1. General Information on Data Processing
1.1. Purpose of the Data Privacy Statement
When contacting Book a home AG with its registered office in Zurich (hereinafter referred to as “Book a home” or “we”), personal data (hereinafter also referred to as “personal data” or “data”) is usually processed. This data typically includes name, e-mail address, telephone number and personal information related to contractual relationships with us. In addition, technical data that can be attributed to a person is considered personal data (in particular cookies, see below). When speaking of “processing”, we mean any handling of personal data, such as the acquisition, use or disclosure of personal data.
In this data privacy statement, we inform you about the personal data we process when you visit our website, use our services, enter into a rental relationship with us or otherwise have a contractual relationship with us, communicate with us or otherwise deal with us. We also explain below why and how we process your personal data and what measures we take to protect it. We also inform you of your rights under data protection legislation in connection with the data processing described here.
Responsible under data protection law for the processing described in this data privacy statement is:
Book a home ag
+41 44 888 61 00
If you have any concerns or questions in connection with the protection of your personal data and/or this data privacy statement, you are welcome to contact our internal data protection office at any time, which can be reached by e-mail at Datenschutz@bookahome.ch.
Besides, this data privacy statement applies both to the processing of data that we already have and to personal data that we collect from you in the future.
1.2. Legal Basis
Where we do not ask you for consent for processing, we base the processing of your personal data on the fact that the processing is necessary for the initiation or execution of a contract with you (or the organisation you represent) or that we or third parties have a legitimate interest in doing so, in particular in order to pursue the purposes and associated objectives described below and to be able to implement corresponding measures. Our legitimate interests also include compliance with statutory provisions, insofar as these are not already recognised as a legal basis by the applicable data protection law.
2. Collection and Processing of Personal Data by Book a home
2.1. General Information
The most important processing procedures and purposes and the most important categories of personal data processed by us are summarised below.
You provide us with much of the following data yourself (e. g. via forms, as part of communication with us, as part of an application, in connection with contracts, when using the website, etc.). However, it may be necessary for us to collect information about you from publicly accessible sources such as the commercial register, the debt collection register or the Internet or to obtain it from third parties (e. g. providers of creditworthiness data, reference information in the application process, etc.) in order to achieve the purposes described in our data privacy statement.
If you provide us with data about other people, such as fellow occupants or employees, we assume that you are authorised to do so and that the data is correct. By submitting data about third parties, you confirm this. We ask you to ensure that these third parties are informed about our data processing. You are also welcome to provide a copy of our data privacy statement.
2.2. Rental Process
In the rental process, we process personal data from owners, prospective tenants and tenants to the extent necessary for the overall rental process. We may also use certain data obtained in the rental process for our own statistical purposes. By disclosing personal data, the persons concerned declare their consent to data processing.
In addition, personal data may be collected from the following persons:
– fellow occupants
– contact persons, employees or representatives of corporate clients, owners, etc.
– family members
If parents provide us with the data of their minor children, consent to the processing of the children’s data is given with the disclosure.
This is essentially data that we receive from prospective tenants in the course of an application, master data on tenants and contractual and communication data. The contract data also includes financial data such as information on creditworthiness, reminders and debt collection.
2.3. Marketing Process
In the marketing process, personal data of sellers, prospective buyers and purchasers is collected to the extent necessary for the process. With the disclosure of personal data by the persons concerned, they declare their consent to the processing of data.
In particular, this concerns the following data:
– contact data
– master data
– contract data and data on the property (incl. land register excerpts)
– financial data
In principle, visitors to our website can visit it without disclosing any personal data to us. However, we do collect data from visitors to our website.
The IP address of your terminal device and other technical data are automatically collected in order to ensure the best possible user experience. This data also includes logs in which the use of our systems is recorded (so-called server log files). Such server log files are not merged with other personal data.
If you contact us using the contact form or by e-mail or telephone using the contact details provided on the website, we will collect, store and use the contact details and other personal data and relevant information that you provide to us in this context. We process the personal data disclosed to us in this context in order to process the contact, for the purpose of providing the service and for communication with you.
2.5.1. General Information
In addition, we may also use so-called third-party cookies, which are administered by third parties in order to offer certain services.
You can set your browser in such a way that you are informed when cookies are set and can decide yourself whether to accept them or generally exclude their acceptance. You can find more information here:
Furthermore, users can adjust the cookies when visiting the websites via the relevant notice.
2.5.2. Integration of Third-party Services and Content
It may happen that third-party content such as videos from YouTube, maps from Google Maps, RSS feeds or graphics from other websites are integrated within our website. This always presupposes that the providers of this content can perceive the IP address of the user in order to send the content to the browser of the respective user. The IP address is therefore required for the display of this content. We are engaged to use only such content whose respective providers use the IP address only to deliver the content. However, we have no influence if the third-party providers store the IP address, e. g. for statistical purposes. The processing of your personal data is then the responsibility of this third party provider in accordance with their data privacy statement.
2.5.3. Google Analytics
We use Google Analytics on our website. This is a service provided by Google Ireland (based in Ireland), with which we can measure and evaluate the use of the website. Google Ireland relies on Google LLC (based in the USA) as an order processor (both “Google”).
Permanent cookies are also used for this purpose, which are set by the service provider. We have configured the service in such a way that the IP addresses of visitors are shortened by Google in Europe before being forwarded to the USA and thus cannot be traced. Although we can assume that the information we share with Google is not personal data for Google, it is possible that Google can draw conclusions about the identity of visitors from this data for its own purposes, create personal profiles and link this data to the Google accounts of these individuals. If you have registered with the service provider yourself, the service provider will also know you. The service provider is then responsible for processing your personal data in accordance with its data protection regulations. The service provider only informs us how our respective website is used (no information about you personally).
2.5.4. Social Media Plug-Ins
We also use so-called plug-ins from social networks such as Facebook or Instagram on our websites. This is visible to you via the corresponding icons. We have configured these elements so that they are deactivated by default. If you activate them by clicking on them, the operators of the respective social networks can register that you are on our website and can use this information for their purposes. The processing of your personal data is then the responsibility of this operator according to their data protection regulations. We do not receive any information about you from them.
2.5.5 Web Fonts
External fonts, Google Fonts, are used on these Internet pages for the uniform presentation of fonts. Google Fonts is a service provided by Google.
For this purpose, your browser establishes a connection to Google servers, which may be located in the USA, and certain information and sometimes personal data is transmitted to Google.
You can find more information in Google’s data protection information.
On our website you have the possibility to subscribe to a free newsletter. When you register for the newsletter, the data from the input mask, the IP address and contact details are transmitted to us and processed by us. For the processing of the data, your consent is obtained during the registration process and reference is made to this data privacy statement.
If you make use of our services and provide us with your e-mail address, this may subsequently be used by us to send you the newsletter. In such a case, only direct advertising for our own similar goods or services will be sent via the newsletter.
You have the option to opt out of receiving the newsletter at any time.
2.7. Company Profiles on Social Media
We are also present with a company profile on the social networks Facebook and Instagram, where we present our offer and communicate with interested parties. These pages and services are offered and operated by third parties. We would like to point out that data about you as a user may be collected via these pages or services and may also be passed on to third parties. The separate data protection regulations of these services or channels apply.
Personal data that you provide to us when communicating with us via these social networks is used exclusively to process the contact and communication with you.
3. Data Transfer and Transmissions abroad
In order to provide our services and within the scope of the above-mentioned purposes, we work together with a wide range of external partners and third parties and also pass on personal data to them. This is because they either process the personal data for us (e. g. telephone service providers/support) or want to use it for their own purposes (e. g. authorities). The data transfer takes place in accordance with the provisions of the DSG and, if applicable, in accordance with the DSGVO.
This concerns the following recipients in particular:
– Service providers of ours such as banks, legal advisors, insurance companies, maintenance and support service providers, including order processors (e. g. IT providers, credit information providers, etc.).
– subcontractors and other business partners
– domestic and foreign authorities, official bodies or courts
– other parties in potential or actual legal proceedings or other persons involved in administrative or legal proceedings
– purchasers of or parties interested in acquiring our company, business or assets
These recipients are often located in Switzerland, but may also be located outside Switzerland, the EU and the European Economic Area (EEA), e. g. in the USA or other countries worldwide.
Not all countries outside Switzerland, the EU and the European Economic Area (EEA) currently guarantee a level of data protection that corresponds to Swiss law. If a recipient is located in a country without adequate legal data protection, we contractually oblige the recipient to comply with the applicable data protection, insofar as the recipient is not already subject to a legally recognised set of rules to ensure data protection and we cannot rely on an exemption provision. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interests or if the performance of a contract requires such disclosure, if you have consented or if it concerns data that you have generally made accessible and to whose processing you have not objected.
4. Duration of Storage
We process and store your personal data for as long as it is necessary for the fulfilment of our contractual and legal obligations or otherwise for the purposes pursued with the processing, i. e. for example for the duration of the entire contractual relationship (from the initiation, processing to the termination of a contract) as well as beyond this in accordance with the statutory retention and documentation obligations. In this context, it is possible that personal data will be stored for the time during which claims can be asserted against us and insofar as we are otherwise legally obliged to do so or legitimate business interests require this (e. g. for evidence and documentation purposes or if the storage is technically required). In particular, rental agreements and the related personal data are stored for 10 years beyond the last contractual performance (usually settlement of ancillary costs or reimbursement of the rental interest deposit) in accordance with the principles of the general period of limitation (Art. 127 OR).
As soon as your personal data is no longer required for the above-mentioned purposes, the retention period has expired and there are no legal or contractual obligations to the contrary, it will be deleted or made anonymous within the scope of our usual processes and as far as technically possible.
For operational data (e. g. system logs), shorter retention periods of usually twelve months or less apply.
5. Automated Individual Case Decisions
We do not currently make any fully automated decisions. We will inform you separately if we should use individual case decisions based on automated processing (e. g. through the use of computer programs) in the future.
6. Data Security
We take appropriate technical and organisational precautions to protect the personal data we collect against unauthorised or unlawful processing and against loss, accidental alteration, unauthorised disclosure or access, such as by issuing directives, IT and network security solutions, access controls and restrictions.
However, security risks generally cannot be completely ruled out and a certain residual risk remains unavoidable.
7. Rights of the Data Subjects
Within the framework of the applicable law, the persons concerned have certain rights with regard to the personal data processed by us, so that they can control or influence our processing. These are in particular the right of access and the right to rectification, so that you can demand that we correct, complete or update your personal data if it is incorrect. If you incur any costs, we will inform you of this in advance.
Furthermore, you can object to our data processing at any time with effect for the future (right of objection) or, if we process your personal data based on your consent, you can revoke this consent at any time. In any case, such a revocation is only effective for the future.
If you have such a request, please contact our internal data protection office (Datenschutz@bookahome.ch). As a rule, the exercise of these rights requires that you clearly prove your identity.
We would like to point out at this point that some of these rights may not apply in individual cases and we may be entitled or obliged to restrict or postpone the fulfilment of a right, for example if we are obliged to retain or process certain data, have an overriding interest in doing so or require it for the assertion of claims. We will inform you accordingly in such a case.
Moreover, every data subject has the right to enforce his or her claims in court or to file a complaint with the competent data protection authority at any time. For Switzerland, this is the “Eidgenössische Datenschutz- und Öffentlichkeitsbeauftragte (EDÖB)”/Federal Data Protection and Information Commissioner (FDPIC) (www.edoeb.admin.ch).