Privacy Policy - of IDZ Real Estate
Important legal notice
IDZ Immobilien Dienstleistungszentrum GmbH (“we”, “us”, or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website or use our services.
Company: IDZ Immobilien Dienstleistungszentrum GmbH
Address: Unterdorfstrasse 13, 8808 Pfäffikon, Switzerland
Management: Daniel Widmer, CEO; Patrick Spoerli, Partner
Phone number: +41 55 420 26 39
Email address: [email protected]
Effective Date: September 1, 2023
This privacy policy is written in easy-to-understand german language and avoids legal and technical terms wherever possible.
1 General information
1.1. General information on data processing
1.2. Purpose of the data protection declaration
1.3. Legal basis
1.4. Personal data processed
1.5. Your rights
2. Processing procedures
2.1. Rental process
2.2. Marketing process
2.3. Consulting process
2.4. Cooperation with third parties
2.5. Disclosure of personal data abroad
2.6. Customer relationship management
2.7. Digital customer/user account
2.8. E-mail
2.9. Contact form – contact idz
2.10. Contact form – real estate offer
2.11. Creation of a real estate search profile
2.12. Newsletter
2.12.1. Newsletter delivery service provider Brevo
2.13. Data collection for applications
2.14. Events
2.15. Communication via post and social media
2.16. Automated individual decisions
2.17. Server log files
3. Protective measures
3.1. Data backups
3.2. Data protection measures
4. Website(s)
5. Data from third-party services
5.1. Use of cookies
5.2. Use of Google Analytics
5.3. Google TagManager
5.4. Google Maps
5.5. Social media plug-ins
5.6. Instagram
5.7. LinkedIn
5.8. Embedded content from other websites
5.9. Embedded YouTube videos
1 General information
1.1. General information on data processing
idz Immobilien Dienstleistungszentrum GmbH is the operator of this homepage (hereinafter also referred to as the “website” or “technology”) and is responsible for the content and also for the collection, processing and use of your personal data.
We are very concerned about your privacy and the security of your data and take the necessary and possible technical and organizational measures to this end. In addition, our employees are continuously trained.
1.2. Purpose of the data protection declaration
When you contact idz Immobilien Dienstleistungszentrum GmbH (hereinafter also referred to as “we”, “us” or “idz”), personal data that falls under the Swiss Data Protection Act (DSG, or the revDSG that came into force on September 1, 2023) and the Swiss Data Protection Ordinance (DSV) are usually also processed. This data typically includes name, email address, telephone number and other personal information related to contractual relationships with us. In addition, technical data that can be assigned to a person is to be regarded as personal data (in particular cookies, see below for more information).
This data protection declaration explains the type, scope and purpose of the processing of personal data by us.
1.3. Legal basis
The legal basis for our data processing is Art. 5-9 DSG (“Terms and Principles”). Whether and how these laws are applicable depends on the individual case.
The measures we take are based on the “Industry recommendation on the revised data protection law” of SVIT Switzerland.
In order to protect the data we manage against manipulation, loss, destruction or access by unauthorized persons in accordance with the current state of the art, we use modern technical security measures and continuously improve them.
1.4. Personal data processed
The personal data we process includes personal data that is worthy of protection within the meaning of the revDSG. Personal data that is particularly worthy of protection is only processed in individual cases and after a corresponding declaration of consent (e.g. extracts from the debt collection register, credit reports).
If you provide us with personal data of other people, such as family members or data of work colleagues, please ensure that these people are aware of this data protection declaration. In addition, only share their personal data if you are permitted to do so and if this personal data is correct.
1.5. Your rights
According to Art. 25 revDSG, every person has the right to request information from us free of charge about whether and which personal data is being processed about them. From the second request for information within 12 months, we can charge a fee to cover costs (according to Art. 19 Para. 2 DSV, a maximum of 300 CHF).
Subject to Art. 28 Para. 1 revDSG, every person has the right to request that we release their personal data that they have disclosed to us in a common electronic format.
In addition, every person has the right to have their personal data changed, supplemented or deleted.
Requests for information, changes and release should be sent to: [email protected]
2. Processing procedures
2.1. Rental process
In the rental process, personal data of owners, prospective tenants and tenants are collected to the extent that this is necessary for the process or for rental agreements. By disclosing personal data, the data subjects declare their consent to the processing and use of their personal data, which is necessary for the provision of our services in connection with a desired rental agreement.
We inform data subjects in the rental process that we can obtain personal data from third parties (namely business information). We inform data subjects in an appropriate manner about the source of the externally obtained personal data. The required debt collection register extract must be obtained by prospective tenants themselves. The personal data and debt collection register extracts of prospective tenants are deleted after the rental process has been completed, unless the process results in a rental or the data subject does not consent to the use of the personal data for a later rental process.
Personal data that was collected from current rental orders and rental agreements before the revised DSG came into force will be processed without further notice. Personal data of prospective tenants that was collected before the revised DSG came into force and whose request did not result in a rental agreement will be deleted unless consent has been given for further data processing.
Rental agreements and the personal data associated with them are stored for 10 years after the last contractual service (usually billing of additional costs or reimbursement of the rental deposit) in accordance with the principles of the general limitation period (Art. 127 OR).
The personal data that is sent to us in connection with the properties in our offer is sent to us via the CASASOFT real estate platform. This is described in more detail in point 2.6 Customer Relationship Management.
2.2. Marketing process
The marketing process generates personal data of owners, sellers, prospective buyers and buyers, insofar as this is necessary for the process. By disclosing personal data, the persons concerned declare their consent to the data processing.
Personal data of sellers and buyers as well as documents relating to the process are retained for a period of 5 years (complaint and limitation period according to SIA).
All personal data of prospective buyers is deleted after the marketing process has been completed, unless the persons concerned give their consent to use the personal data for a later marketing process. The right to store the data anonymously remains reserved.
2.3. Consulting process
Personal data from consulting mandates or valuation orders are retained for 2 years after the completion of the consulting mandate or order. The right to store the data anonymously remains reserved.
2.4. Cooperation with third parties
In order to provide our services in connection with the rental, marketing and management of the properties and apartments entrusted to us, it is essential to work with various external partners (caretakers, craftsmen, gardeners, etc.). To do this, it is necessary to pass on personal data, such as contact details, to these third parties. A condition for our cooperation with these external partners is that data processing is also in accordance with the DSG or GDPR and that your personal data is secure. When passing on your data to third parties, we ensure that there are sufficient contractual guarantees that such a third party will use the personal data in accordance with the legal requirements and exclusively in our interest. In individual cases, the relevant data protection provisions may differ from ours. In the vast majority of cases, these external third parties are long-standing and reliable partners.
In addition, it may also be necessary to pass on your personal data to external parties in order to fulfill certain legal obligations and to enforce our rights, in particular to enforce claims arising from the relationship between you and us. For example, to debt collection companies, authorities or lawyers. We only pass on your data to third parties if this is necessary in the context of the use of our technology, for the provision of the services you request and for the analysis of your user behavior.
This could be: outsourcing partners, hosts, companies with whom we offer the offers on our technology such as for bookings, rentals, purchases, etc. (see also point 2.6 Customer Relationship Management)
The disclosure of personal data to such external cooperation partners takes place exclusively for the purpose of fulfilling our services and only to the extent necessary for this purpose.
2.5. Disclosure of personal data abroad
Data processing servers, outsourcing partners can have their location, headquarters or their processor abroad. However, we only work with processors who commit to data processing in accordance with the DSG or GDPR.
2.6. Customer relationship management
Personal data in our customer relationship management system (CRM system) only includes the information required for the contact or business relationship. The personal data is stored for 2 years after the last customer contact and then deleted. Anonymous storage is reserved.
As a CRM system for communication in connection with the properties we offer, we use the CASAONE platform from Casasoft, Flurstrasse 55, 8048 Zurich. You can view CASAONE’s “privacy policy” here.
As a CRM system for communication that arises through the contact forms of our technologies and the claim form on idz.ch as well as for emails that are sent to us directly via our contact address [email protected], we also use the software HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland. HubSpot is a software company from the USA with a European branch in Ireland. HubSpot helps us analyze the use of our portal. HubSpot uses cookies for this purpose.
2.7. Digital customer/user account
We offer certain services via a personal customer/user account on our partner’s server. By opening a customer/user account, data subjects agree that we process (save, store, use, etc.) their personal data, create evaluations of usage to improve our services and contact the data subjects.
A personal customer/user account can be deleted by the data subject at any time. The personal data is removed from our databases 3 months after the last contact. Anonymous storage is reserved.
We refrain from making the use of our digital information offerings dependent on a customer/user account.
2.8. E-mail
We store our e-mail traffic for a period of 1 year, from the last e-mail traffic in a conversation history, if an ongoing business relationship or the like does not require longer storage.
2.9. Contact form – Contact idz
You can contact us via the CONTACT menu item on idz.ch for all matters by email. These emails go to the [email protected] mailbox and can be opened by the business owner and marketing. Personal data sent to this account will be deleted from our web servers within one month. The further process takes place via email from the responsible employee (see above), telephone or personal contact.
2.10. Contact form – Real estate offer
If you are interested in a specific real estate offer that you found under REAL ESTATE > RENT / BUY or NEW BUILDING PROJECTS on idz.ch or on one of the various external real estate platforms, you can also send us an inquiry about this property using a contact form. The corresponding input mask determines which personal data is transmitted with the inquiry. By filling out and submitting this contact form, you agree to the processing, storage and possible transfer of your personal data. Your data can be entered manually in a third-party software (CASAONE from Casasoft, Flurstrasse 55, 8048 Zurich) or imported via an interface. Based on the stored data, it is possible that we have other real estate offers for you that meet the criteria of your request. Relevant real estate offers can be identified manually or digitally using software. We can inform you about such real estate offers by email, letter or telephone. You have the option of unsubscribing from this service at any time.
2.11. Creation of a property search profile
On our website, users are given the opportunity to use a form under REAL ESTATE > SEARCH PROFILE to create a property search profile. The purpose of a property search profile is to inform us of your preferences regarding the property search. The personal data that is transmitted when creating a search profile is determined by the input mask used for this purpose. By completing and submitting this search profile form, you agree to the processing, storage and possible transfer of your personal data.
The personal data collected when creating a property search profile is used exclusively to provide personal information about suitable property offers. The transmitted data can be entered manually into a third-party software provider (CASAONE from Casasoft, Flurstrasse 55, 8048 Zurich) or imported via an interface. If there are properties that match the search criteria, we can inform you by email, letter or telephone. We may also contact you at regular intervals to update personal data relating to the property search profile. You can temporarily deactivate or completely delete the property search profile at any time.
2.12. Newsletter
You have the option of subscribing to our newsletter on our website. This requires registration using the double opt-in procedure.
As part of the registration, you must provide your email address. You can voluntarily leave us your title and name so that we can address you personally with our offer.
By registering, you give us your consent to process the data provided for the regular dispatch of the newsletter to the address you provided and for the statistical evaluation of user behavior and the optimization of the newsletter.
We are entitled to commission third parties to carry out the technical processing of advertising measures and to pass on your data for this purpose. At the end of each newsletter there is a link via which recipients can unsubscribe from the newsletter at any time. After unsubscribing, the personal data will be deleted.
2.12.1. Newsletter delivery service provider Brevo
The newsletter is sent via the delivery service provider Brevo. A newsletter delivery platform from the provider Brevo / Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany. You can view the data protection regulations of the delivery service provider here.
Brevo / Sendinblue GmbH is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with the European data protection level PrivacyShield.
The delivery service provider is used on the basis of our legitimate interests in accordance with Art. 6 Para. 1 lit. f GDPR and an order processing agreement in accordance with Art. 28 Para. 3 S.1 GDPR.
The delivery service provider may use the recipients’ data in pseudonymous form, i.e. without user assignment, to optimize or improve its own services, such as for the technical optimization of the delivery and presentation of the newsletter or for statistical purposes. However, the shipping service provider does not use the data of our newsletter recipients to write to them themselves or to pass it on to third parties.
We do not send unsolicited newsletters.
2.13. Data collection for applications
We can collect and process personal data that is provided by applicants for the purpose of processing an application process. Processing can also be done electronically. This is particularly the case if an applicant sends us the relevant application documents electronically, for example by email or via a web form on the website.
2.14. Events
Personal data from registrations for and participation in events that we organize are deleted after 1 year.
2.15. Communication via post and social media
We are currently refraining from sending addressed advertising mailings, mailings, etc. via post.
We are currently not running any paid advertising / ads on our social media accounts Facebook, Instagram, LinkedIn or YouTube. idz is not responsible for likes or comments from users and followers of our company pages on social media platforms.
2.16. Automated individual decisions
We do not currently use automated individual decisions
2.17. Server log files
We automatically collect a series of technical data that are personal data each time this website is accessed.
These are:
– IP address of the user
– Name of the website or file accessed – Date and time of access
– Notification of successful access
– Browser type and version and language setting
– User’s operating system
– Referrer URL (the previously visited page)
Server log files are not merged with other personal data. We only collect server log files for the purpose of administering and improving the website and detecting and preventing unauthorized access. Server log files are collected and evaluated by our contract processors (Casasoft, Flurstrasse 55, 8048 Zurich).
The server log files with the above data are deleted after 6 months at the latest, unless there is a legitimate interest or a service-oriented request. We reserve the right to store the server log files for longer if there are facts that suggest that unauthorized access has occurred.
3. Protective measures
3.1. Data backups
We use suitable technical and organizational security measures to protect your personal data stored with us against manipulation, partial or complete loss and against unauthorized access by third parties.
Our security measures are continuously improved in line with technological developments. You should always treat your information confidentially and close the browser window when you have finished communicating with us, especially if you share the computer with others.
We also take internal company data protection very seriously: We have obliged our employees and the service companies we commission to maintain confidentiality and to comply with data protection regulations.
In the interests of data security, we regularly create backups of our business data, which are stored on data storage devices and cloud services in Switzerland. The frequency of data backups is based on relevant recommendations.
3.2. Data protection measures
Data security is important to us. Our measures to protect against unauthorized access are based on the recommendations of the Federal Government’s National Center for Cyber Security (NCSC).
4. Website(s)
In addition to the idz.ch domain, the website also includes project-related websites and services from service partners. Visitors to the website are not obliged to provide personal data unless we point this out in individual cases or visitors are interested in purchasing a property published on the project pages.
5. Data from third-party services
5.1. Use of cookies
Cookies are data that are stored by our websites via the browser on the user’s device. The cookies we use are used on the one hand to increase and improve the user-friendliness of our websites. On the other hand, cookies help to collect statistical data on website usage and to use the data obtained in this way for analysis and advertising purposes.
Some cookies are automatically deleted from your device as soon as the browser is closed (so-called session cookies). Other cookies are stored for a specific period of time, which does not exceed 2 years in each case (persistent cookies). We may also use so-called third-party cookies, which are managed by third parties to offer certain services.
You can influence the use of cookies. Most browsers have an option to restrict or completely prevent the storage of cookies. However, we would like to point out that the use and in particular the comfort of use are restricted without cookies.
5.2. Use of Google Analytics
This website uses Google Analytics, a web analysis service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA (hereinafter “Google”).
Google Analytics uses so-called cookies, i.e. text files that are stored on your computer and that enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, due to the activation of IP anonymization on these websites, your IP address is shortened beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
The purposes of data processing are to evaluate website usage and to compile reports on website activity. Other related services will then be provided based on website and internet usage.
5.3. Google Tag Manager
The Google Tag Manager is a solution that allows us to manage so-called website tags via an interface and thus integrate Google Analytics and other Google marketing services into our online offering, for example.
The Tag Manager itself, which implements the tags, does not process any personal user data. With regard to the processing of users’ personal data, we refer to the following usage guidelines for Google services: https://www.google.com/intl/de/tagmanager/use-policy.html.
5.4. Google Maps
We use an interface to geo-specific data from Google to visualize location-based information. Google records and uses data about the use of the map function. Information about Google’s data usage can be found in Google’s privacy policy.
5.5. Social media plug-ins
We use plug-ins from social networks such as LinkedIn, YouTube and Instagram on our website.
You can typically see this via corresponding symbols in the footer. We have configured these elements so that they are deactivated by default. If you activate them by clicking on them, the operators of the respective social networks can register that you are on our website and can use this information for their purposes.
The processing of your personal data is then the responsibility of this operator, in accordance with their data protection regulations. We do not receive any information about you from them.
5.6. Instagram
Functions of the Instagram service are integrated into our website. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA.
If you are logged into your Instagram account, you can link the content of our pages to your Instagram profile by clicking on the Instagram button. This allows Instagram to assign the visit to our pages to your user account. We would like to point out that as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Instagram.
You can find more information here, in Instagram’s privacy policy: http://instagram.com/about/legal/privacy/
5.7. LinkedIn
We use the marketing services of the social network LinkedIn of LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (hereinafter “LinkedIn”) within our online offering.
These use cookies, i.e. text files that are stored on your computer. This enables us to analyze your use of the website. For example, we can measure the success of our LinkedIn posts and offer users items from our portfolio that they were previously interested in.
For example, information about the operating system, the browser, the previously visited website – the so-called referrer URL -, the websites visited, the offers clicked on and the date and time of your visit to our website is collected.
The information generated by a cookie about your use of this website is transferred in pseudonymous form to a LinkedIn server in the USA and stored there. LinkedIn does not store the name or email address of the respective user. Rather, the aforementioned data is only assigned to the person for whom the cookie was generated. This does not apply if the user has allowed LinkedIn to process data without pseudonymization or has a LinkedIn account.
You can refuse the use of cookies by setting your browser accordingly, but please note that you may then not be able to use all functions of this website. You can also object to the use of your data directly with LinkedIn: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
We use LinkedIn Analytics to analyze and regularly improve the use of our website. The statistics obtained enable us to improve our offering and make it more interesting for you as a user. All LinkedIn companies have adopted the standard contractual clauses to ensure that data traffic to the USA and Singapore, which is necessary for the development, implementation and maintenance of the services, is carried out lawfully. If we ask users for consent, the legal basis for processing is Art. 6 (1) lit. a GDPR. Otherwise, the legal basis for the use of LinkedIn Analytics is Art. 6 Para. 1 Clause 1 Letter f of GDPR.
The LinkedIn user agreement and data protection guidelines can be found here: LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2 Ireland.
5.8. Embedded content from other websites
The idz.ch website contains some links to third-party websites that may be of interest to you. When you activate such links, you may leave our website or extracts from third-party websites may be displayed within the environment of our website. We have no control over third-party websites and are neither responsible nor liable for their content or their functioning. This applies regardless of whether you are on our website when you activate a link, the display is within the environment of the website or if the information provider of an external website is not immediately apparent. Establishing this connection or consulting third-party websites is entirely at the user’s own risk and peril.
These websites may collect data about you, use cookies, embed additional third-party tracking services, and record your interaction with that embedded content, including your interaction with the embedded content if you have an account and are logged in to that website.
5.9. Embedded YouTube videos
We embed YouTube videos on some of our websites. The operator of the corresponding plug-ins is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA (hereinafter “YouTube”).
When you visit a page with the YouTube plug-in, a connection is established to YouTube servers. YouTube is informed which pages you visit. If you are logged into your YouTube account, YouTube can assign your surfing behavior to you personally. You can prevent this by logging out of your YouTube account beforehand.
When a YouTube video is started, the provider uses cookies that collect information about user behavior.