Skip to content

Privacy Policy

General information

In this Privacy Policy, we, Swiss Prime Site AG, explain how we collect and otherwise process personal data. It is not an exhaustive description; other privacy policies or general terms and conditions, terms and conditions of participation and similar documents may govern specific matters. Personal data is any information that relates to an identified or identifiable person. 

If you provide us with personal data relating to other individuals (e.g. family members, information regarding work colleagues), please ensure that these individuals are aware of this Privacy Policy and only disclose their personal data to us if you are permitted to do so and this personal data is correct. 

This Privacy Policy is designed to meet the requirements of the EU General Data Protection Regulation (‘GDPR’), the Swiss Federal Act on Data Protection (‘FADP’) and the revised Swiss Federal Act on Data Protection (‘nFADP’). However, whether and to what extent these laws are applicable depends on the individual case.

Controller/data protection officer/representative

The controller for the data processing described herein is the following (unless stated otherwise in individual cases):

Swiss Prime Site Immobilien AG
Hardstrasse 201
8005 Zurich, Switzerland
+41 58 317 17 17

emilia.nenakhova@sps.swiss
sps.swiss

If you have any concerns relating to data protection, you can contact us at the above address.

Collection and processing of personal data

We primarily process personal data that we receive from our customers, business partners and other participating individuals as part of our business relationship with them or that we collect from users when operating our websites, apps and other applications.

To the extent permitted, we also obtain certain pieces of data from publicly accessible sources (e.g. debt collection registers, land registers, commercial registers, the press, the internet) or receive such data from other companies, authorities and other third parties. In addition to the data you provide to us directly, the categories of personal data that we receive about you from third parties include, in particular, information from public registers, information that we learn in connection with official and judicial proceedings, information in connection with your professional roles and activities (e.g. so that we can conclude and process transactions with your employer with your help), information about you in correspondence and meetings with third parties, credit information (insofar as we conduct business with you personally), information about you that people close to you (family, advisers, legal representatives, etc.) disclose so that we can conclude or process contracts with you or with your involvement (e.g. references, your address for deliveries, authorisations, information required to comply with legal requirements such as anti-money-laundering rules and export restrictions, information from banks, insurance companies, our sales partners and other contractual partners regarding the use or provision of services by you (e.g. payments made, purchases made), information from the media and the internet about you (insofar as this is appropriate in the specific case e.g. as part of an application, press review, marketing/sales, etc.), your addresses and, if applicable, interests and other socio-demographic data (for marketing), data in connection with the use of the website (e.g. IP address, MAC address of the smartphone or computer, information about your device and settings, cookies, date and time of the visit, pages and content accessed, functions used, referring website, location information).

Purposes of data processing and legal bases

The personal data we collect is primarily used to fulfil our contractual obligations towards customers and business partners. This also includes purchasing products and services from our suppliers and subcontractors. Additionally, we use this data to comply with our legal obligations both in Switzerland and abroad. If you work for such a customer or business partner, you and your personal data may, of course, also be affected by this.

 In addition, we process personal data relating to you and other individuals, to the extent permitted and deemed appropriate to us, for the following purposes, in which we (and sometimes third parties as well) have a legitimate interest that corresponds to the purpose:

 Providing and refining our offers, services and websites, apps and other platforms on which we have a presence;
Communicating with third parties and processing their enquiries (e.g. applications, media enquiries);
Reviewing and optimising processes for needs analysis for the purpose of contacting customers directly and collecting personal data from publicly available sources for the purpose of customer acquisition;
Advertising and marketing (including holding events), provided that you have not objected to the use of your data (if you are an existing customer of ours and we send you advertising, you can object to this at any time, and we will then place you on a list to avoid any further advertising being sent);
Market and opinion research, media monitoring;
Asserting legal claims and defences in connection with legal disputes and official proceedings;
Preventing and clarifying criminal offences and other instances of misconduct (e.g. conducting internal investigations, data analyses to combat fraud);
Safeguarding our operations, in particular IT, our websites, apps and other platforms;
Video surveillance to safeguard access rights and other measures for IT, building and system security and protecting our employees and other persons and assets belonging to or entrusted to us (such as access controls, visitor lists, network and mail scanners, telephone recordings);
Purchasing and selling business areas, companies or parts of companies and other corporate law transactions and transferring personal data in connection with this, as well as business management measures and compliance with legal and regulatory obligations and internal regulations of Swiss Prime Site AG.
If you have given us consent to process your personal data for specific purposes (e.g. when signing up to receive newsletters or for conducting a background check), we process your personal data within the scope of and based on this consent if we do not have any other legal basis and we require such a basis. You can withdraw your consent at any time, but this will not have any effect on data processing that has already taken place.

Cookies/tracking and other technologies related to the use of our website

Our websites typically use cookies and similar technologies that can be used to identify your browser or device. A cookie is a small file that is sent to your computer or automatically stored on your computer or mobile device by the web browser you use when you visit our website. This allows us to recognise you when you visit this website again, even if we do not know who you are. In addition to cookies that are only used during a session and are deleted after your website visit (session cookies), cookies can also be used to store user settings and other information for a certain period of time (e.g. two years; persistent cookies). However, you can adjust your browser’s settings so that it rejects cookies, only stores them for one session or otherwise deletes them prematurely. Most browsers are set to accept cookies by default. We use persistent cookies so that you can store user settings (e.g. language, auto login), so that we can better understand how you use our offers and content and so that we can show you offers and advertisements tailored to you (including on other companies’ websites; however, we will not inform them of your identity, if we even know this ourselves, because they only see that their website is being used by the same person who was also on a particular page of ours). Some of the cookies are set by us, but some are set by contractual partners who we work with. If you block cookies, certain functionalities (such as language selection, shopping cart, ordering processes) may no longer work. 

To the extent permitted, we also incorporate visible and invisible image elements into our newsletters and other marketing emails. When they are retrieved from our servers, we can determine whether and when you opened the email, so that we can also measure and better understand how you use our services and how we can tailor them to you. You can block this in your email program; most are set to do so by default.

By using our websites and consenting to receive newsletters and other marketing emails, you consent to the use of these technologies. If you do not want this, you must adjust your browser’s or email program’s settings accordingly.

We sometimes use Google Analytics or similar services on our websites. This is a service provided by third parties that may be located in any country in the world (in the case of Google Analytics, this is Google Ireland (based in Ireland); in the process, Google Ireland relies on Google LLC (based in the USA) as the processor (both ‘Google’), www.google.com), with which we can measure and evaluate the use of the website (without this being linked to you as an individual). Persistent cookies set by the service provider are also used for this purpose. We have configured the service in such a way that the IP addresses of visitors in Europe are truncated by Google before they are forwarded to the USA and thus cannot be traced. The service provider does not receive any personal data from us (and does not store any IP addresses). We have deactivated the ‘Data sharing’ and ‘Signals’ settings. Although we may assume that the information we share with Google is not considered to be personal data by Google, it is possible that Google may be able to use this information to determine the identity of visitors for its own purposes, create personal profiles and link this information to the Google accounts of these individuals. If you have registered with the service provider yourself, the service provider will also be aware of you. In this case, your personal data is processed by the service provider under the responsibility of this service provider in accordance with its data protection regulations. The service provider only tells us how our respective website is used (no information about you personally). 

We also use plug-ins from social networks such as Facebook, Twitter, YouTube, Pinterest and Instagram on our websites. This is always visible to you (typically via the corresponding symbols). We have configured these elements to be disabled by default. If you activate them (by clicking on them), the operators of the respective social networks may register that you are on our website – and where – and can use this information for their own purposes. In this case, your personal data is processed under the responsibility of this operator in accordance with its data protection regulations. We do not receive any information about you from them.

Disclosure and transfer of data abroad

Within the scope of our business activities and the purposes set out in section 3, we also disclose information to third parties to the extent permitted and deemed appropriate, either because they process it for us or because they want to use it for their own purposes. This applies, in particular, to:

Our service providers, including contract processors;
Retailers, suppliers, subcontractors and other business partners;
Customers;
Authorities, official bodies or courts in Switzerland and abroad;
The media;
The general public, including visitors to websites and social media;
Competitors, industry organisations, associations, organisations and other bodies;
Purchasers or parties interested in acquiring business units, companies or other parts of Swiss Prime Site AG;
Other parties in potential or actual legal proceedings;
Other companies of Swiss Prime Site AG;
hereinafter collectively referred to as the ‘recipients’.

Some of these recipients are located in Switzerland. In particular, you must expect that your data will be transmitted to all countries in which Swiss Prime Site AG is represented by group companies, branches or other offices, as well as to other European countries and the USA where the service providers we use are located (such as Microsoft, SAP, Amazon, Salesforce.com).

If a recipient is located in a country without adequate statutory data protection, we contractually oblige the recipient to comply with the applicable data protection (we use the European Commission’s revised standard contractual clauses for this purpose, which can be found here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?), unless they are already subject to a legally recognised set of rules to ensure data protection and we cannot rely on an exception clause. An exception may apply in the case of legal proceedings abroad, but also in cases of overriding public interest or if contract processing requires such disclosure, if you have given your consent or if the data in question has been made generally accessible by you and you have not objected to its processing.

Retention period for personal data

We process and store your personal data for as long as is necessary to fulfil our contractual and statutory obligations or for as long as required for the purposes pursued by the processing, i.e. for the entire duration of the business relationship (from the initiation and execution of a contract to its termination) and beyond that in accordance with the statutory obligations regarding retention and documentation. It is possible that personal data will be retained for the period during which claims can be asserted against our company and insofar as we are otherwise legally obliged to do so or legitimate business interests require it (e.g. for evidentiary and documentation purposes). As soon as your personal data is no longer required for the above-mentioned purposes, it will be erased or anonymised to the extent possible. Shorter retention periods of 12 months or less generally apply to operational data (e.g. system records, logs).

Data security

We take appropriate technical and organisational security precautions to protect your personal data from unauthorised access and misuse, such as issuing directives, training, IT and network security solutions, access controls and restrictions, encryption of data carriers and transfers, pseudonymisation and controls.

Obligation to provide personal data

As part of our business relationship, you must provide the personal data necessary for the establishment and execution of a business relationship and the fulfilment of the related contractual obligations (as a rule, you do not have a legal obligation to provide us with data). Without this data, we will generally not be able to conclude or process a contract with you (or the body or person you represent). Similarly, it is not possible to use the website if certain pieces of information required to ensure data transfer (such as your IP address) are not disclosed.

Profiling

We process your personal data in a semi-automated manner with the aim of evaluating certain personal aspects (profiling). In particular, we use profiling to provide you with targeted product information and advice. In so doing, we use evaluation tools that enable us to tailor our communication and advertising, including market and opinion research.

In principle, we do not use fully automated decision-making tools (as regulated by Art. 22 GDPR) to establish and implement the business relationship or otherwise. Should we use such procedures in individual cases, we will notify you of this separately if this is required by law and inform you of the associated rights.

Rights of the data subject

Within the scope of the data protection law that applies to you and to the extent provided for therein (as in the case of the GDPR), you have the right of access, the right to rectification, the right to erasure, the right to restrict data processing and otherwise the right to object to our data processing, in particular data processing for the purposes of direct marketing, profiling carried out for direct marketing and other legitimate interests in processing, and the right to the provision of certain pieces of personal data for the purpose of transferring them to another body (data portability). Please note, however, that we reserve the right to enforce the restrictions provided for by law, for example if we are obliged to retain or process certain pieces of data, have an overriding interest in them (insofar as we may invoke this) or require them to assert claims. If you will incur any costs, we will notify you of this in advance. We have already informed you about the option of withdrawing your consent in section 3. Please note that exercising these rights may conflict with contractual agreements, which may have ramifications such as early termination of the contract or cost consequences. In this case, we will inform you in advance if this has not already been contractually agreed.

In order to exercise such rights, you are usually required to clearly prove your identity (e.g. by means of a copy of your ID, where your identity is otherwise unclear or cannot be verified). To assert your rights, you can contact us at the address given in section 1.

Furthermore, every data subject has the right to assert their claims in court or to lodge a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (www.edoeb.admin.ch/en).

Amendments

We may amend this Privacy Policy at any time without prior notice. The latest version published on our website applies. If the Privacy Policy forms part of an agreement with you, we will notify you of any updates by email or in another suitable way.

Be part of it!

Become part of the Yond community
Find a space