The data protection officer of the company can be contacted at the following address:
Data is processed according to Swiss law and with consideration for the European General Data Protection Regulation (GDPR).
‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be directly or indirectly identified, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
‘Processing’ means any operation or set of operations that is performed on personal data, whether or not by automated means. The term is broad and encompasses practically any handling of data, including the storage of data.
Types of processed data
- Inventory data (e.g. master personal data, names or addresses)
- Contact data (e.g. email address and telephone numbers).
- Usage data (e.g. visited websites, interest in content, dates and times of visits).
- Metadata and communication data (e.g. device information and IP addresses).
Categories of data subject
Visitors to the website and subscribers to the nnewsletter.
Purpose of processing
- To provide the website, its features and its content.
- To respond to customer enquiries and communicate with users.
- Security measures.
- Marketing and coverage measurement.
Newsletters and other services
Users of the a-one website can subscribe to a free newsletter. When you subscribe to the newsletter, the data you enter in the form is transmitted to Wincasa and Trio. We collect your salutation, name and email address in order to send you personalised newsletters. You are also free to provide additional data.
At regular intervals, Wincasa notifies newsletter subscribers of current offers and benefits in the world of real estate. As a rule, a data subject can only receive the newsletter if (1) the email address is valid and (2) the person has subscribed to the newsletter. For legal reasons, a confirmation email including an express declaration of consent (a double opt-in procedure) will be sent to the email address you provide when you first subscribe to the newsletter. Wincasa stores this declaration for as long as you are subscribed to the newsletter. This confirmation enables Wincasa to verify that you, the owner of the email address, have agreed to receive the newsletter. You can change your subscription or unsubscribe at any time. Every newsletter contains an unsubscribe link for this purpose.
You can contact us at the email address provided on this website. In this case, your personal data that is transmitted along with the email will be stored. Wincasa only processes the personal data from the form for the purposes of processing the correspondence. No data is disclosed to third parties in this context. The data will be used exclusively for the purposes of the correspondence.
Collaboration with processors and third parties
We only disclose or transmit data to other persons and companies (processors or third parties) as part of our processing or provide access to the data in any other way if legally admissible (e.g. if it is necessary to transfer the data to third parties such as payment service providers in order to perform a contract), if you have provided consent, if we are legally obliged to do so or if we have a legitimate interest in doing so (e.g. if we are using contractors or hosting service providers). Any processors we engage will use your personal data exclusively to perform the contract and not for any of their own purposes.
Transfers to third countries
If we process data in a country outside of Switzerland or if this happens through our use of third-party services or the disclosure/transfer of the data to third parties, it only takes place in order to fulfil our (pre-)contractual duties or on the basis of your consent, a legal obligation or our legitimate interests. Unless we are permitted to do so by law or a contract, we only process data or have data processed in a third country if the specific requirements of Article 44 ff. GDPR have been met. This means, for example, that data are processed on the basis of special guarantees such as the officially recognised identification of a level of data protection befitting the European Union (e.g. the Privacy Shield for the USA) or with consideration for special contractual obligations (known as standard contractual clauses).
Rights of the data subject
You are entitled to request confirmation of whether data is being processed and information about the data, as well as other information and a copy of the data, in accordance with Article 8 of the Data Protection Act (FADP) and Article 15 GDPR.
Where the GDPR is applicable, you can also request the provision and transmission of your personal data in a standardised format (Article 20 GDPR).
Erasure and rectification
Pursuant to the statutory provisions, you are entitled to request the erasure, rectification or restriction of the processing of personal data concerning you. You are entitled to demand the immediate erasure of data under the statutory provisions and you are entitled to demand the restriction of the processing of the data under the statutory provisions.
Pursuant to the statutory provisions, you are entitled to receive data concerning you that you have provided to us and to demand its transmission to another controller.
Furthermore, pursuant to the statutory provisions, you are entitled to lodge a complaint with a supervisory authority.
Pursuant to the statutory provisions, you are entitled to withdraw consent with future effect. Pursuant to the statutory provisions, you can object to the future processing of data concerning you at any time. In particular, you can object to your data being processed for direct marketing purposes such as newsletters.
Duration of storage and erasure of data
Our website uses Transport Layer Security (SSL/TLS). You can tell when a connection is encrypted by the ‘https://’ in the address bar in your browser and by the padlock symbol in the address bar.
Appropriate security measures are in place for storing your personal data on our servers or on the servers of our processors. Appropriate technical and organisational measures are in place to protect the website against loss, destruction, manipulation, hacking, modification and dissemination by unauthorised persons. Suitable precautions have also been taken to maintain data protection within the company. We have our employees and service providers sign an undertaking to maintain confidentiality and adhere to the provisions of the data protection legislation.
The hosting services that we utilise provide the following services: infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services that we use to operate this website.
In this context, we or our hosting provider process the usage data, metadata and communication data of potential customers and visitors to this website in line with our legitimate interest in the secure, efficient provision of this website pursuant to point (f) of Article 6 (1) GDPR in conjunction with Article 28 GDPR (conclusion of a processing contract).
Collection of access data and log files
We or our hosting provider collect data concerning every visit to the server hosting this service (these are known as server log files) on the basis of our legitimate interests in the sense of point (f) of Article 6 (1) GDPR. The access data includes the name of the accessed website or file, the date and time of the visit, the quantity of data served, notification of successful retrieval, browser type and version, the operating system of the user, referring URL (the previously visited page), IP address and the querying provider.
For security reasons (e.g. in order to investigate misuse or fraud), log file information is stored for up to seven days and then erased. Data that have to be stored for longer in order to serve as evidence will not be erased until the incident in question has been resolved conclusively.
Business analyses and market research
In order to run our business economically and identify market trends and the wishes of customers and users, we analyse the data we have concerning transactions, queries, etc. In doing so, we process inventory data, communication data, usage data and metadata on the basis of point (f) of Article 6 (1) GDPR, in which regard the data subjects include customers, potential customers, business partners and visitors to and users of the website.
The analyses are carried out for the purposes of business assessments, marketing and market research. We can take the profiles of registered users with information on their purchases, for example, into account. The analyses help us improve user-friendliness and optimise our website and the cost-effectiveness of our business. The analyses are solely for our own purposes and are not disclosed to third parties, with the exception of anonymous analyses with aggregated values.
When you contact us (e.g. using the contact form, by email, by phone or via social media), your information will be processed in order to process and comply with your query pursuant to point (b) of Article 6 (1) GDPR. Your data can be stored in a customer relationship management system or in a similar query organisation system.
We delete queries as soon as they are no longer necessary. Furthermore, the statutory archiving obligations apply.
Online presences on social media
Integration of services and third-party content
In line with our legitimate interests (i.e. our interest in the analysis, optimisation and economical operation of our website in the sense of point (f) of Article 6 (1) GDPR), we use content and services from third-party providers on our website in order to integrate their content and services such as videos or fonts (‘content’).
This always requires the third-party providers of this content to see the IP addresses of users as they cannot send the content to a user’s browser without an IP address. The IP address is therefore necessary in order to display this content. We endeavour only to use content whose providers just use IP addresses to deliver the content. Furthermore, third-party providers might use tracking pixels (invisible graphics also known as web beacons) for statistical or marketing purposes. Tracking pixels make it possible to analyse information such as user traffic on the pages of this website. The pseudonymised information might also be stored in cookies on your device and contain technical information about your browser and operating system, referring URLs, dates and times of visits and other information on your use of our website, and can be combined with similar information from other sources.
Wincasa has integrated the component Google Analytics (with anonymisation active) into this website. Google Analytics is a Web analytics service. Web analytics is the collection and evaluation of data relating to the usage habits of website users. For example, a Web analytics service collects data relating to the website the data subject was visiting prior to the current website (the referrer), what pages of the website were accessed or how often or for how long a page was viewed. A Web analytics service is primarily used to optimise a website and to analyse the cost-effectiveness of Internet advertising.
Google Analytics is operated by Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
Wincasa uses the tag ‘gat.anonymizeIp’ in Google Analytics. When this tag is active, the IP address of the data subject is shortened and anonymised by Google if our website is accessed from a Member State of the EU or from another signatory to the Agreement on the European Economic Area.
The purpose of Google Analytics is to analyse visits to our website. For example, Google uses the data and information it obtains in this way to evaluate the use of our website, compile online reports on website activity and provide us with other services in connection with the use of our website.
Google Analytics installs a cookie on the computer of the data subject. The installation of the cookie enables Google to analyse how our website is used. Whenever the data subject visits one of the pages of the website of the controller on which Google Analytics is active, Google Analytics has the browser on the IT system of the data subject automatically transmit data to Google for online analysis. Through this technical process, Google gains access to personal data such as the IP address of the data subject, which enables Google to track the origins of visitors and clicks and then calculate commission.
The cookie stores personal information such as the date and time of the visit, the location from which the website is being visited and the frequency of visits to our website by the data subject. Whenever the data subject visits our website, this personal data, including the IP address of the data subject, is transmitted to Google in the USA. Google stores this personal data in the USA. Under certain circumstances, Google shares this personal data with third parties.
The data subject can prevent our website from using cookies as described above by changing the settings of his or her browser and in doing so, deactivate cookies permanently. Changing browser settings in this way would also prevent Google from installing a cookie on the IT system of the data subject. Additionally, cookies that have already been installed by Google Analytics can be erased at any time through the browser or using other software.
Google Tag Manager
Google Tag Manager is a solution with which we can manage so-called website tags via one interface (and so integrate e.g. Google Analytics and other Google marketing services in our online offering). The Tag Manager itself (which implements the tags) does not process any personal user data. With regard to the processing of users’ personal data, reference is made to the following information on Google services. Terms of service: https://www.google.com/analytics/tag-manager/use-policy/