Privacy policy

The Privacy policy describes how and for what purpose we collect, process and use personal data. The responsible handling of customer data is important to us.

1. What is this Privacy policy about?

Data protection is a matter of trust, and your trust is important to us. In this Privacy policy, we therefore inform you how and for what purpose we collect, process and use your personal data.

You will find out in this Privacy policy, among other things:

• what personal data we collect and process;
• the purposes for which we use your personal data;
• who has access to your personal data;
• what benefits our data processing has for you;
• how long we process your personal data;
• what rights you have regarding your personal data; and
• how you can contact us.

We have aligned this Privacy policy with both the Swiss Data Protection Act and the European General Data Protection Regulation – DSGVO for short. The GDPR has established itself worldwide as a benchmark for strong data protection. However, whether and to what extent the GDPR is applicable depends on the individual case.

2. Who is responsible for data processing?

The company responsible under data protection law for a particular data processing is the company that determines whether this processing should take place, for what purposes it takes place and how it is structured. Oswald & Sorge Partner AG and the companies commissioned with data processing (“we” or “us”) are responsible under data protection law for data processing in accordance with this Privacy Policy.

3. Who is this Privacy policy for and what is it for?

This Privacy Policy applies to all individuals whose data we process (each, “you”), regardless of how you contact us, e.g. at an office, by telephone, in an online shop, on a website, in an app, via a social network, at an event, etc… It applies to the processing of personal data already collected, as well as personal data collected in the future.

Our data processing operations may in particular concern the following categories of individuals, insofar as we process personal data in the process:

• People who use our services or who come into contact with our offers;
• Users of our online services and apps;
• Visitors to our websites;
• Users of our request and search portals;
• People who write to us or contact us in any other way;
• Recipients of information and marketing communications;
• Participants in customer events and public events;
• job applicants.

This Privacy policy applies to the processing of personal data in all our business areas.

Please also consult the contractual conditions for individual services (e.g. General Terms and Conditions, Terms of Use or Conditions of Participation). These may contain supplementary information on our data processing. For information on the collection and processing of personal data when using our websites, mobile apps and social media sites, in particular in connection with cookies and similar technologies, please also consult our cookie information.

4. What personal data do we process?

“Personal data” is information that can be associated with a specific person. We process different categories of such personal data. The most important categories are listed below for your guidance. In individual cases, however, we may also process other personal data.

4.1 Master data

Master data is the basic data about you, such as title, name, contact details or date of birth. We collect master data in particular if you are interested in one of our offers or a customer account. We also collect master data when you sign up for a newsletter or register a search profile. We also collect master data about contact individuals and representatives of contractual partners, organisations, and authorities.

Master data includes e.g.

• Salutation, first name, last name, gender, date of birth;
• Address, e-mail address, telephone number and other contact details;
• Payment information (e.g. deposited means of payment, bank details, billing address);
• Information on the use of online offers and subscriptions
• Details of associated websites, social media profiles, etc.;
• Details of language preferences, property preferences and household size, etc.
• Information about your relationship with us (customer, visitor, supplier, etc.);
• Information about related third parties (e.g. contact individuals, recipients of services or representatives);
• Settings regarding receipt of advertising, newsletters subscribed to, etc.
• Information about your status with us (inactivity or blocking of a user account);
• Information on participation in events, training events or other events;
• Details of titles and functions in the company for contacts and representatives of our business partners;
• Date and time of registrations.

Under certain circumstances, you may log in to individual online offers with the login of a third-party provider (e.g. Apple, Google, or Facebook). In this case, we obtain access to certain data stored with the provider in question, e.g. your username, your profile picture, your date of birth, your gender and other details, the scope of which you can usually determine. Information on this can be found in the Privacy policy of the provider concerned.

4.2 Contract data

Contractual data is personal data that arises in connection with the conclusion or execution of a contract, e.g. information on the conclusion of the contract, acquired claims and receivables or information on customer satisfaction. We mainly conclude contracts with clients, business partners and job applicants. If you use our services based on a contract, we often also collect behavioural and transactional data.

Contract data includes, for example, information about

• on the initiation and conclusion of contracts, e.g. date of conclusion of the contract, information from the application process and information on the contract in question (e.g. type and duration);
• about the processing and administration of contracts (e.g. contact details, delivery addresses, deliveries made or failed and payment information);in connection with customer service and assistance with technical matters;
• about our interactions with you (at most a history with corresponding entries);
• about claims and acquired entitlements and benefits;
• about defects and complaints, as well as adjustments to a contract;
• on customer satisfaction, which we can collect through surveys;
• on financial matters such as determining creditworthiness (i.e. information that allows conclusions to be drawn about the likelihood of receivables being paid), reminders, debt collection and enforcement;
• in connection with a job application, e.g. CV, references, qualifications, certificates, interview notes, etc. (which may include third party personal data);
• on interactions with you as a contact person or representative of a business partner;
• in connection with security audits and other audits with a view to entering into a business relationship.

4.3 Communication data

When you are in contact with us, or we are in contact with you, for example when you contact a customer service representative or when you write or call us, we process the exchanged communication content and information about the type, time, and place of the communication. In certain situations, we may also ask you for proof of identity for identification purposes.

Communication data are e.g.

• Name and contact details such as postal address, email address and telephone number;
• Content of emails, written correspondence, chat messages, social media posts, comments on a website, telephone conversations, video conferences etc…;
• Responses to customer and satisfaction surveys;
• Details of the nature, time and possibly location of the communication;
• Proof of identity such as copies of official identification documents;
• marginal data of the communication.

Telephone and video conference calls with us may be recorded; we will inform you of this at the beginning of each call. If you do not want us to record such conversations, you have the option to terminate the conversation at any time and contact us by other means (e.g. by e-mail).

4.4 Behavioural and transactional data

When you register with us, use our offers and infrastructure or make use of our services, we often collect data about this use and generally about your behaviour. This is the case, for example, when you file a search profile with us using your name or take part in an online training course or when you use our websites and apps.

Behavioural and transactional data includes, for example, the following information, insofar as it is available to us on a personal basis:

• about your behaviour when making purchases (e.g. where, how often, what and at what prices you buy as well as the type of payment method).
• about your behaviour in online shops (training modules ordered and cancelled, watch lists, services viewed, search profiles and results, ratings and comments made, etc.);
• about your attendance at events or use of training services (e.g. date, location, and type of event or use);
• about your behaviour on websites;
• about your use of electronic communications (e.g. whether and when you opened an e-mail or clicked on a link);

You can also use many of our services anonymously. If you have an account, however, behavioural and transaction data may be assigned to your profile even if you are not logged in when you visit the website or use the app.

4.5 Preference data

We want to tailor our offers and services to our customers in the best possible way. We therefore also process data on your interests and preferences. To this end, we can link behavioural and transactional data with other data and evaluate this data on a personal and non-personal basis. This allows us to draw conclusions about characteristics, preferences and anticipated behaviour, e.g. your preferences and affinities for certain educational topics and advisory services.

In particular, we can form segments (permanently or on a case-by-case basis), i.e. groups of people who show similarities regarding certain characteristics. Preference data may be used on a personal basis (e.g. to show you advertising that interests you or to send you relevant discount vouchers), but also on a non-personal basis (e.g. for market research or product development).

4.6 Technical data

When you use our websites, our apps or other electronic offerings, we collect certain technical data such as your IP address or a device ID. The technical data also includes the logs in which we record the use of our systems (log data). In some cases, we may also assign a unique identification number to your end device (tablet, PC, smartphone, etc.) (an ID), e.g. by cookies or similar technologies, so that we can recognise it. You will find further details on this in our cookie information.

In particular, behavioural data can also be collected based on technical data, i.e. information on your use of websites and mobile apps. However, we cannot usually deduce who you are from technical data unless, for example, you create a customer account or register. In this case, we can link technical data with master data – and thus with your person.

Technical data includes, among other things

• The IP address of your device and other device IDs (e.g. MAC address);
• Identification numbers assigned to your device by cookies and similar technologies (e.g. pixel tags);
• Information about your device and its configuration, e.g. operating system or language settings;
• Information about the browser you use to access the offer and its configuration;
• Information about your movements and actions on our websites and in our apps;
• Information about your internet provider;
• Your approximate location and time of use;
• System records of accesses and other processes (log data).

This technical data does not usually allow us to draw any conclusions about your identity. However, in the context of user accounts, registrations, the processing of contracts or evaluations for preference data, they can be linked with other data categories – and thus possibly with your person.

Furthermore, please note our cookie information for the processing of technical data.

4.7 Image and sound recordings

We take photos, videos, and audio recordings in which you may appear, e.g. when you attend an event, have contact with our customer service or take advantage of a consultation via video conference.

Image and sound recordings include, for example:

• Photos, videos, and audio recordings of courses, presentations, training sessions, etc.;
• Recordings of telephone and video conference calls (e.g. in customer service or customer advice).

5. Where does the personal data come from?

5.1 Surrendered data

You often provide us with personal data yourself, e.g. when you send us data or communicate with us. In particular, you usually provide us with master data, contract data and communication data yourself. You also frequently disclose preference data to us yourself.

You provide us with personal data yourself in the following cases, for example:

• You create a search profile or register for the newsletter;
• You create an account for the use of our online offer;
• You register for a course from our training offer.

The provision of personal data is usually voluntary, i.e. you are usually not obliged to disclose personal data to us. However, we must collect and process those personal data that are necessary for the processing of a contractual relationship and for the fulfilment of associated obligations or are required by law, e.g. mandatory master and contract data. Otherwise, we cannot conclude or continue the contract in question.

If you provide us with data about other individuals (e.g. family members), we assume that you are authorised to do so and that this data is correct. Furthermore, please ensure that these other individuals have been informed about this Privacy policy.

5.2 Data collected

We may also collect personal data about you ourselves or by automated means, for example when you shop with us, use our offers or make use of our services. This is often behavioural and transactional data as well as technical data.

We independently collect personal data about you in the following cases, for example:

• You order a training module in one of our online shops;
• You visit one of our websites or use one of our apps or cloud solutions;
• You click on a link in one of our newsletters or otherwise interact with one of our electronic promotional communications.

We may also derive personal data from existing personal data, for example by analysing behavioural and transactional data. Such derived personal data is often preference data.

We can, for example, analyse the behavioural and transactional data generated by purchases in our education area and online shops and make assumptions about your personal interests, preferences, affinities, and habits based on this. This enables us, for example, to tailor our offers and information to your individual needs and interests. This enables us to send you an individual selection of discount vouchers that are relevant to you.

5.3 Received data

We may also receive personal data from other companies in the real estate industry. We may also receive information about you from other third parties, such as companies we work with, people who communicate with us or public sources.

For example, we may receive information about you from the following third parties:

• from cooperation partners, e.g. real estate portals and building applications;
• from your employer and work colleagues in connection with a job application and their professional functions;
• from people close to you (family members, legal representatives, etc.), e.g. your address for deliveries, references, or powers of attorney;
• from credit agencies, e.g. when we obtain credit information;
• from Swiss Post and address dealers, e.g. for address updates;
• from banks, insurance companies, distributors, and other contractual partners for purchases and payments;
• from providers of online services, e.g. providers of Internet analysis services;
• from information services for compliance with legal requirements such as anti-money laundering;
• from authorities, parties, and other third parties in connection with official and legal proceedings;
• from media monitoring companies in connection with articles and reports in which you appear;
• from public registers such as the debt enforcement register or commercial register, from public bodies such as the Federal Statistical Office, from the media or from the Internet.

6. For what purposes do we process personal data?

6.1 Communication

We would like to stay in contact with you and respond to your individual concerns. We therefore process personal data for communication with you, e.g. answering enquiries and customer care. For this purpose, we use in particular communication and master data and, insofar as the communication concerns a contract, also contract data. We may also personalise the content and timing of messages based on behavioural, transactional, preference and other data.

The purpose of the communication includes, in particular:

• answering enquiries;
• contacting you with questions;
• providing customer service and customer care;
• communication in relation to services provided (e.g. we may contact you directly if we are aware that you have received advice which is affected by a material change in circumstances);
• authentication, e.g. when using our online services;
• quality assurance and training;
• all other processing purposes, insofar as we communicate with you for this purpose (e.g. contract processing, information and direct marketing).

6.2 Contract processing

We want to provide you with the best possible service. We therefore process personal data in connection with the initiation, administration, and processing of contractual relationships, e.g. to carry out an assessment, provide a service, run a training programme or an event. The processing of contracts also includes any agreed personalisation of services. We use for this purpose, in particular, master data, contract data, communication data, behavioural and transaction data as well as preference data.

The purpose of contract processing generally includes everything that is necessary or expedient to conclude, execute and, if applicable, enforce a contract.

This includes, for example, processing:

• to decide whether and how (e.g. with which payment options) we enter into a contract with you (including credit checks);
• to provide contracted services, e.g. deliver reports, provide services and provide features (including personalised service components);
• to provide customer services and survey customer satisfaction;
• to run and manage training, loyalty and reward programmes, e.g. to account for and credit earned entitlements and benefits;
• to account for our services and generally for record keeping;
• to plan and prepare for the provision of our services, e.g. scheduling of our employees;
• to check the suitability of job applicants and, if necessary, to prepare and conclude the employment contract;
• to check whether we are willing and able to work with a company and to monitor and assess its performance;
• to prepare and complete real estate transactions, e.g. property purchases, sales, and transfers;
• to enforce legal claims arising from contracts (collection, litigation, etc.);
• to administer and manage our IT and other resources;
• to store data within the scope of retention obligations;
• to terminate and cancel contracts.

6.3 Information and marketing

We would like to make you attractive offers. We therefore process personal data for relationship management and marketing purposes, e.g. to send you written and electronic communications and offers and to carry out marketing campaigns. Communications and offers may also be personalised to send you only information that is likely to be of interest to you. For this purpose, we use in particular master data, contract data, communication data, behavioural data and transaction data as well as preference data, but also image and sound recordings.

This may include, for example, the following communications and offers:

• Newsletters, promotional emails, in-app messages and other electronic messages;
• Advertising brochures, magazines, and other printed matter;
• Advertising messages and spots on screens and other advertising space;
• Delivery of vouchers;
• Invitations to events, functions, and seminars.

Unless we separately ask for your consent to contact you for marketing purposes, you may opt out of such contacts at any time. For newsletters and other electronic communications, you can usually unsubscribe from the relevant service via an unsubscribe link integrated in the communication.

Personalising our communications allows us to tailor information to your individual needs and interests and, where possible, only provide you with offers that are relevant to you. For example, as part of the training programme, we will send you an individual selection of training offers relevant to you or show you online content tailored to you.

6.4 Market research and product development

We want to continuously improve our offers and make them more attractive for you. We therefore process personal data for market research and product development. To this end, we process in particular master data, behavioural data, transaction data and preference data, but also communication data and information from customer surveys, polls, and studies and other information, e.g. from the media, the Internet, and other public sources. As far as possible, we use pseudonymised or anonymised data for these purposes.

Market research and product development include in particular:

• conducting customer surveys, polls, and studies;
• the further development of our offers (e.g. design of the range of services, choice of training locations, pricing and implementation planning, etc.);
• the assessment and improvement of the acceptance of our offers and our communication in connection with offers;
• optimising and improving the user-friendliness of websites and apps;
• the development and testing of new offers;
• the testing and improvement of our internal processes;
• the education and training of our employees;
• assessing the supply situation in a particular market and the behaviour of our competitors;
• Market monitoring, e.g. to understand and react to current developments and trends.

6.5 Security and prevention

We want to ensure your and our security and prevent abuse. We therefore also process personal data for security purposes, to ensure IT security, to prevent theft, fraud, and abuse and for evidence purposes. This may involve all the categories of personal data already mentioned, including in particular behavioural and transactional data, as well as image and sound recordings. We may collect, analyse and store this data for the purposes mentioned.

The purpose of security and prevention includes, for example:

• the issuing of request bans and the administration of request ban lists;
• analysing behavioural and transactional data to identify suspicious patterns of behaviour and fraudulent activity;
• analysing system records of the use of our systems (log data);
• preventing, preventing and resolving cyber-attacks and malware attacks;
• Analysing and testing our networks and IT infrastructures, as well as system and error checks;
• controlling access to electronic systems (e.g. logins for user accounts);
• Documentation purposes and creation of security copies.

6.6 Compliance with legal requirements

We want to create the conditions for compliance with legal requirements. We therefore also process personal data to comply with legal obligations and to prevent and detect violations. This includes, for example, receiving and processing complaints and other notifications, complying with orders of a court or authority, and taking measures to detect and clarify abuses. This may involve all the categories of personal data already mentioned.

Compliance with legal requirements includes in particular:

• the implementation of health and safety concepts;
• clarifying business partners;
• receiving and processing complaints and other reports;
• conducting internal investigations
• ensuring compliance and risk management;
• disclosing information and documents to authorities if we have a factual reason to do so or are legally obliged to do so;
• cooperating with external investigations, e.g. by a law enforcement or regulatory authority;
• guaranteeing the legally required data security;
• looking after our shareholders and other investors to fulfil our obligations in this respect;
• the fulfilment of disclosure, information or reporting obligations, e.g. in connection with supervisory and tax obligations, e.g. archiving obligations and for
• the prevention, detection, and clarification of criminal offences and other violations;
• the legally regulated fight against money laundering and terrorist financing.

In all cases, this may involve Swiss law, but also foreign regulations to which we are subject, as well as self-regulations, industry and other standards, our own “corporate governance” or official directives.

6.7 Legal defence

We want to be able to enforce our claims and defend ourselves against the claims of others. We therefore also process personal data for legal protection, e.g. to enforce claims in court, before or out of court and before authorities in Switzerland and abroad, or to defend ourselves against claims. In doing so, we process different personal data depending on the constellation, e.g. contact data as well as information about processes that have given or could give rise to a dispute.

The purpose of defending the law includes in particular:

• Clarifying and enforcing our claims, which may include claims by our affiliates and our contractual and business partners;
• Defending claims against us, our employees, our affiliates and our contractual and business partners;
• the clarification of the prospects of litigation and other legal, economic and other issues;
• participating in proceedings before courts and authorities at home and abroad. For example, we may preserve evidence, clarify the prospects of litigation or submit documents to a public authority. It may also be that authorities request us to disclose documents and data carriers containing personal data.

6.8 Internal administration

We want to make our internal processes efficient. We therefore process personal data for our internal administration. In particular, we process master data, contract data and technical data, but also behavioural and transaction data as well as communication data.

Internal administration includes in particular:

• the keeping and administration of the share register;
• the management of IT and real estate;
• the bookkeeping;
• the archiving of data;
• the training and education, e.g. when we evaluate recordings of telephone, video or other communications;
• the review or execution of corporate transactions such as company acquisitions, disposals, and mergers;
• the sale of receivables, where we provide the acquirer, for example, with information on the reason for and amount of the receivable and, where applicable, the creditworthiness and conduct of the debtor;
• in general, the review and improvement of internal processes.

7. On what legal basis do we process personal data?

Depending on the purpose of the data processing, our processing of personal data is based on different legal bases. We may process personal data in particular if the processing:

• is necessary for the performance of a contract with the data subject or for pre-contractual measures (e.g. the examination of a contract request);
• is necessary for the exercise of legitimate interests;
• is based on consent;
• is necessary for compliance with domestic or foreign legal provisions.

We have a legitimate interest in particular in the processing for the purposes described above and in the disclosure of data and the objectives associated with each of these. The legitimate interests in each case include our interests and the interests of third parties.

These legitimate interests include, for example, the interest in

• to provide services to third parties (e.g. to individuals receiving gifts);
• good customer care, maintaining contacts and communicating with customers outside a contract;
• advertising and marketing activities;
• getting to know our customers and other people better;
• improving IT solutions and services and developing new ones;
• combating fraud, e.g. in online shops, and preventing and investigating offences;
• protecting clients, employees and other individuals and data, secrets and assets of Oswald & Sorge Partner AG;
• ensuring IT security, especially in connection with the use of websites, apps, and other IT infrastructure;
• in ensuring and organising business operations, including the operation and further development of websites and other systems;
• in the management and development of the business;
• in the sale or purchase of companies, parts of companies and other assets;
• in the enforcement or defence of legal claims;
• in compliance with Swiss and foreign law and internal rules.

8. Who do we share personal data with?

We may pass on your personal data to companies outside Oswald & Sorge Partner AG if we use their services. As a rule, these service providers process personal data on our behalf as so-called “order processors”. Our order processors are obliged to process personal data exclusively in accordance with our instructions and to take appropriate data security measures. Certain service providers are also jointly responsible with us or independently (e.g. debt collection companies). We ensure through the selection of the service providers and through suitable contractual agreements that data protection is guaranteed throughout the processing of your personal data.

This involves, for example, services in the following areas:

• Advertising and marketing services, e.g. sending communications and information;
• Business administration, e.g. accounting or asset management;
• Payment services;
• Credit information, e.g. if you wish to make a purchase on account;
• Collection services;
• IT services, e.g. data storage services (hosting), cloud services, sending email newsletters, data analysis and refinement services, etc.;
• Consultancy services, e.g. services of tax consultants, lawyers, management consultants or consultants in the field of personnel recruitment and placement.

In individual cases, it is also possible that we pass on personal data to other third parties also for their purposes, e.g. if you have given us your consent or if we are legally obliged or entitled to pass on the data. In these cases, the recipient of the data is a separate data controller under data protection law.

This includes e.g. the following cases:

• the transfer of receivables to other companies such as collection agencies;
• the examination or execution of transactions under company law, such as company acquisitions, sales, and mergers;
• the disclosure of personal data to courts and authorities in Switzerland and abroad, e.g. to law enforcement agencies in cases of suspected criminal offences;
• the processing of personal data to comply with a court order or official directive or to assert or defend legal claims or if we consider it necessary for other legal reasons. In doing so, we may also disclose personal data to other parties to the proceedings.

In addition, please note our cookie information on independent data collection by third-party providers whose tools we have integrated on our websites and apps.

Unless a special professional secrecy (e.g. banking, pharmacy or medical secrecy) is applicable in individual cases, we are not subject to any professional secrecy obligation. Please let us know in individual cases if you believe that certain personal data is subject to a duty of confidentiality so that we can examine your request.

9. How do we disclose personal data abroad?

We process and store personal data, mostly in Switzerland and the European Economic Area (EEA). However, in certain cases we may also disclose personal data to service providers and other recipients located or processing personal data outside this area, in principle in any country in the world. These countries may not have laws that protect your personal data to the same extent as in Switzerland or the EEA. If we transfer your personal data to such a country, we will ensure that your personal data is adequately protected.

One means of ensuring adequate data protection is, for example, the conclusion of data transfer agreements with the recipients of your personal data in third countries that ensure the required level of data protection. These include contracts that have been approved, issued or recognised by the European Commission and the Federal Data Protection and Information Commissioner, so-called standard contractual clauses. Please note that such contractual arrangements can partially compensate for weaker or missing legal protection, but cannot completely exclude all risks (e.g. of government access abroad). In exceptional cases, the transfer to countries without adequate protection may also be permissible in other cases, e.g. based on consent, in connection with legal proceedings abroad or if the transfer is necessary for the performance of a contract.

10. How do we process sensitive personal data?

Certain types of personal data are considered “particularly worthy of protection” under data protection law, e.g. information on health and biometric characteristics. Depending on the constellation, the aforementioned categories of personal data may also include such particularly sensitive personal data. However, we generally only process particularly sensitive personal data if it is necessary for the provision of a service, you have provided us with this data of your accord, or you have consented to the processing. We may also process sensitive personal data if this is necessary to uphold the law or comply with domestic or foreign legal provisions, if the data concerned has obviously been disclosed to the public by the person concerned or if the applicable law otherwise permits its processing.

We may process sensitive personal data in the following cases, for example:
You apply for a vacant position and provide information about your health, about a trade union affiliation or about previous convictions and criminal measures.

Children’s personal data also deserves special protection. We therefore do not usually process personal data from children, and if it is nevertheless necessary, we take special care to protect this data. In addition, we usually ask parents or legal representatives for their consent if we knowingly process children’s personal data based on consent. If consent has been given to a child by his or her parents or legal representatives, the adult is later free to withdraw this consent.

For example, we may process children’s personal data in the following situations:
You are looking for a property and are searching for a home for yourself and your children, and you collect the name and age of your children to create a property search profile.

11. How do we use profiling?

“Profiling” means the automated processing of personal data to analyse personal aspects or make predictions, e.g. the analysis of personal interests, preferences, affinities, and habits or the prediction of likely behaviour. Profiling can be used to derive preference data in particular.

Profiling is a common process, e.g. in automated processing

• of master, contract, behavioural and transactional data in property search and online shops;
• behavioural, transactional and technical data in connection with our websites and apps;
• of data in connection with visits to events and information events;
• communications data, such as your response to promotional and other communications;
• other behavioural and transactional data.

Profiling helps us, for example,

• better tailor our real estate offers to individual needs;
• present our content and offers to you according to your needs;
• to only present you with advertisements and offers that are likely to be relevant to you;
• to decide which payment options are available based on a credit check.

We carry out profiling, e.g. in connection with the creation of search profiles, by evaluating your search behaviour and assigning you to certain customer segments based on this. These are groups of people who have similarities regarding certain characteristics. Such customer segments can be formed permanently or on a case-by-case basis and can relate, for example, to the phase of life or the buying motive. This profiling enables us, for example, to send you property offers that are relevant to you.

Profiling also takes place, for example, in connection with the training offer, for example, by evaluating your usage behaviour in our online shops and on our websites and apps to offer you an individual user experience and to provide you with offers tailored to your interests and preferences.

To improve the quality of our analyses and forecasts, we may also combine personal data from different sources as a basis for profiling, e.g. data collected offline and online as well as data collected via various of our services.

If you do not want us to analyse personal aspects or make predictions, you can choose not to register on our website or make your enquiries by telephone and refrain from creating a customer account and registering for other services. You can also object to profiling in certain cases.

12. Do we make automated individual decisions?

An “automated individual decision” is a decision that is fully automated, i.e. without human influence, and that has legal consequences for the data subject or significantly affects him or her in some other way. We do not usually do this, but will inform you separately should, we use automated individual decisions in individual cases.

13. How do we protect personal data?

We take appropriate security measures of a technical and organisational nature to maintain the security of your personal data, to protect it against unauthorised or unlawful processing and to protect against the risk of loss, accidental alteration, unauthorised disclosure or access. However, like all companies, we cannot rule out data security breaches with absolute certainty; certain residual risks are unavoidable.

Security measures of a technical nature include, for example, the encryption and pseudonymisation of data, logging, access restrictions and the storage of backup copies. Security measures of an organisational nature include, for example, instructions to our employees, confidentiality agreements and controls. We also oblige our order processors to take appropriate technical and organisational security measures.

14. How long do we process personal data?

We process and store your personal data,

• as long as it is necessary for processing or for compatible purposes, in the case of contracts as a rule, at least for the duration of the contractual relationship;
• as long as we have a legitimate interest in storing the data. This may be the case in particular if we need personal data to enforce or defend claims, for archiving purposes and to ensure IT security;
• for as long as they are subject to a legal obligation to retain them. For example, a ten-year retention period applies to certain data. For other data, shorter retention periods apply in each case, e.g. for records of certain processes on the Internet (log data).

In certain cases, we also ask for your consent if we want to store personal data for longer (e.g. in the case of job applications that we want to keep pending). After expiry of the above-mentioned periods, we delete or anonymise your personal data.

We are guided by the following retention periods, for example, although we may deviate from these in individual cases:

• Transaction data is kept for a maximum of ten years. Master data and contact data are archived or anonymised after two years of inactivity. Archiving or anonymisation of this data also takes place in the event of termination of the user account or a deletion request.
• User account: Personal data is stored for the duration of the user account. If a deletion of the account is ordered, the data will be deleted within 30 days. If the account is deactivated (e.g. in case of inactivity or blocking due to misuse), the data will be deleted over a maximum period of 24 months.
• Contracts: We generally retain master and contract data for ten years from the last contract activity or from the end of the contract. However, this period may be longer if this is necessary for reasons of evidence, legal or contractual requirements or for technical reasons. Transaction data relating to contracts is generally retained for ten years.
• Technical data: We usually keep log data for six months. Cookies are usually stored for between a few days and two years, unless they are deleted immediately after the end of the session.
• Communication data: E-mails, messages via contact form and written correspondence are usually kept for ten years.
• Image and sound recordings: The retention period varies depending on the purpose. This ranges from a few days for recordings of to several years for minutes of condominium owners’ meetings.
• Shareholders: Shareholder data is retained in accordance with company law.
• Job applications: We generally delete application data within six months of the end of the application process. With your consent, we may keep your application pending with a view to possible subsequent employment.

15. What rights do you have in connection with the processing of your personal data?

You are entitled to object to data processing, especially if we process your personal data based on a legitimate interest and the other applicable conditions are met. You can also object at any time to data processing in connection with direct marketing (e.g. advertising e-mails). This also applies to profiling, insofar as this is connected with such direct marketing.

Insofar as the respective applicable conditions are met, and no legal exceptions apply, you also have the following rights:

• the right to request information about your personal data stored by us;
• the right to have inaccurate or incomplete personal data corrected;
• the right to request the deletion or anonymisation of your personal data;
• the right to request the restriction of the processing of your personal data;
• the right to receive certain personal data in a structured, common and machine-readable format;
• the right to revoke consent with effect for the future, insofar as processing is based on consent.

Please note that these rights may be restricted or excluded in individual cases, e.g. if there are doubts about the identity or if this is necessary to protect other persons, to protect interests worthy of protection or to comply with legal obligations.

You can exercise the most important of the above rights via the contact form on the website. You can also deactivate the receipt of certain offers and information at any time in your customer account. In addition, you can unsubscribe from newsletters and other promotional emails by clicking on the relevant link at the bottom of the email. You can also contact us if you wish to exercise any of your rights or if you need any clarification about the processing of your personal data.

You are also free to lodge a complaint with a competent supervisory authority if you have concerns about whether the processing of your personal data complies with the law.

• The competent supervisory authority in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
• The competent supervisory authority in the Principality of Liechtenstein is the Data Protection Authority of the Principality of Liechtenstein.

16. How can you contact us?

If you need any clarification about this privacy statement or the processing of your personal data, you can contact Oswald & Sorge Partner AG using the contact details listed on its website.

You are also welcome to contact us as follows:

Oswald & Sorge Partner AG
Stockerstrasse 60
8002 Zürich

info@oswald-sorge.ch
052 503 10 00

17. Changes to this privacy policy

This privacy statement may be amended over time, in particular if we change our data processing practices or if new legislation becomes applicable. We will actively inform individuals whose contact details are registered with us of any significant changes, if this is possible, without disproportionate effort. In general, the data protection statement in the version current at the time of the start of the processing in question applies to data processing in each case.

Version 1.1 / November 2021

Cookie information

What is it about?

This cookie information describes how and for what purpose we collect, process and use personal and other data when using our websites and mobile apps – in particular in connection with cookies and similar technologies. In the following, we refer to websites in general for simplicity, but also mean mobile apps in each case.

Who is responsible for data processing?

In principle, Oswald & Sorge Partner AG and our partners (“we” or “us”) are responsible under data protection law for the processing of personal data in accordance with this cookie information. As a rule, this is the company that drew your attention to this cookie information. If you need any clarification about this cookie information or the processing of your personal data, you can contact the company responsible in each case. You can also contact us as follows:

Oswald & Sorge Partner AG
Stockerstrasse 60
8002 Zürich

info@oswald-sorge.ch
052 503 10 00

What is log data?

Every time you use our websites, certain data is automatically generated for technical reasons and temporarily stored in log files, the so-called log data. This is, for example, the following technical data:

• IP address of the requesting end device,
• Information about your internet service provider,
• Information about the operating system of your end device (tablet, PC, smartphone, etc.),
• Information on the referring URL,
• details of the browser used,
• date and time of access, and
• Content accessed when visiting the website.

This data is processed for enabling the use of our websites (establishing a connection) and ensuring their functionality, guaranteeing system security and stability and enabling the optimisation of our Internet offering, as well as for statistical purposes.

Furthermore, the IP address is evaluated together with the other log data and, if applicable, other data available to us in the event of attacks on the IT infrastructure or other possibly unauthorised or abusive use of the websites for clarification and defence and, if necessary, used in the context of criminal proceedings for identification and for civil and criminal proceedings against the individuals concerned.

What are cookies and similar technologies?

Cookies are files that your browser automatically stores on your terminal device when you visit our websites. Cookies contain a unique identification number (an ID) that allows us to distinguish individual visitors from others, but usually without identifying them. Depending on the purpose of use, cookies contain further information, e.g. about pages accessed and the duration of the visit to a page. We use session cookies, which are deleted when the browser is closed, and permanent cookies, which remain stored for a certain period of time after the browser is closed (usually between a few days and two years) and are used to recognise visitors on subsequent visits.

We may also use similar technologies such as pixel tags, fingerprints and other technologies to store data in the browser. Pixel tags are small, usually invisible images or program code that are loaded from a server and thereby transmit certain information to the server operator, e.g. whether and when a website was visited. Fingerprints are information that is collected when you visit a website via the configuration of your terminal device or your browser, and which make your terminal device distinguishable from other devices. Most browsers also support other technologies for storing data in the browser, similar to cookies, which we may also use (e.g. “web storage”).

How can cookies and similar technologies be deactivated?

In some cases, when you access our websites, you have the option of activating or deactivating certain categories of cookies via a button displayed in the browser. Furthermore, you can configure your browser in the settings so that it blocks certain cookies or similar technologies or deletes existing cookies and other data stored in the browser. You can also enhance your browser with software (so-called “plug-ins”) that blocks tracking by certain third parties. You can find out more about this in the help pages of your browser (usually under the keyword “data protection”). Please note that our websites may no longer function fully if you block cookies and similar technologies.

What types of cookies and similar technologies do we use?

We use the following types of cookies and similar technologies:

• Necessary cookies: Necessary cookies are required for a website and its functions to be used. For example, these cookies ensure that you can move between pages without losing the information you have entered in a form or the products you have placed in a shopping cart.
• Performance cookies: Performance cookies collect information about how a website is used and allow us to perform analytics, such as which pages are most popular and how visitors move around a website. These cookies are used to simplify and speed up the visit to the website and generally improve the user experience.
• Functional cookies: Functional cookies allow us to provide advanced functionality and display personalised content. These cookies allow us, for example, to save information you have already provided (e.g. language selection) or to show you products that you might also like based on services you have viewed.
• Marketing cookies: Marketing cookies help us and our advertising partners to target you on our websites and on websites of third parties with advertisements for products or services that might be of interest to you, or to display our advertisements during your further internet use after visiting our websites.

How do we use cookies and similar technologies from other companies?

The cookies or similar technologies we use may each come from ourselves or from third-party companies, for example where we use features provided by third parties. Such third parties may also be located outside of Switzerland and the European Economic Area (EEA), provided that the protection of your personal data is adequately ensured.

For example, we use analytics services to evaluate how you use our websites to optimise and personalise them. Cookies and similar technologies from third parties also enable them to target you with personalised advertising on our websites or on other websites and social networks that also work with that third party, and to measure how effective advertisements are (e.g. whether you arrived at our website via an advertisement and what actions you then take on our website).

Third-party providers may record your use of the website in question. These recordings may be combined by the respective provider with similar information from other websites. The behaviour of certain users can thus be recorded across several websites and several end devices. The respective provider can often also use this data for its purposes, e.g. for personalised advertising on its website and on other websites that it supplies with advertising. If users are registered with the provider, the provider can assign the usage data to the relevant person. The processing of such personal data is carried out by the provider under its responsibility and in accordance with its data protection regulations.

Two of the most important third-party providers are Google and Facebook. You will find further details on these below. Other third-party providers generally process personal and other data similarly.

Google Analytics and Google Firebase

On many of our websites, we use Google Analytics, an analysis service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA, USA) and Google Ireland Ltd. (Google Building Gordon House, Barrow St, Dublin 4, Ireland; both together “Google”, whereby Google Ireland Ltd. is responsible for the processing of personal data). Google uses cookies and similar technologies to collect certain information about the behaviour of individual users on or in the relevant website and the end device used for this purpose (tablet, PC, smartphone, etc.) (e.g. how often you have opened our website, how many purchases have been made or what your interests are, as well as data about the end device you are using, such as the operating system). You can find more information about this under this link.

We have configured the service in such a way that the IP addresses of visitors to the websites are shortened by Google within Europe before being forwarded to the USA so that they cannot be traced. Google provides us with reports, and in this sense, can be considered our order processor. However, Google also processes certain data for its purposes. Under certain circumstances, Google can draw conclusions about the identity of visitors to the websites based on the data collected and therefore create personal profiles and link the data obtained with any existing Google accounts of these individuals. Information on the data protection of Google Analytics can be found here, and if you have a Google account yourself, you can find further details here.

Facebook / Meta Custom Audiences

Our websites may also use the so-called “Facebook pixel” and similar technologies from Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). We use these technologies to display the Facebook ads placed by us only to users on Facebook and on the partners cooperating with Facebook (so-called “Audience Network”) who have shown an interest in us or whose characteristics correspond to those that we transmit to Facebook for this purpose (e.g. interest in certain topics or products that can be identified based on the websites visited; “Custom Audiences”). We can also use these technologies to track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called “conversion measurement”). You can find more information about this here.

We share responsibility (but not further processing) with Facebook for sharing data that Facebook collects or receives through the Pixel or similar features, displaying advertising information that matches users’ interests, improving ad delivery and personalising features and content. We have therefore concluded a corresponding supplementary agreement with Facebook. Users can therefore submit requests for information and other data subject requests related to shared responsibility directly to Facebook.

We may operate our presences on social networks and similar third-party platforms (e.g. Facebook fan pages). If you communicate with us via such presences or comment on or redistribute content from us, we will collect corresponding information and process you in accordance with our privacy policy. We have the right, but not the obligation, to check content before or after it is published and to delete content without notification, insofar as this is technically possible, or to report it to the provider of the platform concerned. In the event of a breach of decency and conduct rules, we may also report the user account concerned to the provider of the platform for blocking or deletion.

When visiting our social media sites, data (e.g. on your user behaviour) may also be transmitted directly to or collected by the provider concerned and processed together with other data already known to it (e.g. for marketing and market research purposes and for personalising platform content). Insofar as we are jointly responsible with the provider for certain processing, we will enter into a corresponding agreement with the provider, the essential content of which you can find out from the provider. Further information on data processing by social network providers can be found in the data protection provisions of the relevant social networks.

Changes to this cookie information

This Cookie Information may be amended over time, in particular if we change our data processing practices or if new legislation becomes applicable. In general, the cookie information in the current version at the start of the processing in question applies to data processing.

Enquiries & Information through our Data Protection Officer (DPO) Andreas Sorge, 052 503 10 01, andreas.sorge@oswald-sorge.ch