We take you as a client – and therefore your right and need for data truth and data security – seriously. That is why we have decided to align the way we treat your data with the strict requirements of the European General Data Protection Regulation (GDPR), even before the revised Swiss Federal Data Protection Act comes into force.
Swiss marketplace and EV global
Our core business is geared towards the Swiss property market. If you are interested in a property outside Switzerland, we will happily put you in touch with the relevant EV office. All of the EV offices around the world are referred to jointly as EV global. By consenting to your data being processed, stored and used, you therefore simultaneously declare that you consent to your data being processed, stored and used within EV global. If we believe there is a good case for involving other partners within EV global in order to provide the service you have requested, your data will be made accessible specifically to these EV offices.
We are delighted that you would like to receive the EV newsletter to keep you a click ahead of the competition. The newsletter contains exclusive details of properties before they are advertised on real estate portals as well as providing you with information on selected topics. If you would like to stop receiving the EV newsletter in the future, you can unsubscribe easily using the link at the end of each newsletter.
In its role as a responsible party, E&V Zug Properties AG (hereinafter also referred to as “Engel & Völkers”) informs its clients and potential buyers about the personal data which is regularly collected when you visit our shop. In particular, this is:
● first name, surname, title, address, telephone number, details of the property you would like (if you are looking for a property) or (if you are marketing a property) details of your property;
● e-mail address if you have consented to receiving advertising information and, in particular, details of properties on the market;
● and (if a property is bought/sold or let), bank details, identity details, a copy of your ID card (when buying a property) and land register details, electricity, oil and/or gas bills, statements of direct costs, purchase contract (if a property is sold) or (if a property is let) bank details, identity details, CV, proof of earnings, proof of creditworthiness, tenancy agreement.
This data is hereinafter referred to as “data” or “personal data”.
Purpose of processing
As a responsible party, Engel & Völkers processes personal data for the following purposes:
● To fulfil the contractual relationship (the legal basis for this is Art. 6 (I) (b) GDPR).
● To advertise properties being marketed by Engel & Völkers or licence partners from the Engel & Völkers network (the legal basis for this is Art. 6 (I) (f) GDPR; Engel & Völkers has a legitimate interest in processing personal data for direct marketing purposes).
If your service request relates to properties marketed by other EV offices, Engel & Völkers will share the personal data collected about you with the relevant company within EV global, based on your consent to your data being forwarded within EV global.
We forward your data to our contract processor, Engel & Völkers Technology GmbH, Hamburg, Germany, for the purpose of data processing. Over and above this, your data is only forwarded in connection with fulfilment of the contractual relationship. In particular, data is forwarded to the parties to your contract, notaries and land registries.
Engel & Völkers uses servers located within the European Union.
Access to data
Personal data is processed by Engel & Völkers, and in particular by:
● staff and consultants who provide the services offered;
● third-party providers (e.g. IT service providers, hosting providers or e-mail marketing service providers) to whom Engel & Völkers has outsourced services which entail processing as part of a contract processing agreement.
Transferring data to non-EEA countries
Engel & Völkers uses the services of Google Ireland Limited for e-mail communication. As part of its maintenance of these products, Google is also entitled to access e-mail communication systems in non-EEA countries. Such access is based on standard EU agreements and data protection certifications.
Storage and erasure of data
Engel & Völkers stores personal data in connection with a contractual relationship for the duration of the retention period stipulated in the legal requirements.
Furthermore, Engel & Völkers stores your data in connection with the receipt of advertising information until such time as you contact Engel & Völkers to withdraw your consent.
Data subject rights
You have the right to information about the processing of your personal data (such as the origins of this data, the purpose for which it is processed and how data is processed). Furthermore, you are entitled to opt out of data processing with future effect, restrict the processing of your data or request its erasure at any time. Lastly, you can stop receiving advertising mailings, taking part in market research or receiving commercial communications at any time.
To summarise, you have the right to:
- erasure (or being forgotten),
- restrict processing,
- data portability,
- object to the processing of your personal data,
- file an objection with the supervisory authorities.
To exercise the above rights and request information, please contact the controller.
The controller is E&V Zug Properties AG, Neugasse 15/17, 6300 Zug, Switzerland, e-mail: anja.beck@engelvölkers.com. Our contract processor is Engel & Völkers Technology GmbH, Hamburg, Germany. Subcontractors may also be used. We will gladly provide you with an up-to-date list of these on request.
The following legal provisions are cited to give you an overview of data protection rules and regulations. They are provided as examples based on the GDPR and the draft for the Swiss Federal Data Protection Act and are by no means exhaustive. For further information on data protection issues, please contact your Human Resources department.
Art. 4 (1) GDPR: “Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Art. 4 (2) GDPR: “Processing” means any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Principles relating to processing
Art. 5 (1) (a) GDPR: Personal data shall be [...] processed lawfully, fairly and in a transparent manner in relation to the data subject (“lawfulness, fairness and transparency”).
Art. 5 (1) (f) GDPR: Personal data shall be [...] processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (“integrity and confidentiality”).
Art. 29 GDPR: The processor and any person acting under the authority of the controller or of the processor, who has access to personal data, shall not process that data except on instructions from the controller, unless required to do so by Union or Member State law.
Art. 32 (2) GDPR: In assessing the appropriate level of security account shall be taken in particular of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed.
Art. 33 (1) sentence 1 GDPR: In the case of a personal-data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal-data breach to the supervisory authority competent [...] unless the personal-data breach is unlikely to result in a risk to the rights and freedoms of natural persons.
Draft for the Swiss Federal Data Protection Act
Art. 5 Principles
1 Personal data must be processed lawfully.
2 Processing must be fair and proportionate.
3 Personal data may only be obtained for a specific purpose which is discernible for the data subject; it may only be processed in a fashion which is consistent with this purpose.
4 It is destroyed or anonymised as soon as it is no longer needed for the purpose of processing.
5 Anyone who processes personal data must ensure it is correct. He or she must take all appropriate steps to rectify, erase or destroy data which is incorrect or incomplete with regard to the purpose of its acquisition or processing.
6 If the consent of the data subject is needed, this consent is only valid if it is granted voluntarily and clearly for one or more specific processing operations after adequate information has been provided. Express consent is required for the processing of personal data which is particularly sensitive* and for profiling.
* Particularly sensitive data is information about:
- religious, ideological, political or trade union views or activities;
- health, privacy or membership of a race or ethnic group;
- genetic data;
- biometric data which clearly identifies a natural person;
- prosecutions or sanctions under administrative or criminal law;
- income support.