Privacy policy
1. Overview and scope of application
This Privacy Statement provides information on how and for what purposes companies belonging to the HIAG Group ("we") process your personal data ("you"), which you disclose to us or which we collect from you. This Privacy Statement is not exhaustive. General terms and conditions (GTC) and similar documents from us may regulate other, more specific data protection issues.
The HIAG Group comprises the following companies:
- HIAG Immobilien Holding AG, CHE-102.997.860, Basel, Switzerland
- HIAG Immobilien Schweiz AG, CHE-105.977.210, Zurich, Switzerland
- HIAG Immobilien AG, CHE-175.797.334, Zurich, Switzerland
- HIAG Real Estate AG, CHE-235.824.735, Zurich, Switzerland
- HIAG Labs AG, CHE-442.151.061, Zurich, Switzerland
- HIAG Immobilier Léman SA, CHE-108.734.046, Geneva, Switzerland
- Léger SA, CHE-100.082.694, Grand-Lancy, Switzerland
- Pellarin-Transports SA, CHE-101.442.594, Grand-Lancy, Switzerland
- Weeba SA, CHE-101.691.677, Grand-Lancy, Switzerland
- Promo-Praille SA, CHE-106.474.644, Carouge GE, Switzerland
- Trans Fiber Systems SA, CHE-116.137.912, Menziken, Switzerland
"Personal data" refers to all data and information relating to an identified or identifiable natural person.
2. Controller and contact person
As the HIAG Group consists of a number of different companies, the company responsible for processing your personal data may vary. The HIAG Group company with which you correspond or conduct business, or which has referred you to this Privacy Statement in connection with an enquiry, contract or other correspondence, is responsible for the processing of your personal data within the scope of this Privacy Statement.
Depending on the nature of data processing, the companies of the HIAG Group may assume the role of controller or also the role of processor individually or jointly.
The contact person for any questions you may have regarding data protection, regardless of which HIAG company is responsible for processing your personal data in a particular case, is:
HIAG Immobilien Holding AG
The contact person for any questions you may have regarding data protection, regardless of which HIAG company is responsible for processing your personal data in a particular case, is:
HIAG Immobilien Holding AG
Aeschenplatz 7
4052 Basel
Switzerland
Tel.: +41 61 606 55 00
E-mail: dpo@hiag.com
If you have any questions about data protection, please contact us using the above addresses.
If you have any questions about data protection, please contact us using the above addresses.
3. Origin and categories of data
As a matter of principle, we only process the personal data that we receive or collect from our customers, interested parties, joint venture partners, suppliers and website visitors as part of our business activities. Insofar as this is permitted, we also obtain certain data from publicly accessible sources (such as the debt collection register, commercial register, press or Internet) or, in exceptional cases, receive such data from other companies, authorities or other third parties. If you provide us with the personal data of other persons (such as family members), we ask you to ensure that said persons are aware of this Privacy Statement, and only to share their personal data with us if you have been authorised to do so and if the personal data in question is accurate.
The personal data or categories of personal data that we process can include, but are not limited to, personal and contact details (e.g. name, address, telephone number and e-mail address), identification and background information (e.g. date of birth, gender, marital status, language, nationality, passport copies, specimen signatures, AHV number), contract data that we collect in connection with the initiation, conclusion and processing of contracts with you (e.g. products or services that you have claimed or requested and the associated behaviour and transaction data, as well as financial details for the purpose of payment such as bank account details), employment details (e.g. job title, title, function, workload, salary, bonus), transaction data (e.g. payment data, details of your payment order), pension details (e.g. capital withdrawals), tax data (all relevant documents and information, including but not limited to details of your religious denomination), property data (e.g. address, type of property, purchase price, market value, plot size, fixtures and fittings, year of construction, condition, modernisations and other data in connection with the review and processing of financing and/or the brokerage of real estate), information relating to mortgages (e.g. tax returns, salary data, marital status), communication data (e.g. e-mail content, written correspondence, social media posts, comments on websites, telephone conversations, video conferences, proof of identity, marginal data), documentation data or data from your contacts with third parties (e.g. consultation or meeting minutes, file notes, references), preference and marketing data (e.g. data on the use of our websites); data on the use of our services (e.g. data on the use of our websites or other digital offerings (mobile app etc.), data in connection with the marketing of services, such as newsletter subscriptions/unsubscriptions, documents received and special activities, personal preferences and interests), public data that can be obtained about you (e.g. land register and commercial register data, data from the media and the press), data in connection with proceedings or investigations conducted by authorities, official bodies, courts, organisations or other institutions, data to comply with legal requirements, such as preventing money laundering, image and sound recordings (e.g. photos, videos and sound recordings of events, recordings of video surveillance systems, recordings of telephone and video conference calls) and technical data (e.g. IP address and other device IDs, identification numbers assigned to your device by cookies and similar technologies).
The personal data or categories of personal data that we process can include, but are not limited to, personal and contact details (e.g. name, address, telephone number and e-mail address), identification and background information (e.g. date of birth, gender, marital status, language, nationality, passport copies, specimen signatures, AHV number), contract data that we collect in connection with the initiation, conclusion and processing of contracts with you (e.g. products or services that you have claimed or requested and the associated behaviour and transaction data, as well as financial details for the purpose of payment such as bank account details), employment details (e.g. job title, title, function, workload, salary, bonus), transaction data (e.g. payment data, details of your payment order), pension details (e.g. capital withdrawals), tax data (all relevant documents and information, including but not limited to details of your religious denomination), property data (e.g. address, type of property, purchase price, market value, plot size, fixtures and fittings, year of construction, condition, modernisations and other data in connection with the review and processing of financing and/or the brokerage of real estate), information relating to mortgages (e.g. tax returns, salary data, marital status), communication data (e.g. e-mail content, written correspondence, social media posts, comments on websites, telephone conversations, video conferences, proof of identity, marginal data), documentation data or data from your contacts with third parties (e.g. consultation or meeting minutes, file notes, references), preference and marketing data (e.g. data on the use of our websites); data on the use of our services (e.g. data on the use of our websites or other digital offerings (mobile app etc.), data in connection with the marketing of services, such as newsletter subscriptions/unsubscriptions, documents received and special activities, personal preferences and interests), public data that can be obtained about you (e.g. land register and commercial register data, data from the media and the press), data in connection with proceedings or investigations conducted by authorities, official bodies, courts, organisations or other institutions, data to comply with legal requirements, such as preventing money laundering, image and sound recordings (e.g. photos, videos and sound recordings of events, recordings of video surveillance systems, recordings of telephone and video conference calls) and technical data (e.g. IP address and other device IDs, identification numbers assigned to your device by cookies and similar technologies).
4. Processing purposes and legal foundations
4.1 Generally, within the scope of our business activities
We mainly process your personal data for those processing purposes that are necessary in connection with our business activities and the provision of our services. We process your personal data for purposes including, but not limited to, the following:
- To communicate with you, including to provide you with information or process your requests, to authenticate and identify you, for customer service and customer care.
- For the processing of contracts, specifically in connection with the initiation, conclusion and processing of contractual relationships (e.g. the letting of our commercial properties or rental flats and sale of our commercial properties or condominium units). This includes all data processing that is necessary or expedient to conclude, execute and, if necessary, enforce a contract, such as processing to decide whether and how (e.g. with which payment options) we enter into a contract with you (including credit checks); to provide contractually agreed services, e.g. to provide services and functions (including personalised service components); to invoice for our services and generally for the accounting and processing of applications (e.g. managing and evaluating applications, conducting interviews, including creating personality profiles, obtaining reference information); and to enforce legal claims arising from contracts (debt collection, legal proceedings, etc.).
- To provide our services and digital offerings (e.g. websites, mobile app) to you, and to analyse and improve them.
- To inform you about new developments (e.g. newsletters), or to send you other information about our services.
- To invite you to guided tours, visits or other events.
- For customer relationship management and marketing purposes, e.g. to send you written and electronic messages and offers.
- In connection with accounting, data archiving and the management of our archives.
- For training and education: We may process your personal data in order to organise internal training courses, and to train and develop our employees.
- When selling receivables, e.g. if we provide the purchaser with information about the reason for and amount of the receivable and, if applicable, the creditworthiness and behaviour of the debtor.
- For security measures, specifically for IT and building security (such as access controls, visitor lists, the prevention, defence against and investigation of cyber attacks and malware attacks, network and e-mail scanners, video surveillance, telephone recordings), as well as for the prevention and investigation of criminal offences and other misconduct, conducting internal investigations, protection against misuse, evidence purposes, data analysis to combat fraud, or the analysis of system-side recordings of the use of our systems (log data).
- In connection with corporate transactions or other acts under company law (e.g. due diligence, sale of companies, keeping share registers).
- For the assertion of legal claims and defence in connection with legal disputes and official proceedings in Switzerland and abroad, including the clarification of litigation prospects and other legal, economic and other issues.
- To comply with our legal and internal requirements and rules in Switzerland and abroad, including compliance with orders from a court or authority and investigations regarding business partners.
We process your personal data for the aforementioned purposes on the basis of the following legal foundations, depending on the situation:
- The processing of personal data is necessary for the fulfilment of a contract with you or precontractual measures.
- You have given your consent to the processing of your personal data.
- The processing of personal data is necessary for the fulfilment of a legal obligation.
- Processing is necessary in order to protect the vital interests of the data subject or of another natural person.
We have a legitimate interest in the processing of personal data, whereby our legitimate interests may include, but are not limited to, the following interests: providing good customer service; maintaining contact and communicating with customers, including outside of a contract; advertising and marketing activities; improving products and services and developing new ones; combating fraud and preventing and investigating offences; protecting customers, employees and other individuals as well as our data, trade secrets and assets; ensuring appropriate security (both physical and digital); ensuring and organising business operations, including the operation and ongoing development of websites and other systems; the management and development of business; the sale or purchase of companies, parts of companies and other assets; the enforcement or defence of legal claims; or compliance with Swiss and foreign law and other rules applicable to us.
4.2 When you visit our websites
Our websites collect a range of user information each time they are accessed, which is stored in the server log files. The information collected includes the IP address, the date and time of access, the time zone difference to the GMT time zone, the name and URL of the file accessed, the website from which access was made, the browser used and the operating system used. The collection of this information or data is necessary for technical reasons in order to display our websites to you and to ensure their stability and security. This information is also collected in order to improve the websites and analyse their use.
4.3 E-mail, telephone calls and video conferences
You can contact us via the e-mail address and telephone number provided. The personal data you send us will be stored by us and processed for the purpose of dealing with your enquiry.
If you contact us by e-mail, you authorise us to reply to you via the same channel. Please note that unencrypted e-mails are transmitted via the open Internet, which means that it cannot be ruled out that they can be viewed, accessed and manipulated by third parties. To the extent permitted by law, we exclude any liability on your part for circumstances including, but not limited to, faulty transmission, falsification of content or disruption of the network (outages, overloading, unlawful interventions, blocking).
Telephone and video conference calls with us may be recorded. If they are, we will inform you of this at the beginning of the call. If you do not want us to record such conversations, you have the option of breaking off the conversation at any time and contacting us in another way (for example by e-mail).
4.4 Contact form
You can contact us using the contact forms provided on our website. The personal data you send us will be stored by us and processed for the purpose of dealing with your enquiry.
4.5 Newsletter
If you subscribe to our newsletter, we will use your e-mail address and other contact details to send you the newsletter in question. The newsletter is sent using the mailing service provider Mailchimp, a newsletter mailing platform of The Rocket Science Group LLC d/b/a Mailchimp, Atlanta, USA. The privacy statement and other information for Mailchimp can be found here: https://mailchimp.com/de/gdpr/ and https://www.intuit.com/privacy/statement/.
You can subscribe to our newsletter by giving your consent. Your full name and e-mail address, which we store after you sign up, are required in order to send you a newsletter. The legal foundation for the processing of your data in connection with our newsletter is your consent to the sending of the newsletter in question. You can revoke your consent at any time and unsubscribe from the newsletter. You can declare your cancellation by clicking on the link provided in every newsletter e-mail, by sending an e-mail to our aforementioned e-mail address, or by sending a letter to the postal address provided.
You can subscribe to our newsletter by giving your consent. Your full name and e-mail address, which we store after you sign up, are required in order to send you a newsletter. The legal foundation for the processing of your data in connection with our newsletter is your consent to the sending of the newsletter in question. You can revoke your consent at any time and unsubscribe from the newsletter. You can declare your cancellation by clicking on the link provided in every newsletter e-mail, by sending an e-mail to our aforementioned e-mail address, or by sending a letter to the postal address provided.
4.6 Project recommendations
We can send you project recommendations by e-mail, independently of newsletters. In this way, we provide you with information about planned projects or the like (existing space) that you may be interested in on the basis of your recent purchases of products or services from us. You can object to this at any time. A notification in text form (e.g. e-mail or letter) to the aforementioned contact details is sufficient for this purpose. You will also find an unsubscribe link in every e-mail.
4.7 Cookies and other third-party services
Our websites may use "cookies" and other third-party services. Cookies are text files that are stored in the user's Internet browser or by the Internet browser on the user's computer system or mobile device. They contain a characteristic string of characters that enables the browser or mobile device to be uniquely identified when the website is accessed again. One purpose of cookies is to facilitate and simplify the use of our websites for you. Some of our websites' functions cannot be offered without the use of cookies ("essential cookies"). We also use cookies/tools to analyse users' behaviour on our websites, namely to measure reach, as well as for marketing purposes.
The other services of third-party providers are services integrated into our websites that may result in your data being disclosed to the third-party provider via the use of our websites and/or the services of the third-party provider (e.g. social media plug-ins, Google Maps, YouTube, reCAPTCHA, display of product information).
4.7.1 Essential cookies
Essential cookies are required for our websites to function. As a result, these cookies cannot be deactivated in our systems. They usually record important actions, such as the number of requests made, changes to your privacy settings, or the filling out of forms. You can block these cookies in your browser, but some parts of our website may no longer function if you do.
4.7.2 Analytical and marketing cookies
Analytical cookies enable us to analyse visitor behaviour and traffic sources so that we can measure the performance of our websites and improve the user experience. They help us to see how popular which pages are, and show how visitors navigate our websites. Marketing cookies make it possible to show you advertisements that are relevant to you. These cookies can remember that you have visited our website, and pass this information on to other companies, including other advertisers.
In our cookie settings, you can see exactly which analysis and marketing cookies and third-party services we use. We have no influence over the data collected or the data-processing procedures of cookie providers and third-party services. These are subject to the respective privacy policies of the cookie providers or third-party service providers. More information about the purpose and scope of data collection and its processing by the cookie providers or third-party service providers can be found in the privacy policies of those providers. If and insofar as we use analysis and marketing cookies and third-party services, we will obtain your consent to do so. You can also object to the use of cookies or third-party services, for example (i) by selecting the relevant settings in your browser, (ii) by using add-ons for your browser (such as NoScript (http://noscript.net/)) or (iii) by using cookie blocker software (e.g. ghostery).
4.8 Use of mobile apps
By voluntarily using a mobile app, current location data may be transmitted to us or to third parties who process this data on our behalf. Other data that may be stored includes the information you enter, your name, address, e-mail address and telephone number, as well as device-specific information such as the MAC address, cookie information and pages accessed.
4.9 Applications
You can submit your application for a vacancy to us by post or by e-mail. We will only process the application documents and all personal data disclosed to us for the purpose of processing your application for employment with us. Without your consent to the contrary, your application file will either be returned to you or deleted/destroyed once the application process has been completed, unless it is subject to a statutory retention obligation. If an employment contract is concluded, the application file will be included in the personnel files. The legal foundation for the processing of your data is your consent, the fulfilment of the contract with you, and our legitimate interests.
5. Disclosure of personal data to recipients and abroad
5.1 Disclosure of personal data to recipients
In addition to transferring data to recipients expressly mentioned in this Privacy Statement, we may disclose personal data to the following categories of recipients, to the extent permitted:
- providers to whom we have outsourced certain services (e.g. IT and hosting providers, advertising and marketing services, accounting and/or asset management, debt collection services, photographers, payment service providers) and other suppliers and subcontractors;
- other companies in the HIAG Group;
- external administrators;
- craftsmen, planners and architects;
- brokers;
- buyers of a property;
- advisory service providers, e.g. tax consultants, lawyers;
- our joint venture partners;
- pension funds;
- third-party providers of software applications used by customers in connection with our services;
- credit reference agencies, which store this data for credit reports;
- third parties who collect data about you via the website;
- prospective buyers or investors in the case of corporate transactions or other corporate actions;
- auditors;
- parties to potential or actual legal proceedings or disputes;
- domestic or foreign authorities, official bodies or courts.
5.2 Disclosure of personal data abroad
We generally process your personal data in Switzerland. However, in exceptional cases (for example when using certain service providers or certain software applications), your personal data may also be transferred abroad, mainly to the member states of the European Union and the EEA, but in some cases also to other countries around the world, including but not limited to the USA (primarily in connection with cookies, social media plug-ins and other software applications from third-party providers, such as reCAPTCHA).
If we transfer data to a country without adequate statutory data protection, we ensure an adequate level of protection as provided for by law by using appropriate contracts (namely on the basis of the European Commission's standard contractual clauses) or rely on the statutory exceptions of consent; contract processing; the establishment, exercise or enforcement of legal claims; overriding public interest; published personal data; or because it is necessary to protect the integrity of the data subjects. Nevertheless, we would like to point out that data transmitted abroad is no longer protected by Swiss law, and that foreign laws and official orders may require the disclosure of this data to authorities and other third parties.
6. Retention period
We process and store your personal data for as long as it is necessary for the fulfilment of our contractual and legal obligations or otherwise for the purposes pursued with the processing, or for as long as there is another legal foundation for it (e.g. statutory retention periods). We retain personal data that we hold on the basis of a contractual relationship with you for at least as long as the contractual relationship exists, limitation periods for possible claims by us run, or contractual retention obligations apply. As soon as your personal data is no longer required for the aforementioned purposes, it will generally and as far as possible be deactivated, deleted or anonymised.
7. Your rights
You have a right to information, rectification and erasure, the right to restrict data processing and otherwise to object to our data processing, and to the disclosure of certain personal data for the purpose of transfer to another organisation ("data portability") within the scope of the data protection law applicable to you and to the extent provided for therein. Please note, however, that we reserve the right to claim the restrictions provided for by law, for example if we are obliged to store or process certain data, have an overriding interest in doing so (insofar as we are entitled to invoke this), or need it for the assertion of claims. If you incur any costs, we will inform you in advance.
If data is processed on the basis of your consent, you can revoke your consent at any time with effect for the future. However, this does not affect the lawfulness of the processing carried out on the basis of your consent until you revoked it.
Exercising such rights generally requires that you unambiguously prove your identity (for example using a copy of your ID card if your identity is otherwise not clear or cannot be verified). To assert your rights, you can contact us at the address given in section 2 of this Privacy Statement.
If data is processed on the basis of your consent, you can revoke your consent at any time with effect for the future. However, this does not affect the lawfulness of the processing carried out on the basis of your consent until you revoked it.
Exercising such rights generally requires that you unambiguously prove your identity (for example using a copy of your ID card if your identity is otherwise not clear or cannot be verified). To assert your rights, you can contact us at the address given in section 2 of this Privacy Statement.
Every data subject also has the right to enforce their claims in court or to lodge a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).
8. Data security
We take appropriate technical and organisational security measures to protect the security of your personal data, and specifically to protect it against unauthorised or unlawful processing and to counteract the risk of loss, unintentional alteration, accidental disclosure or unauthorised access. However, like all companies, we cannot rule out data security breaches with absolute certainty because certain residual risks are unavoidable. As part of our security measures, we use firewalls, logging and encryption, we have authorisation concepts in place, and we have implemented other measures to ensure that personal data is protected as completely as possible.
9. Amendments to this Privacy Statement
We expressly reserve the right to amend this Privacy Statement at any time. If such amendments are made, we will publish the amended Privacy Statement on our websites without delay. The most recent Privacy Statement published on our websites is always valid.