The protection of your personal data is an important matter to us and we want you to feel safe when visiting our website. We observe all the relevant data protection regulations, in particular the EU General Data Protection Regulation (GDPR).
In this data privacy notice, we explain which information (including personal data) we process during your visit and your use of our website, specified above (‘the website’).
I. Who is responsible for data processing?
The data controller responsible for processing your personal data is IMMAGO-RENT AG, Neuhofstrasse 4, CH-6340 Baar, Switzerland, phone: +41 41 768 7272, email: email@example.com. Any mention of ‘we’ or ‘us’ in this data privacy notice refers to this company.
II. What data do we process?
You can access our website without providing any immediate personal data (such as your name, home address or email address). Even in this case, though, we have to collect and store certain information in order to allow you to access our website. Furthermore, we only provide you with general information about our company, our services and contact partners on our website. In this context, you can also find contact details to get in touch with us (most notably phone numbers and email addresses).
1. Log files: When you visit this website, our web server automatically stores the domain name and IP address of the accessing computer (generally your Internet provider) together with the date, time and length of your visit as well as the sub-pages and links that you visit, and information about the application(s) and device used to view the content.
2. Contact: If you get in touch using one of the methods detailed on our website, we will process any personal data contained in your message and provided by you in order to process and respond to your enquiry. Please note that our website also contains the contact details for third parties (such as service providers tasked with marketing activities and administrative work). If you use the contact details provided for any such third party, any personal data you specify will be processed by the same third party.
III. For which purposes and on what legal basis do we process your data?
1. Any personal data contained in the log files is processed in order to enable you to use our website. This is done on the basis of Article 6, paragraph 1 (f) of the GDPR to protect our legitimate interest in the operation of our website.
2. Processing of data collected for the purpose of website analysis and of pseudonymised usage profiles is carried out for the purposes of advertising, market research and the tailored design of our website based on Article 6, paragraph 1 (f) of the GDPR to protect our legitimate interest in analysing the use of our website.
3. Data processing in order for us to handle and enquiry always takes place in order to protect our legitimate interest in establishing and maintaining business contacts based on Article 6, paragraph 1 (f) of the GDPR. If your enquiry concerns the conclusion of a contract or pre-contractual measures, your personal data will be processed based on Article 6, paragraph 1 (b) of the GDPR.
4. We can also process personal data processed in connection with your use of our website to meet our legal obligations; this is based on Article 6, paragraph 1 (c) of the GDPR.
5. To the extent necessary, we also process personal data beyond the purposes mentioned above in order to protect our legitimate interests or the interests of third parties; this is based on Article 6, paragraph 1 (f) of the GDPR. Our legitimate interests include the assertion of legal claims, defence in legal disputes, the prevention and investigation of criminal offences, and the direction and development of our business activities, including risk management.
IV. Am I required to provide personal data?
In order to process an enquiry made to us, it is necessary to communicate your contact details; we cannot process your enquiry without this information.
If we also collect personal data from you, we will inform you when doing so whether the provision of this information is required by law or by contract or is necessary to conclude a contract. As a rule, we indicate which information is provided voluntarily and is not required due to any of the obligations set out above or to conclude a contract.
V. Who receives my data?
Generally speaking, your personal data is processed within our company. Depending on the type of personal data in question, only certain departments or organisational units have access to your personal data. These include, in particular, the contact persons named on our website for certain tasks. Thanks to a roles and permissions concept, access within our company is limited to those individuals and to the scope required for the respective purpose of processing.
We may also transfer your personal data to third parties outside our company to the extent permitted by law. These external recipients can include in particular:
companies in the Beisheim Group that receive personal data from us for internal administrative purposes;
the service providers we engage, who provide services for us on a separate contractual basis that may also include the processing of personal data, and the subcontractors of our service providers engaged with our consent; and
non-public and public bodies, insofar as we are required to share your personal data due to legal obligations.
VI. Are any automated decision-making processes used?
As a rule, we do not use automated decision-making (including profiling) in connection with the operation of our website within the meaning of Article 22 of the GDPR. If we do use such processes in exceptional cases, we will inform you of this separately to the extent required by law.
VII. Is data transferred to countries outside the EU/EEA?
Since we are based in Switzerland, personal data is processed outside the EU and the European Economic Area. The European Commission has confirmed in a so-called ‘adequacy decision’ that the level of data protection in Switzerland is comparable to that in the European Union. We do not share personal data with recipients outside the EU or the EEA.
VIII. How long is my data stored for?
Generally speaking, we store your personal data as long as we have a legitimate interest in this storage that is not outweighed by your interest in discontinuing storage. Even without a legitimate interest, we can continue to store data if there is a legal obligation to do so (e.g. to meet retention requirements). We delete your personal data without any action on your side as soon as it is no longer needed to fulfil the purpose of data processing or storage is otherwise prohibited by law.
As a rule:
- log files are deleted within seven days unless further storage is necessary for statutory purposes such as the detection of misuse or the identification and elimination of technical faults; and
- data processed in connection with an enquiry made to us will be deleted no later than upon expiry of the statutory retention periods.
Personal data that we need to store in order to meet retention requirements is stored until the end of the retention requirement in question. If personal data is stored by us exclusively in order to fulfil retention requirements, it is generally blocked so that it cannot be accessed unless this is necessary with regard to the purpose of retention.
IX. What are my rights?
a) Right to object under Article 21 of the GDPR
You have the right to object, at any time, on grounds relating to your particular situation, to the processing of your personal data based on point (e) or (f) of Article 6.1 of the GDPR, including profiling based on these provisions. If you choose to object, we shall no longer process the personal data concerning you unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or such processing serves to establish, exercise or defend legal claims.
If we process your personal data for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such marketing; this also applies to profiling insofar as it is conducted in conjunction with such direct marketing. If you object to the processing of your personal data for direct marketing purposes, we will cease to process your personal data for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
b) Other rights
As the data subject, you also have the right:
to access information about the personal data stored about you under Article 15 of the GDPR;
to have incorrect or incomplete information corrected under Article 16 of the GDPR;
to have personal information deleted under Article 17 of the GDPR;
to limit processing under Article 18 of the GDPR; and
to data portability under Article 20 of the GDPR.
To exercise any of these rights, you can contact us at any time, for instance using one of the contact details provided at the beginning of this data privacy notice.
You are also entitled to lodge a complaint with a data protection supervisory authority pursuant to Article 77 of the GDPR.