Owners Portal
Tenant Center
English
Data Protection
Data protection
Responsible for the content of this page
Companies: Dinvest Immobilien AG | Dinvest Bewirtschaftung AG
Address: Baslerstrasse 62
Postcode/town, country: 4123 Allschwil, Switzerland
Responsible persons: Paolo D'Incerto/Julia Honigmann
Telephone number: 061 501 45 00
E-mail address: info@dinvest.ag
This data protection declaration is written in plain language and avoids legal and technical terms as far as possible. (Version dated September 2023)
1. General information on data processing
1.1 Purpose of the data protection declaration
When you contact Dinvest Immobilien AG and Dinvest Bewirtschaftung AG (hereinafter “we”), personal data that is subject to the Data Protection Act (DSG) and the Data Protection Ordinance (DSV) is also usually processed. This data typically includes name, email address, telephone number and personal information related to contractual relationships with us. In addition, technical data that can be assigned to a person is to be regarded as personal data (in particular cookies, see below).
This data protection declaration explains the type, scope and purpose of the processing of personal data by us.
1.2 Legal basis
The legal basis for our data processing is specifically Art. 5–9 DSG (“Terms and principles”). We follow the “Industry Recommendation on the Revised Data Protection Act” (https://www.svit.ch/sites/default/files/2022-12/svit_branchenempfehlung_dsg_anhangB_de_2212.pdf) of SVIT Switzerland in the measures we take.
In order to protect the data we manage against manipulation, loss, destruction or access by unauthorized persons using state-of-the-art technology, we employ modern technical security measures and improve them on an ongoing basis.
1.3 Personal data processed
The personal data we process includes sensitive personal data as defined by the FADP. Sensitive personal data is only processed in individual cases and with the corresponding declaration of consent (e.g. extracts from the debt collection register, credit information).
1.4 Your rights
In accordance with Art. 25 DSG, everyone has the right to request information from us free of charge about whether personal data about them is being processed. From the second request within a 12-month period, we may charge a fee to cover our costs (maximum CHF 300 in accordance with Art. 19 para. 2 DSV).
Every person has the right, under the conditions of Art. 28 para. 1 DSG, to request that we release their personal data, which they have provided to us, in a common electronic format.
Requests for information and disclosure should be sent to: info@dinvest.ag
2. processing procedures
2.1 rental process
Personal data of owners, prospective tenants and tenants is collected during the rental process to the extent necessary for the process or for rental contracts. By disclosing personal data, the data subjects consent to the processing of their data.
We would like to point out to data subjects that we obtain personal data from third parties (in particular credit reports) during the rental process. We will inform the data subjects in an appropriate manner about the source of the personal data obtained from external sources. Personal data of prospective tenants will be deleted after the rental process has been completed, provided that the process does not result in a rental or the data subject does not give consent to the personal data being used for a later rental process.
Personal data collected prior to the entry into force of the DSG from current rental orders and rental agreements will be processed without further notice. Personal data of prospective tenants collected prior to the entry into force of the revised DSG will be deleted unless consent for data processing has been obtained.
Tenancy agreements and the personal data associated with them are stored for a period of 10 years after the last contractual service (usually the settlement of heating/utility costs or the reimbursement of the rent deposit) in accordance with the principles of the general limitation period (Art. 127 of the Swiss Code of Obligations).
2.2 Marketing process
In the marketing process, personal data of sellers, prospective buyers and buyers is collected to the extent necessary for the process. By disclosing personal data, the persons concerned consent to the processing of their data.
Personal data of sellers and buyers, as well as documents relating to the process, are stored for a period of five years (the notice period and limitation period under the SIA).
All personal data of prospective buyers will be deleted after the marketing process has been completed, unless the person concerned gives their consent to the personal data being used for a later marketing process. We reserve the right to store anonymized data.
2.3 Consulting process
Personal data from advisory mandates will be stored for two years after the conclusion of the advisory mandate. We reserve the right to store the data in anonymized form.
2.4 Cooperation with third parties
We work with a wide range of external partners to provide our services. A condition of our cooperation is that the processors process data in compliance with the DPA and the GDPR. In individual cases, the relevant data protection provisions may differ from ours.
Personal data is disclosed to cooperation partners solely for the purpose of providing our services and only to the extent necessary for this purpose. We inform the persons concerned when their data is disclosed.
2.5 Disclosure of personal data abroad
Data processing servers may be located and processors based abroad. However, we work exclusively with processors who undertake to process data in accordance with the DPA and the GDPR.
2.6 Customer relationship management
Personal data in our customer relationship management system (CRM system) only includes the information required for the contact or business relationship. The personal data is stored for two years after the last customer contact and then deleted. We reserve the right to store it anonymously.
2.7 Digital customer/user account
We offer certain services via a personal customer/user account on our servers. By opening a customer/user account, the data subjects agree that we may process their personal data (store, retain, use, etc.), create evaluations from the use to improve our services and contact the data subjects.
The data subject can delete their personal customer/user account at any time. The personal data will be removed from our databases within three months. We reserve the right to store it in anonymized form.
We do not make the use of our digital information services dependent on a customer/user account.
2.8 Newsletter
We do not yet use an external solution for digital newsletters. If we do, the name of the provider will be provided here. Personal data is stored on the provider's servers for the purpose of sending the newsletter. Recipients have the option to view, edit and delete the personal data at any time. We do not send unsolicited newsletters.
2.9 E-mail
We store our e-mail traffic for a period of one year from the last e-mail traffic in a conversation thread if an ongoing business relationship or similar does not require longer storage.
2.10 Contact form
Personal data from digital contact forms are deleted from our web servers within 1 month. Further processing is done via e-mail (see above), telephone or personal contact.
2.11 Events
Personal data from registrations for and participation in events that we organize are deleted after 1 year.
2.12 Mailings via letter post and social media
For addressed advertising mail via letter post, we currently only use addresses that are available to us and that we use only once in accordance with the terms of the contract. For paid postings on social media (Facebook, Instagram, etc.), we use the contact data of the respective providers.
2.13 Credit information
Where necessary for our services, we take credit ratings into account in our decisions (e.g. for renting). To obtain a self-disclosure, data subjects should contact vermietung@dinvest.ag directly.
2.14 Automated individual decisions
We use automated individual decisions in our company for the rental process, which fall under the exemptions under the DPA. Specifically, this means that all automated individual decisions are reviewed and, if necessary, amended by a natural person.
2.15 Data backups
In the interests of data security, we regularly back up our business data, which is stored on data carriers and cloud services in Switzerland. The frequency of data backups is based on relevant recommendations.
2.16 Data protection measures
Data security is important to us. Our measures to protect against unauthorized access are based on the recommendations of the National Center for Cybersecurity NCSC of the federal government.
2.17 Website/s
In addition to the domain www.dinvest.ag, the website also includes project-related websites and services from service partners. Visitors to the website are not obliged to provide personal data, unless we indicate otherwise in individual cases.
2.18 Use of cookies
Cookies are data that are stored by our website on the user's end device via the browser. The cookies we use serve, on the one hand, to increase and improve the user-friendliness of our websites. On the other hand, cookies help to collect statistical data on website usage and to use the data obtained for analysis and advertising purposes.
Some cookies are automatically deleted from your device as soon as the browser is closed (so-called session cookies). Other cookies are stored for a certain period of time, which in each case does not exceed two years (persistent cookies). In addition, we may also use so-called third-party cookies, which are managed by third parties to offer certain services.
You can influence the use of cookies. Most browsers have an option that restricts or completely prevents the storage of cookies. However, we would like to point out that the use and in particular the user comfort are restricted without cookies. Furthermore, users can adjust the cookies when visiting the websites via the relevant notice.
2.19 Server log files
Every time this website is accessed, we automatically collect a range of technical data that constitutes personal data.
This includes:
- IP address of the user
- Name of the website or file accessed
- Date and time of access
- Report on successful access
- Browser type and version
- User operating system
- Referrer URL (the previously visited page)
Server log files are not merged with other personal data. We collect server log files for the purpose of administering and improving the website and to detect and prevent unauthorized access. Server log files are collected and evaluated by our processors (IT service providers).
The server log files with the above-mentioned data are deleted after six months at the latest, provided there is no legitimate interest or service-oriented reason. We reserve the right to store the server log files for a longer period of time if there are facts that suggest unauthorized access.