The English version of our terms and conditions is a courtesy translation. Only the German version is legally binding.

Privacy Policy of Crowdhouse AG

Crowdhouse AG collects personal data from its users.

Users may be subject to different standards of protection, so more comprehensive standards may apply to some of them. For more information on the protection criteria, users should refer to the section on applicability.

This document can be printed out for retention purposes using the “Print” command in the browser.

Provider and responsible

Crowdhouse AG
Lerchenstrasse 24
CH-8045 Zurich

E-mail address of the provider: datenschutz@crowdhouse.ch

 

Types of data collected 

Personal data processed by the provider independently or through third parties include: Usage data, e-mail address, first name, last name, address, payment and banking details, property ownership, unique device identifier for advertising (Google Advertising ID or IDFA, for example), telephone number, device information, Universally Unique Identifier (UUID) and other personal data collected from users in the course of using the provider’s websites or received from users in the course of doing business with the provider.

Full details of each type of personal data processed are provided in the designated sections of this Privacy Policy or selectively through explanatory text displayed prior to data collection. 

Personal data may be provided voluntarily by the user or, in the case of usage data, collected automatically when a website of the provider is used. 

If the provision of data is necessary for the use of the service, the user will be informed of this when entering the data. If the user refuses to provide the data, this may result in the provider being unable to provide the user with its services. In cases where the provision of personal data is voluntary, users may choose not to provide such data without any consequences for the availability or functioning of the service. 

Users are responsible for all third party personal data obtained, published or disclosed by the provider and confirm that they have obtained consent to the transfer of any third party personal data to the provider.

 

Type and place of data processing

Processing methods

The provider processes user data in a proper manner and takes appropriate security measures to prevent unauthorised access and unauthorised forwarding, modification or destruction of data. 

Data processing is carried out by means of computers or IT-based systems in accordance with organisational procedures and practices that are specifically aimed at the stated purposes. The provider uses external service providers for the operation of its services. A transfer of data only takes place if there is an authorisation under data protection law.

Legal bases of the processing

The provider may only process personal data of users if one of the following applies:

  • Users have given their consent for one or more specific purposes. Note: In some jurisdictions, the provider may be allowed to process personal data until the user objects to such processing (“opt-out”) without relying on consent or any other of the following legal bases. However, this does not apply if the processing of personal data is subject to European data protection law.
  • The collection of data is necessary for the performance of a contract with the user and/or for pre-contractual measures arising therefrom.
  • The processing is necessary for compliance with a legal obligation to which the provider is subject.
  • The processing is related to a task carried out in the public interest or in the exercise of official authority vested in the provider.
  • The processing is necessary to protect the legitimate interests of the provider or a third party.

In any case, the provider will be happy to provide information about the specific legal basis on which the processing is based, in particular whether the provision of personal data is a legal or contractual obligation or a prerequisite for the conclusion of a contract.

Location

The processing of the data generally takes place in Switzerland or in the EU. 

Depending on the location of the users, data transfers may involve the transfer of the user’s data to a country other than their own. To learn more about the location of the processing of the transferred data, users can consult the section detailing the processing of personal data.

If data is transferred to a third country (a country outside the EU) for processing, the provider shall ensure that an adequacy decision exists for this country or that appropriate security measures – organisational, technical and contractual – have been taken to ensure an adequate level of data protection.

If such a transfer takes place, the user can find out more about it by checking the relevant sections of this document or by contacting the provider using the information provided in the contact section.

Storage period

Personal data shall be processed and stored for as long as is necessary for the purpose for which it was collected.

Therefore:

  • Personal data collected for the purpose of fulfilling a contract concluded between the provider and the user will be stored until the complete fulfilment of this contract.
  • Personal data collected for the purposes of the provider’s legitimate interests will be retained for as long as is necessary to fulfil those purposes. Users can obtain more information about the provider’s legitimate interests in the relevant sections of this document or by contacting the provider.

Furthermore, the provider is permitted to store personal data for a longer period of time if the user has consented to such processing, as long as the consent is not revoked or if this data is required for the assertion or defence of legal claims. 

In addition, the provider may be obliged to retain personal data for a longer period of time if this is necessary to fulfil a legal obligation or by order of a public authority.

After the retention period has expired, personal data is deleted. Therefore, the right to information, the right to erasure, the right to rectification and the right to data portability cannot be exercised after the retention period has expired.

 

Cookies

The provider uses cookies. Further information on the use of cookies can be found in the Cookie Policy.

 

Purposes of the processing

Personal data about the user is collected to enable the provider to provide the Service and further to comply with its legal obligations, to respond to claims, to protect its rights and interests (or those of users or third parties) and to detect harmful or fraudulent activities. In addition, data is collected for the following purposes: analytics, tag management, managing user databases, monitoring infrastructure, testing content and functionality performance (A/B testing), displaying content from external platforms, handling payments, creating and managing backups, interacting with data collection platforms and other third parties, advertising, remarketing and behavioural targeting, hosting and backend infrastructure, managing contacts and sending messages, human resources as well as registration and login. 

Users can find more detailed information on these processing purposes and the personal data used for each purpose in the “Detailed information on the processing of personal data” section of this document.

 

Detailed information on the processing of personal data

Personal data is collected for the following purposes using the following service providers:

Analytics

The services listed in this section allow the provider to monitor and analyse traffic and track user behaviour.

Google Analytics with IP anonymisation (Google Ireland Limited)

Google Analytics is a web analytics service provided by Google Ireland Limited (“Google”). Google uses the data collected to track and study how the provider’s websites are used, report on their activity and share it with other Google services. Google may use the data collected to contextualise and personalise the ads of its own advertising network. IP anonymisation has been activated on this website so that the IP address of users is shortened beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

Personal data processed: Usage data

Place of processing: Ireland – Privacy Policy – Opt-out 

Google Analytics with User ID extension (Google Ireland Limited)

The provider’s websites use the Google Analytics “User ID” feature. By assigning the same ID across multiple sessions and devices, this extension allows for more accurate tracking of users. It is set up in a way that does not allow Google to personally identify an individual or track a device in a permanent way. The User ID extension could allow a link between Google Analytics data and other data collected about the user via a provider website. The following opt-out link only leads to opt-out for the device used, but not for the tracking operated independently by the owner. To deactivate this as well, the owner must be notified via the e-mail address provided.

Personal data processed: Usage data

Place of processing: Ireland – Privacy Policy – Opt-out 

Mouseflow (Mouseflow ApS)

Mouseflow is an analysis and heat mapping service from Mouseflow ApS.
Mouseflow shows the areas of a page where the mouse is most often moved or clicked. In this way, the main points of interest can be identified.

Personal data processed: Usage data

Place of processing: Denmark – Privacy policy – Opt-out 

Facebook Ads Conversion Tracking (Facebook Pixel) (Meta Platforms Ireland Limited)

Conversion tracking from Facebook Ads (Facebook Pixel) is an analytics service provided by Facebook Inc. that links data from the Facebook ad network to actions taken through a provider website. The Facebook Pixel tracks conversions attributable to ads on Facebook, Instagram and the Audience Network.

Personal data processed: Usage data

Place of processing: Ireland – Privacy Policy 

LinkedIn Conversion Tracking (LinkedIn Insight Tag) (LinkedIn Corporation)

LinkedIn conversion tracking (LinkedIn Insight Tag) is a behavioural analytics and targeting service that matches data collected from LinkedIn’s advertising network with actions taken through a provider website. The LinkedIn Insight Tag tracks conversions attributable to advertisements on LinkedIn and enables the targeting of groups of users according to their previous visits to a website of the provider.

Users can opt out of behavioural targeting by adjusting the settings of their device or LinkedIn account, as well as via the service AdChoices opt-out page.

Personal data processed: Device information, usage data, trackers

Place of processing: United States – Privacy Policy 

Conversion Tracking by Outbrain (Outbrain Pixel) (Outbrain Inc.)

Conversion tracking by Outbrain (Outbrain pixel) is an analytics service provided by Outbrain Inc. that links data from the Outbrain advertising network to actions taken by users on the provider’s websites.

Personal data processed: Device information, usage data, tracker, Universally Unique Identifier (UUID)

Place of processing: United States – Privacy Policy 

Displaying content from external platforms

This type of service allows users to view and interact with content hosted on external platforms directly through a provider’s website. If such a service is installed, it may collect data from traffic for the pages on which it is installed even when users are not using it.

Adobe Fonts (Adobe)

Adobe Fonts is a service provided by Adobe Systems Inc. for the visualisation of fonts, which the provider can use to embed corresponding content on its websites.

Personal data processed: Usage data, different types of data as described in the privacy policy of the service

Place of processing: USA – Privacy Policy 

Create and manage backup copies

These types of services allow the provider to store and manage as backup copies on external servers managed by the service provider itself. The backup copies may contain the source code and content as well as the data that the user submits to the provider.

Backups on Google Drive (Google Ireland Limited)

Google Drive is a backup creation and management service provided by Google Inc.

Personal data processed: Different types of data as described in the privacy policy of the service

Place of processing: Ireland – Privacy Policy 

Hosting and backend infrastructure

The purpose of these types of services is to host data and files so that the provider’s websites can be managed and used. Furthermore, these offerings may provide a pre-built infrastructure that handles specific functions or entire components for the provider’s websites.

Some of the services listed below may or may not operate through geographically dispersed servers, making it difficult to determine the actual location of personal data.

Amazon Web Services (AWS) (Amazon Web Services Inc.)

Amazon Web Services (AWS) is a web hosting and backend service provided by Amazon Web Services Inc.

Personal data processed: Different types of data as described in the privacy policy of the service

Place of processing: Ireland – Privacy Policy 

Interaction with data collection platforms and other third parties

These types of services allow users to interact with the data collection platforms or other third parties directly from their websites for the purpose of storing and reusing data. 

If a corresponding service is installed, it may be able to collect navigation and usage data on the pages on which it is installed even if users are not actively using the service.

Typeform Widget (TYPEFORM S.L)

The Typeform Widget is a service to interact with the data collection platform provided by TYPEFORM S.L.

Personal data processed: E-mail address, first name, last name, various types of data as described in the privacy policy of the service

Place of processing: Spain – Privacy policy 

Human Resources

Greenhouse Software Inc. 

The recruitment software is used to manage the process of hiring new employees. As part of the service, Greenhouse collects data from candidates, including CVs, and makes it available to the company.

Place of processing: United States, EU & Swiss Privacy Shield – Privacy Policy

Registration and login

By registering or logging in, users authorise the provider to identify them and grant them access to specific services.

Depending on what is indicated below, third party providers may provide registration and login services. In this case, the provider may access some data stored by these third party providers for registration or identification purposes. 

Some of the services listed below may collect personal data for targeting and profiling purposes. Please refer to the description of each service for more information.

ZeroBounce 

Hertza LLC, trading as ZeroBounce, is an online e-mail validation system. It removes invalid e-mail addresses, eliminates bounces, validates IP addresses and verifies key recipient demographic data.

Place of processing: United States, EU & Swiss Privacy Shield – Privacy Policy

Authentication 

In order to log in to the provider’s websites, we require a cookie to authenticate the customer’s request and obtain session information. 

Remarketing and behavioural targeting

This type of service allows the provider and its partners to analyse how the provider’s websites have been used in previous sessions by the user in order to target, optimise and deploy advertising. This activity is facilitated by tracking usage data and the use of trackers that collect information which is then transmitted to the partners who manage the remarketing and behavioural targeting activities.

Some services offer a remarketing option based on e-mail address lists. In addition to any opt-out options offered by each of the services listed below, users may opt out via the Network Advertising Initiative opt-out page.

Users can also disable certain advertising features through appropriate device settings, such as device advertising settings for mobile phones or advertising settings in general.

Facebook Custom Audience (Meta Platforms Ireland Limited)

Facebook Custom Audience is a remarketing and behavioural targeting service provided by Facebook Inc. that connects activity taking place through a provider’s website to the Facebook advertising network.

Personal data processed: Cookie, e-mail address

Place of processing: Ireland – Privacy Policy – Opt-out 

Facebook Remarketing (Facebook Inc.)

Facebook Remarketing is a remarketing and behavioural targeting service provided by Facebook Inc. that connects activity taking place through a provider’s website to the Facebook advertising network.

Personal data processed: Cookie, usage data

Place of processing: United States – Privacy Policy – Opt-out 

Tag management

These types of services help the provider centrally manage the tags or scripts needed for the provider’s websites.
This results in the user’s data flowing through these services and possibly being stored.

Google Tag Manager (Google Ireland Limited)

Google Tag Manager is a tag management service provided by Google Ireland Limited.

Personal data processed: Usage data

Place of processing: Ireland – Privacy Policy 

Segment (Segment.io Inc.)

Segment is a tag management service provided by Segment.io Inc.

Personal data processed: Cookie, usage data

Place of processing: United States – Privacy Policy 

Testing the performance of content and functions (A/B testing)

The services contained in this section allow the provider to track and analyse users’ response to website traffic or their behaviour after a provider website has been modified in terms of structure, text or other components.

Google Optimize (Google Ireland Limited)

Google Optimize is an A/B testing service provided by Google Ireland Limited (“Google”).

Google may use personal data to contextualise and analyse the ads of its own advertising network.

Personal data processed: Cookie, usage data

Place of processing: Ireland – Privacy Policy 

Dealing with payments

With payment services, the provider can process payments by credit card, bank transfer or other methods. In order to ensure a particularly high level of security, the provider only forwards the information required to execute the transaction with the financial intermediaries processing the transaction. Some of these services may also provide for the sending of timed messages to the user, such as e-mails containing invoices or notifications regarding payment.

Sage Pay (Sage Pay Europe Limited)

Sage Pay is a payment service provided by Sage Pay Europe Limited.

Personal data processed: Different types of data as described in the privacy policy of the service

Place of processing: United Kingdom – Privacy Policy 

Managing contacts and sending messages

These types of services allow the management of a database of e-mail contacts, phone numbers or any other contact information to communicate with the user. 

The services may also collect data on what date and time message was read by the user, as well as when the user interacts with incoming messages, for example by clicking on links contained therein.

Twilio (Twilio Inc.)

Twilio is a telephone number and communication management service provided by Twilio Inc.

Personal data processed: Telephone number

Place of processing: United States – Privacy Policy 

User database management

These types of services allow the owner to build user profiles, firstly by using the e-mail address, name or other details submitted by the user to the provider, and secondly by tracking user activity through analytics functionality. This personal data can also be matched with publicly available information about the user (such as social media profiles) and used to build a personal profile that the owner can view and use to improve the provider’s websites.

Some of these services may also provide for the sending of timed messages to the user, such as e-mails that the provider links to specific actions.

Intercom 

Intercom is a user database management service provided by Intercom Inc.
Intercom can also be used as a means of communication, either through e-mail, or through messages within an application of the provider.

Personal data processed: Cookie, e-mail address, usage data, various types of data as described in the privacy policy of the service

Place of processing: United States – Privacy Policy, Ireland – Privacy Policy, United Kingdom – Privacy Policy 

Salesforce Sales Cloud (salesforce.com Inc.)

Salesforce Sales Cloud is a user database management service from salesforce.com Inc.

Personal data processed: Different types of data as described in the privacy policy of the service.

Place of processing: United States – Privacy Policy 

Salesforce Marketing Cloud (salesforce.com Inc. )

Salesforce Marketing Cloud is a user database management service from salesforce.com Inc.

Personal data processed: Different types of data as described in the privacy policy of the service.

Place of processing: United States – Privacy Policy 

Pardot (Pardot LLC)

Pardot is a user database management service provided by Pardot LLC, which enables the personalised sending of e-mails as well as the management of the sending of e-mails.

Personal data processed: Different types of data as described in the privacy policy of the service

Place of processing: United States – Privacy Policy 

Advertising

This type of service enables the use of user data for advertising purposes. Promotional approaches are displayed in the form of banners and other advertisements via a provider’s website and may be adjusted based on behaviour. This does not mean that all personal data will be used for this purpose. Further information and terms of use are set out below.

Some of the services listed below may use trackers to identify users or use so-called behavioural retargeting. This method can also be used to identify the interests and surfing behaviour of users that do not take place via a website of the provider, in order to specifically tailor advertisements to them. For more information, please refer to the privacy statements of the respective services. 

Services of this type usually offer the possibility to opt out of such tracking. In addition to any opt-out feature offered by the services mentioned below, users can learn more about how to opt out of interest-based advertising in general in the relevant section “How to opt out of interest-based advertising” in this document.

Microsoft Advertising (Microsoft Corporation)

Microsoft Advertising is an advertising service of Microsoft Corporation.

Personal data processed: Cookie, usage data

Place of processing: United States – Privacy Policy – Opt-out 

Taboola Monetize Content (Taboola Inc.)

Taboola is an advertising service of Taboola Inc.

Personal data processed: Cookie, usage data

Place of processing: United States – Privacy Policy – Opt-out 

Facebook Audience Network (Facebook Inc.)

Facebook Audience Network is an advertising service provided by Facebook Inc. For more information about Facebook’s use of data, please see Facebook’s Data Policy.

The provider uses mobile device identifiers (including Android Advertising ID or Advertising Identifier for iOS) and cookie-like technologies to run the Facebook Audience Network service. One of the display options for Audience Network ads is through the user’s advertising preferences. The user can set this under the Facebook ad settings.

Users may opt out of certain Audience Network audiences through the appropriate device settings, such as through the device’s advertising settings for mobile phones, or by following the instructions in other sections of this Privacy Policy regarding Audience Network, as applicable.

Personal data processed: Cookie, unique device identifier for advertising (Google advertising ID or IDFA, for example), usage data

Place of processing: United States – Privacy Policy – Opt-out 

Monitoring the infrastructure

This type of service allows the provider to monitor the use and behaviour of its individual components in order to improve performance, operation, maintenance and troubleshooting. The personal data processed depends on the characteristics and the way of execution of the services whose function is to filter the activities taking place through a website of the provider.

Pingdom (Pingdom AB)

Pingdom is a monitoring service provided by Pingdom AB.

Personal data processed: Cookie, usage data

Place of processing: Sweden – Privacy policy 

Bugsnag (Bugsnag Inc.)

Bugsnag is a monitoring service provided by Bugsnag Inc.

Personal data processed: Different types of data as described in the privacy policy of the service

Place of processing: USA – Privacy Policy 

Sentry (Functional Software Inc. )

Sentry is an application monitoring service provided by Functional Software Inc.

Personal data processed: Different types of data as described in the privacy policy of the service

Place of processing: United States – Privacy Policy 

Information on refusing interest-based advertising

In addition to any opt-out feature provided by the services listed in this document, users can learn more about how to opt out of interest-based advertising in general in the relevant section of the Cookie Policy

Further information on the processing of personal data

GARAIO REM

The real estate software GARAIO REM is used for process management in real estate management and allows the owner to create user profiles for individual processing. These services include, among others, accounting, management, condominium ownership, cost rent, order management, collection/disbursement and reporting. The use of personal data is for the purpose of contract fulfilment and depends on the service.

Personal data collected: Various types of data, such as personal master data (name, address) as well as contact data (e.g. telephone, e-mail address), contract data (billing and payment data).

Place of processing: Switzerland – netrics – ISO certification

Bexio AG

With the business software of bexio AG, the provider can handle the creation of offers, automated invoice and reminder runs, integrated e-banking and online accounting. The transmission of information for the execution of services takes place on a case-by-case basis and is reduced to a minimum.

Personal data collected: Various types of data as described in the privacy policy of the service.

Place of processing: Switzerland – privacy policy

Data processing – contract performance

The provider processes personal data of the users (in particular contact data such as first name, surname, date of birth, address, place of residence, e-mail address and telephone number as well as, among other things, information required for the conclusion of the contract and for the processing of the contractual relationship) in order to be able to provide the services offered by it. These personal data are provided by the user during registration or arise in the context of the use of the services offered by Crowdhouse. Crowdhouse is entitled to request further information from the user if this is necessary for the execution of an investment requested by the user or for the execution of the contractual relationship with the user. In particular, Crowdhouse requires a current certified copy of the user’s identity document.

The personal data disclosed by the user to Crowdhouse as part of the registration and subsequent contractual relationship will be processed for the purposes of providing the services offered on the website (i.e. matching real estate offers with prospective buyers and investors and managing properties), for the purposes of managing the contractual relationship with the respective user and for the purposes of managing the investments made and/or planned by the respective user. They may also be processed for marketing purposes and market research.

Crowdhouse may pass on or disclose the user’s personal data to group and partner companies and to commissioned data processors in Switzerland and abroad and commission them to process the user’s personal data. These service providers process your personal data only on our behalf and for our purposes and are contractually obliged to treat it confidentially. Crowdhouse may also disclose personal data of the user to the bank entrusted with the financing of the investment requested by the user, as well as to all offices, authorities and bodies involved in the purchase, processing and holding of the property (such as notaries commissioned by name), insofar as this is necessary for the performance of the services offered (such as for the purpose of carrying out notarial certifications, land register applications or carrying out the necessary clarifications within the framework of the Federal Act on the Acquisition of Real Estate by Persons Abroad [BewG] etc.). Crowdhouse does not disclose personal data to third parties for their own purposes without the consent of the user, unless Crowdhouse is obliged to do so by law or by an official or judicial order.

If personal data is disclosed abroad, the personal data in the country of the recipient is not in all cases subject to a level of protection equivalent to that in Switzerland. In such cases, Crowdhouse ensures that an appropriate level of data protection is nevertheless guaranteed abroad and that the necessary technical, organisational, contractual and personal protection measures are taken.

Information, corrections, deletions and contact

You can request information about the data processed about you or request the deletion or correction of your data from the provider at any time using the form in the following link:

Personal data form

Your data will then be corrected or deleted immediately, unless deletion is not possible due to an existing, ongoing property interest on the website or due to another existing contractual relationship between Crowdhouse and the user.

 

The rights of users

Users may exercise certain rights in relation to their data processed by the provider.

Users who are entitled to more comprehensive standards may exercise all the rights described below. In all other cases, users may contact the provider to find out what rights apply to them.

In particular, users have the right to do the following:

    • request information: The user may obtain information as to whether his or her personal data are being processed. If processing is taking place, the user is entitled to the following information:
      • the purposes of processing
      • the categories of personal data that are processed
      • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organisations
      • if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration
      • the existence of a right to obtain the rectification or erasure of personal data concerning them or to obtain the restriction of processing by the controller or a right to object to such processing
      • the existence of a right of appeal to a supervisory authority
      • if the personal data are not collected from the user, all available information on the origin of the data
      • the existence of automated decision-making, including profiling – at least in these cases – meaningful information about the logic involved and the scope and intended effects of such processing for the data subject
    • revoke the consents at any time: If the user has previously consented to the processing of personal data, he or she may revoke his or her own consent at any time.
    • object to the processing of the data: 
      • The user has the right to object to the processing of his/her data if the processing is based on a legal basis other than consent. Upon receipt of an objection, the provider shall no longer process the personal data concerned unless it can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the user, or the processing serves to assert, exercise or defend legal claims.
      • If personal data concerning the user are processed for the purpose of direct marketing, the user has the right to object at any time to the processing of personal data concerning him or her for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing.
      • If the user objects to processing for direct marketing purposes, the personal data concerning him or her will no longer be processed for these purposes.
  • verify the accuracy of his or her data and request that it be updated or corrected
  • request restriction of the processing of their data: Users have the right to restrict the processing of their data under certain circumstances. In this case, the provider will not process the data for any purpose other than storage.
  • request deletion or other removal of the personal data: Users may, in certain circumstances, have the right to request deletion of their data from the provider, unless deletion is not possible due to an existing contractual relationship between the provider and the user. There is no right to erasure if the processing is necessary:
    • to exercise the right to freedom of expression and information
    • for compliance with a legal obligation which requires processing under Union or Member State law to which the provider is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
    • for reasons of public interest in the field of public health
    • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes
    • for the assertion, exercise or defence of legal claims
  • receive a copy of his or her data in a structured, commonly used and machine-readable format and, where technically feasible, have it transferred unimpeded to another controller, provided that the data is processed by automated means and the processing is based on the user’s consent, on a contract to which the user is party or on pre-contractual obligations.
  • file a complaint with a supervisory authority
  • be informed of the appropriate safeguards in relation to the transfer where personal data are transferred to a third country or to an international organisation

How the rights can be exercised

All requests to exercise user rights may be addressed to the provider via the contact details provided in this document. Requests can be exercised free of charge and will be processed by the provider as soon as possible, at the latest within one month.

 

Further information on the collection and processing of data

Legal measures

The user’s personal data may be processed by the provider for the purposes of legal enforcement within or in preparation of legal proceedings resulting from the improper use of the provider’s websites or the associated services.

The user declares that he/she is aware that the provider could be obliged by the authorities to hand over personal data.

Further information about the user’s personal data

In addition to the information set out in this privacy policy, the provider may provide the user, upon request, with further contextual information relating to specific services or to the collection and processing of personal data. 

System protocols and maintenance

The provider’s websites and third party services may, for operational and maintenance purposes, collect files that record interaction taking place via a provider website (system logs) or use other personal data (e.g. IP address) for this purpose.

Information not included in this privacy statement

Further information on the collection or processing of personal data can be requested from the provider at any time via the contact details listed.

How “do-not-track requests” are handled

The provider’s websites do not support “do-not-track requests” by web browsers. For information on whether integrated third-party services support the “do-not-track protocol”, users should refer to the privacy policy of the respective service.

Changes to this privacy policy

The provider reserves the right to make changes to this privacy policy at any time by informing users on this page and, if applicable, via another website of the provider and/or – as far as technically and legally possible – by sending a message via users’ contact details available to the provider. Users are therefore advised to visit this page regularly and in particular to check the date of the last change indicated at the bottom of the page.

Insofar as changes affect a data use based on the user’s consent, the provider will – insofar as necessary – obtain a new consent.

Legal notice

This privacy statement has been drafted on the basis of provisions of various legislations, including Art. 13/14 of Regulation (EU) 2016/679 (General Data Protection Regulation).

Last updated: 4 July 2022