The privacy statement (including legally required information content) is divided into two parts:
- Part 1: Data protection information for business partners, tenants, customers and interested parties
- Part 2: Supplementary privacy statement for our website
Part 1: Data protection information for business partners, tenants, customers and interested parties
Information on data protection regarding our data processing pursuant to Articles (Art.) 13, 14 and 21 of the General Data Protection Regulation of the European Union (GDPR), Art. 19 of the Swiss Federal Act on Data Protection (FADP) and Art. 13, 14 and 21 of the General Data Protection Regulation of the United Kingdom (UK GDPR)
We take data protection seriously and hereby inform you about how we process your data and what claims and rights you are entitled to according to the statutory data protection regulations. Valid as of 1 September 2023.
These data protection guidelines do not apply to personal information obtained via our career page.
1. Controller and contact details of the data protection officer/advisor
Where reference is made in this data protection information to “we,” “us” and “our/s,” this refers to the respective controller for data processing. The contact details of the respective controller as well as the contact details of the data protection officer/advisor can be found here.
If you have any questions about data protection, you can contact the respective controller or the designated data protection officer/advisor in confidence at any time.
2. Purposes and legal basis according to which we process your data
We process personal data in accordance with the applicable provisions of the GDPR, the FADP, the UK GDPR and other applicable data protection regulations (“Data Protection Legislation”) (details below). Which specific data are processed and the way in which they are used essentially depends on the individual services requested or agreed. Further details or supplements to the purposes of data processing can be found in the relevant contract documents, forms, a declaration of consent and/or other information provided to you (e.g. within the scope of use of our website or in our terms and conditions). In addition, this data protection information may be updated from time to time.
2.1 Purposes of contract fulfilment or pre-contractual measures
The processing of personal data is carried out to implement our contracts with you and execute your orders as well as to implement measures and activities within the scope of pre-contractual relationships information (e.g. with prospective clients. In particular, such processing serves to facilitate the provision of services in accordance with your orders and wishes and real estate services such as the brokering, letting, sale and purchase of real estate in accordance with your orders and wishes and comprises the services, measures and activities necessary for this. These primarily include contract-related communication with you, the corresponding invoicing and associated payment transactions, the traceability of transactions, orders and other agreements as well as quality control by means of corresponding documentation, improvement in sustainability including by optimising consumption data (heat, energy, water and waste) for the building, goodwill procedures, measures for managing and enhancing business processes as well as for meeting general due diligence obligations, management and control by affiliated companies (e.g. parent company); statistical evaluations for corporate management, cost recording and controlling, reporting, internal and external communication, emergency management, settlement and fiscal evaluation of operational benefits, risk management, assertion of legal claims and defence in case of legal disputes; safeguarding of IT security (including system and plausibility tests) and general safety, including building and equipment safety, upholding and exercise of domiciliary rights (e.g. by means of access controls); safeguarding of the integrity, authenticity and availability of data, prevention and investigation of criminal offences; monitoring by supervisory boards or authorities (e.g. audit).
2.2 Purposes for the fulfilment of statutory requirements or in the public interest
Like all parties participating in economic affairs, we are also subject to a large number of statutory obligations:
- the fulfilment of requests and requirements of supervisory and law enforcement
- fulfilment of control and reporting obligations under tax law;
- the fulfilment of legal requirements for the prevention of fraud and money laundering as well as for the prevention and combating of terrorist financing, asset-endangering criminal offences, comparison as obligated parties within the meaning of the Money Laundering Act. This includes, among other things, the identification of business partners and beneficial owners and verification of identity and age if required;
- matching against European and international anti-terror lists;
- archiving of data for the purposes of data protection and data security and review by tax and other authorities;
- local/judicial measures for the purpose of obtaining evidence, prosecuting or enforcing civil claims.
2.3 Purposes in the event of a legitimate interest on our part or that of a third party
We may process your data beyond the actual fulfilment of the contract or preliminary contract if this is necessary for upholding our own legitimate interests or those of third parties, in particular for the purpose:
- of advertising or market and opinion research as long as you have not revoked the use of your data;
- of obtaining information and exchanging data with information bureaux as long as this exceeds our economic risk;
- of reviewing and enhancing needs analysis procedures;
- of launching and further developing products and services as well as existing systems and processes;
- improving the sustainability of the property by, amongst other things, optimising consumption data (heat, energy, water and waste);
- of disclosing personal data within the scope of due diligence during company sale negotiations;
- of refinancing by another institution;
- of matching against European and international anti-terror lists as long as this exceeds the statutory obligations;
- of enriching our data, for example through the use or research of publicly accessible data;
- of statistical evaluations or market analysis and benchmarking;
- of asserting legal claims and defending ourselves in the event of legal disputes that are not directly attributable to the contractual relationship;
- of limited data storage if deletion is not possible or only possible with a disproportionately high outlay owing to the specific type of storage;
- of developing scoring systems or automated decision-making processes;
- of preventing and investigating criminal offences as long as this is not exclusively for the fulfilment of statutory requirements;
- of building and equipment safety (e.g. by means of access controls and video surveillance) as long as this exceeds the general due diligence obligations;
- of internal and external investigations and security checks;
- of potentially listening into or recording telephone conversations for quality control and training purposes;
- of obtaining and upholding certifications of a private law or regulatory nature;
- of upholding and exercising domiciliary rights through both corresponding measures and video surveillance for the protection of our clients and staff and the securing of evidence in the event of criminal offences and their prevention.
2.4 Purposes within the framework of your consent
The processing of your personal data for specific purposes (e.g. the use of your e-mail address for marketing purposes) may also take place subject to your consent. You can normally revoke this at any time. This also applies to the revocation of declarations of consent that were given to us before the applicable data protection legislation came into force. You will be informed separately in the text of the declaration of consent about the purposes and the consequences of revocation or not granting consent.
As a rule, any revocation of consent only applies to the future. Any processing taking place prior to the revocation is not affected by this and remains lawful.
3. The data categories processed by us for data we do not receive directly from you, and their origin
To the extent that this is necessary for the provision of our services, we process personal data permissibly received from other companies or third parties (e.g. information bureaux, address publishers). We also process personal data that we have permissibly obtained, received or acquired from publicly accessible sources (such as telephone directories, commercial registers and registers of associations, civil registers, debtor registers, land registers, the press, Internet and other media) and are permitted to process.
Relevant personal data may in particular include:
- Personal details (name, date of birth, place of birth, nationality, marital status, profession/sector and comparable data);
- Contact details (address, e-mail address, telephone number and comparable data);
- Address details (registration details and comparable data);
- Payment confirmation/cover note for bank and credit cards;
- Information about your financial situation (creditworthiness data including scoring, i.e. data for assessing the economic risk);
- Client history;
- Data about your use of the telemedia we offer (information (e.g. of retrieval of our websites, apps or newsletter, sites/links clicked on, entries and comparable data);
- Video data
4. Recipients or categories of recipients of your data
Any forwarding of your data takes place exclusively in compliance with the applicable data protection legislation and only as long as the legal basis permits this. Within our organisation, only those departments receive your data that require them to fulfil our contractual and statutory duties or for the implementation of our legitimate interests.
Any forwarding of your data to external bodies takes place exclusively
- in connection with contract conclusion;
- for the purpose of fulfilling statutory requirements according to which we are obliged to disclose, report or forward data or where the forwarding of data is in the public interest;
- to the extent that external service providers processing orders or assuming functions process data on our behalf (e.g. external data centres, support/maintenance of IT applications, archiving, document processing, call centre services, compliance services, controlling, data screening for anti-money laundering purposes, data validation and plausibility check, data destruction, purchasing/procurement, client administration, lettershops, marketing, media technology, research, risk controlling, invoicing, telephone services, website management, audit services, credit institutions, printers or data disposal companies, courier services, logistics);
- on the basis of our legitimate interests or those of third parties for the purposes stated in section no. 2.3 above (e.g. to authorities, information bureaux such as Schufa AG or Intrum AG, debt collection agencies, lawyers, courts, experts, Group companies, committees and supervisory authorities);
- if you have granted us your consent to the transmission of your data to third parties.
5. Duration of the storage of your data
We process and store your data for the duration of our business relationship. This also includes the initiation of a contract (pre-contractual legal relationship) and the conclusion of a contract.
We are also subject to various statutory and regulatory retention and documentation obligations resulting, inter alia, from company and commercial law, regulatory provisions and tax law.
The periods specified therein for retention and/or documentation may be up to ten years after the end of the contractual relationship or pre-contractual legal relationship.
Furthermore, special statutory provisions can entail a longer period of retention such as the safeguarding of evidence within the framework of statutory periods of limitation.
Data no longer required for the fulfilment of contractual or statutory obligations and rights are deleted at regular intervals unless their further processing (for a limited period) is necessary in order to fulfil the purposes derived from an overriding legitimate interest listed in section 2.3. Such an overriding legitimate interest also exists, for instance, if deletion is not possible or only possible with a disproportionately high outlay owing to the specific type of storage and any processing for other purposes is ruled out by suitable
technical and organisational measures.
6. Processing of your data in a third country or by an international organisation
Data transmission to entities in countries other than the one in which the controller is based (so-called third country) takes place if this proves necessary for the execution of an order from or contract with you, if it is legally prescribed (e.g. reporting obligations under tax law), it constitutes a legitimate interest of ours or a third party or you have granted us your consent for this.
The recipients of your data may be located in Switzerland, the European Economic Area (EEA), the UK, the USA and any other country in the world.
The processing of your data in a third country can also take place in connection with the commissioning of service providers for the purpose of order processing. If, for the third country in question or for specific sectors in the third country, there is no decision by the competent data protection authority of the country in which the data transferring entity is located on an appropriate level of data protection in the third country, corresponding agreements (such as EU standard contracts) and additional measures may be used as a basis for the transfer. Information about the suitable and adequate safeguards and the possibility of receiving a
copy of these can be obtained on request from the individual controller or from the data protection officer/advisor.
7. Scope of your obligations to supply us with your data
You only need to supply the data that is required for initiating and implementing a business relationship or for a pre-contractual relationship with us or that we are legally obliged to collect. Without these data we will normally be unable to conclude or execute the contract. This can also apply to data required at a later stage within the scope of the business relationship. Should we request any further data from you above and beyond this, we will notify you separately of the voluntary nature of such disclosures.
8. Existence of automated decision-making in each case (including profiling)
We do not use purely automated decision-making processes. Should we use such a procedure in individual cases in the future, we will inform you about this separately insofar as this is required by law.
Under certain circumstances we may partially process your data with the aim of assessing specific personal aspects (profiling).
To enable us to inform and advise you about products in a targeted manner, we may make use of evaluation tools. These facilitate needs-based product design, communication and publicity including market and opinion research.
Such procedures can also be used to assess your solvency and creditworthiness and to combat money laundering and fraud. So-called “score values” can be used to assess your solvency and creditworthiness. Scoring uses mathematical procedures to calculate the probability of a client meeting his or her payment obligations in accordance with the contract. Such score values accordingly support us, for example, in assessing creditworthiness and making decisions regarding the sale of products and are incorporated in our risk management. The calculation is based on mathematically and statistically recognised and proven procedures and carried out on the basis of your data, in particular your income situation, outgoings, existing liabilities, profession, employer, length of employment, experience from existing business relationships, timely contractual repayment of previous loans and information from credit agencies.
Information on nationality and special categories of personal data are not processed here.
9. Your data protection rights
Under certain conditions, you can assert your data protection rights towards us.
- You are entitled to receive information from us about your data stored with us in accordance with the provisions of (possibly with restrictions under national law).
- At your request we will correct the data stored about you if they are inapplicable or erroneous.
- If you wish, we will delete your data unless prevented from doing so by other statutory regulations (e.g. statutory retention obligations or any restrictions under national law) or an overriding interest on our part (e.g. for the defence of our rights and claims).
- You can ask us to restrict the processing of your data.
- You can also register an objection to the processing of your data requiring us to cease processing your data. However, this right of objection only applies if special circumstances pertain with regard to your personal situation and the rights of our Group may obstruct your right of objection.
- You also have the right to receive your data in a structured, commonly used and machine-readable format or to transmit it to a third party.
- You are furthermore entitled to revoke consent granted to us for the processing of personal data at any time with future effect (see 2.4).
- You also have recourse to a right of complaint to a data protection supervisory authority. However, we recommend that you first always address a complaint to the respective controller or to the data protection officer/advisor.
If possible, your requests to exercise your rights should be addressed in writing to the respective controller specified above or to the data protection officer/advisor.
Information about your right to object
- You have the right to object at any time to the processing of your data on the basis of a balancing of interests or in the public interest, if there are reasons for doing so arising from your particular situation. This also applies to profiling based on this provision. Should you register an objection, we will no longer process your personal data unless we are able to provide evidence of compelling legitimate grounds for such processing that outweigh your interests, rights and freedoms, or processing serves the assertion, exercise or defence of your legal claims.
- We may also process your personal data to conduct direct advertising. If you do not wish to receive any advertising, you are entitled at any time to register an objection to this; this also applies to any profiling connected with such direct advertising. We will observe this objection in the future. We will no longer process your data for the purposes of direct advertising if you object to its processing for these purposes.
The objection can be made informally and should, if possible, be addressed to the respective controller named in section 1.
Part 2: Supplementary privacy statement for our website
With the following data protection information, we would like to explain to you in more detail how your data is handled when using our website.
1. Visit the website
Each time you visit our website, our systems automatically collect data and information from the computer system of the calling computer (data that your browser transmits to our server), so-called log data. This also occurs if you do not register or otherwise transmit information to us, for example through active input. The following data is collected in any case when you visit our website and stored in the log files:
- IP address of the PC, tablet, smartphone etc. (end device) used;
- Date and time of the request or access;
- Time zone difference from Greenwich Mean Time (GMT);
- Content of the request (specific page, content accessed);
- Access status/HTTP status code;
- the amount of data transferred in each case;
- Website (URL) from which the request comes (from which the user's system arrives at our website (origin));
- Website that is called up by the user's system via our website;
- Details of the internet service provider;
- Information about the browser type and version used;
- Operating system of the end device and its interface;
- Language and version of the browser software.
The storage of the aforementioned data is generally only temporary for the duration of the session and is necessary to enable the proper operation and presentation of the website. This processing of your data also serves to evaluate and continue to ensure system security and system stability, as well as other administrative purposes. If your data is stored in our log files, this is also only done to ensure the functionality of our website. In addition, we use the data to optimise and ensure the security of our information technology systems. The legal basis for the processing and storage of your personal data is Art. 6 para. 1 lit. f GDPR, provided the GDPR applies. Your data will be deleted as soon as it is no longer required to achieve the purpose and we are not legally obliged to retain it. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. In the case of storage of your data in log files, this occurs after five days at the latest. Storage beyond this period is only provided for in exceptional cases, for example if this is necessary for technical reasons or to improve our systems. In this case, the IP addresses of the users are deleted or alienated so that an assignment is no longer possible.
We only store pseudonymised IP addresses. This is done at the web server level by storing an IP address 123.123.123.XXX in the log file by default instead of your actual IP address, e.g. 123.123.123, where XXX
is a random value between 1 and 254. It is no longer possible to establish a personal reference. The log file data is also always stored separately from other personal data.
2. Contact forms
Our website contains contact forms which you can use to get in touch with us. When using the contact form, the data entered in the input mask is collected and processed for the purpose of contacting you. In addition, your IP address and the date and time of the enquiry are stored. The legal basis for processing your data when using the contact form is your consent. The processing of the personal data from the input mask only serves to process your enquiry and possible further questions related to it.
3. Electronic newsletters, such as Fund Update, Ad-Hoc Notices or EQS Database
When you subscribe to one of our electronic newsletters, we collect and process the personal data you enter in the input mask. We process your name and e-mail address in order to contact you for the purpose of sending you our electronic newsletter as well as for information on other products, services or other activities. The collection of your e-mail address is required for the delivery of the newsletter. The collection of your name is used to personalise the newsletter. We also process online data and other information about you in this context so that we can personalise the content of our newsletters, including, for example, information about whether and when you open a newsletter and which links you click on and when. This is a procedure that helps us to assess the effect of newsletters and to optimise our newsletters. The legal basis is your consent. You can revoke your consent at any time with effect for the future and thus unsubscribe from receiving information about current and future products, services or other information about us. The lawfulness of the processing carried out on the basis of the consent up to the revocation remains unaffected by this. You can declare the revocation by clicking on the link provided in every newsletter e-mail or by sending a message to our contact details provided. If you object to the use of your data, we will no longer send you the newsletter.
When you visit and use our website, cookies are stored on your computer. Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system. When a user calls up a website, a cookie may be stored on the user's operating system.
Some cookies are strictly necessary for the operation of our website. Other cookies are used for statistical purposes or to analyse access to our website or for marketing purposes or to offer you the use of external media. Both temporary/session cookies and longer stored/permanent cookies are used. Temporary cookies are deleted as soon as you close your browser. Permanent cookies remain for a longer period of time but can be deleted manually at any time. Some of the cookies are set by third parties. The legal basis for data processing when using cookies that are strictly necessary is Art. 6 para. 1 lit. f GDPR, provided the GDPR applies, as well as your consent when using all other cookies. If we do not process your data on the basis of your explicit consent, your personal data will only be processed to the extent necessary to protect our legitimate interests or the legitimate interests of a third party and to the extent that this does not override your interests or fundamental rights and freedoms requiring the protection of personal data.
Detailed information about the use of the respective cookies, in particular about their purpose, their legal basis, the respective function duration and the extent to which they are set by third parties or third parties have access to the data collected via the cookies, can be found in our cookie banner on our website in
addition to the information provided in our privacy statement. You can access the cookie banner at any time by clicking on the icon at the bottom left of the screen or on the "Cookie settings" button below. You can consent to the use of the respective categories of cookies individually. You can change or revoke your consent at any time in the cookie banner.
tells you if and when third parties access your browser.
5. Request by e-mail, telephone or fax
If you contact us by e-mail, telephone or fax, your enquiry including all personal data arising from it will be stored and processed by us for the purpose of processing your request. The processing of this data is carried out for the fulfilment of a contract, insofar as your enquiry is related to a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us or on your consent, if this has been requested. You can revoke your consent at any time with effect for the future.
6. Links to other websites
Our website may contain links to other websites. We have no influence on whether the operators of these websites comply with data protection regulations. We also have no influence on the legality of the contents of these websites. We therefore disclaim any responsibility for the content of other websites. We are not responsible for their content or handling of personal data. Third-party websites are not subject to this privacy statement.
7. web analysis/other third-party technologies
- Use of Adobe Analytics
We use the "Adobe Analytics" analysis service operated by Adobe Systems Software Ireland Ltd, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, in Ireland (Adobe). In this process, data about the behaviour on our website (duration and frequency of page views, content accessed, geographical origin of access, etc.) is recorded by cookies that are stored on your computer, enabling an analysis of the use of the website. On this basis, Adobe creates analyses of the use of our website for us and reports on website activity.
Information on data protection by Adobe can be found at https://www.adobe.com/ch_de/privacy/policy.html.
You can deactivate Adobe Analytics by downloading and installing a browser extension at the following link: https://www.adobe.com/ch_de/privacy/opt-out.html.
- Integration of social media platforms
Functions (plug-ins) of third-party providers or social media platforms (X (formerly Twitter), LinkedIn, Youtube) are integrated on the website. These plug-ins enable the user to share content on the aforementioned social networks. When the website is called up, the buttons are deactivated by default. This means that no personal data is transmitted to the respective third-party providers without the user's intervention. After the user has activated the buttons and consented to the corresponding data processing, the plug-ins automatically transmit data, including personal data, to the corresponding third-party provider. If the user is logged into the network of the respective third-party provider at the same time as visiting the website, the provider can assign the visit to the user's network account. We have no influence on this. The purpose and scope of this data collection and the further processing of personal data can be found in the privacy statements of the respective social networks.
- Google reCAPTCHA
To protect our contact forms, we use the reCAPTCHA service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, Ireland (“Google”). This service verifies whether the data entry is made by a human or by an automated program. The service includes the sending of your IP address and possibly other data required by Google for the reCAPTCHA service to Google. The basis for the processing is your consent. The deviating data protection regulations of the Google company apply to this data. Further information on the data protection guidelines of Google reCaptcha can be found at www.google.com/policies/privacy/?hl=de.
- Friendly Captcha (bot/spam protection)
We use "Friendly Captcha" on our website, a service provided by Friendly Captcha GmbH, Am Anger 3-5, 82237 Wörthsee, Germany. Friendly Captcha is used to make it more difficult for automated programs and scripts (so-called "bots") to use our website.
For this purpose, we have integrated a program code from Friendly Captcha into our website, for example for registration forms, so that the visitor's end device can establish a connection to the Friendly Captcha servers in order to receive a calculation task from Friendly Captcha. The visitor's end device solves the calculation, which requires certain system resources, and sends the calculation result to our web server. The server contacts the Friendly Captcha server via an interface and receives a response stating whether the puzzle was solved correctly by the end device. Depending on the result, we can apply security rules to requests via our website and, for example, process or reject them.
- The data is used exclusively for the protection against spam and bots described above.
- Friendly Captcha does not set or read any cookies on the visitor's end device.
- IP addresses are only stored in hashed, i.e. one-way encrypted form and do not allow us and Friendly Captcha to draw any conclusions about an individual person.
- If personal data is stored, this data is deleted within 30 days.
The legal basis for the processing is our legitimate interest in protecting our website against abusive access by bots, i.e. spam protection and protection against attacks such as mass requests.
Further information on data protection when using Friendly Captcha can be found at https://friendlycaptcha.com/de/legal/privacy-end-users/.
- Video platforms YouTube and Simplex
We use the YouTube and Simplex platforms to post our own videos and make them publicly available. Both YouTube and Simplex are provided by a third party not affiliated with us, namely Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, Ireland and xtendx AG, Adlikerstrasse 246, 8105 Regensdorf, Switzerland.
Some of the Internet pages of our website contain links or connections to YouTube and Simplex. In general, we are not responsible for the content of websites to which links are provided. In the event that you follow a link to YouTube, however, we would like to point out that YouTube stores the data of its users (e.g. personal information, IP address) in accordance with its own data usage guidelines and uses it for business purposes.
We embed both Simplex and YouTube saved videos directly on some of our web pages. When YouTube videos are integrated, content from the YouTube website is displayed in parts of a browser window. However, the YouTube videos are only called up by clicking on them separately. This technique is also called "framing". When you call up a (sub-)page of our website on which YouTube videos are embedded in this form, a connection is established to the YouTube servers and the content is displayed on the website by informing your browser.
YouTube content is only integrated in "extended data protection mode". YouTube itself provides this mode and thus ensures that YouTube does not initially save any cookies on your device. However, when you call up the relevant pages (i.e. when you click on the video), the IP address and possibly other data (see the provider's respective privacy statement) are transmitted and thus possibly communicated which of our Internet pages you have visited.
These cookies can be prevented by appropriate browser settings and extensions ("opt-out").
Further information on data protection can be found in the respective privacy statement of the providers.
Questions and comments
For questions, suggestions or comments on the subject of data protection, please contact us by e-mail at dataprotectionAM@swisslife-am.com.
Our supplementary privacy statement for our website and the information on data protection regarding our data processing pursuant to Articles (Art.) 13, 14 and 21 of the General Data Protection Regulation of the European Union (GDPR), Art. 19 of the Swiss Federal Act on Data Protection (FADP) and Art. 13, 14 and 21 of the General Data Protection Regulation of the United Kingdom (UK GDPR) may change from time to time. We will publish any changes on our website. We will make older versions available to you on request at the address given in the "Questions and comments" section.
Swiss Life Asset Managers, August 2023