websites and multiple devices. The respective provider can often also use this data for its own purposes, e.g. for personalized advertising on its own website and on other websites it supplies with advertising. If users are registered with the provider, the provider can assign the usage data to the relevant person. The processing of such personal data here is done by the provider under its responsibility and according to its own privacy policy.

One of the most important third-party providers is Google. You will find additional information about this below. Other third-party providers generally process personal and other data in a similar manner.

We use Google Analytics on our website, an analysis service from Google LLC (1600 Amphitheatre Parkway, Mountain View, CA, USA) and Google Ireland Ltd. (Google Building Gordon House, Barrow St, Dublin 4, Ireland; both together "Google", with Google Ireland Ltd. responsible for processing personal data). Google uses cookies and similar technologies to collect certain information about the behavior of individual users on or in the relevant website and the device used for this (tablet, PC, smartphone, etc.). Google collects information about user behavior on the website and the device used and provides us with evaluations on this basis, but also processes certain data for its own purposes. We have configured Google Analytics so that IP addresses of visitors in Europe are shortened before being forwarded to the USA. Information about privacy at Google Analytics can be found here. You can deactivate Google Analytics by installing a corresponding browser add-on.

A list of our currently used cookies is available on our website under "Cookie Settings".

7. Use of social plugins

We offer you the option to use a "social media button" from LinkedIn on our website. This button leads to the LinkedIn profile of Immofonds Asset Management AG. The responsibility for data protection-compliant operation lies with LinkedIn.

We therefore recommend that you read LinkedIn's privacy policy. You can find it here.

8. Sending newsletters

If you fill out the contact form for the newsletter on our website, you thereby give us your consent to use your first and last name, your title and your email address to send you electronic newsletters, notifications, updates or invitations to events as well as other information by email. If you receive electronic advertising from us and no longer wish to do so, you can unsubscribe free of charge at any time via the link in the relevant emails.

Maylchimp's privacy policy can be found at: https://mailchimp.com/legal

9. On what legal bases does data processing rest?

We process your personal data based on the following legal bases, provided such is required under applicable data protection law:

  • based on your consent;
  • for contract fulfillment including pre-contractual measures, e.g. in connection with the review of a job application or when purchasing services or goods;
  • for asserting or defending legal claims or civil proceedings;
  • for compliance with legal and regulatory requirements;
  • if we have a legitimate interest in data processing, which must be determined on a case-by-case basis.

10. To whom do we disclose your personal data?

In connection with the purposes listed in Section 4, we also disclose personal data to third parties.

We may share personal data that we receive from you or from third-party sources with other companies in the Immofonds Group. Disclosure may serve group-internal administration or support of the relevant group companies and their own processing purposes, e.g. for personalizing marketing activities or developing and improving services.

We also disclose to service providers the personal data necessary for their services. These service providers, especially IT service providers, are subject to contractual and/or statutory confidentiality and data protection obligations.

Insofar as service providers process personal data as processors, they are obligated to process personal data exclusively according to our instructions and to take appropriate data security measures. In this case, we have concluded the corresponding data processing agreements. Certain service providers are also jointly responsible with us or independently responsible.

Through the selection of service providers and appropriate contractual agreements, we ensure that data protection is ensured throughout the entire processing of your personal data.

In individual cases, it is also possible that we disclose personal data to other third parties also for their own purposes, e.g. if you have given us your consent or if we are legally obligated or entitled to do so. In these cases, the recipient of the data is an independent controller under data protection law.

11. Do we disclose personal data abroad?

As explained in Section 10, not only we process your personal data, but also service providers. These are not only located in Switzerland. Your data may therefore also go abroad and be processed worldwide outside the EU or the European Economic Area (EEA) (particularly in the USA). The laws of third countries, such as those of the USA, currently do not guarantee a level of data protection corresponding to Swiss law. We therefore take contractual precautions to contractually compensate for weaker legal protection, insofar as data protection law does not otherwise permit disclosure in individual cases for other reasons. These precautions include in particular the standard contractual clauses issued or recognized by the European Commission and the Swiss Federal Data Protection and Information Commissioner (FDPIC).

Please contact us at the address provided if you would like more information about this or a copy of our data transfer contracts.

12. Do we conduct profiling?

"Profiling" means the automated processing of personal data to analyze personal aspects or make predictions, e.g. the analysis of personal interests, preferences, affinities and habits or the prediction of likely behavior. Preference data (Section 3) in particular can be derived through profiling.

Profiling can be carried out, for example, in the automated processing

  • of master and communication data, e.g. your response to communications;
  • of behavioral, preference and technical data in connection with the use of our website;
  • of information in connection with attending events

Profiling helps us, for example, to continuously improve our offers, to present our content and offers to you according to your needs, to provide you with only advertising and offers that are probably relevant to you.

13. How long do we process your personal data?

We store your data in personal form for as long as it is necessary for the specific purpose for which we collected it and as long as we have a legitimate interest in retaining your personal data (e.g. performance of contracts, to enforce or defend legal claims, for archiving purposes or for the benefit of IT security). We also store your personal data as long as they are subject to a legal retention obligation. After these periods expire, we delete or anonymize your personal data.

Regarding cookies, you will find information on the retention period under the "Cookie Settings" link.

14. How we protect your personal data

We take appropriate security measures of a technical and organizational nature to protect your personal data against unauthorized or unlawful access and processing, and to counteract the risk of loss, unintentional alteration or unwanted destruction of data. We continuously improve our security measures in accordance with technological developments.

15. What rights do you have?

Depending on applicable law, you have certain rights so that you can obtain further information about our data processing and influence it:

  • Right of access: You have the right to request information about the personal data we hold about you and about how we process the information.
  • Right to data portability: Under certain circumstances, you have the right to transfer your data from one controller to another. For this purpose, we provide you with the personal data that you have provided to us in a structured, common and machine-readable format so that you can transmit the data. Alternatively, we can also transfer it directly for you.
  • Right to rectification: You can have incorrect or incomplete personal data corrected or completed or supplemented with a statement of dispute.
  • Right to erasure: You have the right to request the deletion or destruction, or the anonymization of your personal data. You also have the right to request the restriction of the processing of your personal data.
  • Objection and withdrawal: You can object to our processing for certain purposes (e.g. processing for marketing purposes). You have the right to withdraw consent given at any time with effect for the future, insofar as processing is based on consent. Please note that even after you have withdrawn your consent, we are entitled to continue processing your personal data to the extent legally permissible.

To exercise your rights, you can contact us at the address mentioned (Section 2). We usually have to verify your identity (e.g. through a copy of ID). Please note that your rights may be limited or excluded in individual cases, e.g. if there are doubts about your identity or if this is necessary to protect other persons, to safeguard legitimate interests or to comply with legal obligations.

You also have the right to submit a complaint regarding the manner of processing your personal data to a competent supervisory authority. Basically, this is the supervisory authority of the state in which you reside.

The competent supervisory authority in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

The contact addresses of the supervisory authorities of the EU/EEA member states can be found here.

 

Zurich, June 2023