When you utilize our products and services (collectively referred to as "services"), we process data for the preparation of the contract and for the execution of the respective contract. Our services are aimed at individuals or businesses based in Switzerland. We also process data concerning our suppliers and partners in the context of these contracts.

Since our contractual partners are usually businesses, we generally process fewer personal data, as privacy law only covers data of natural persons. However, we do process information about contact persons with whom we interact.

We generally process data in connection with our services—particularly in the distribution of fund shares, asset management of properties, and buying and selling of properties—as follows:

• We process basic data of our contact persons and other individuals employed by or working for our clients, suppliers, and partners. This includes name, contact details, information about position and activities, and other career-related information, as well as data from and about communication with us.
• If we are in contact with you regarding a contract, we process the data you provide us, details about requested services, and the date of initial contact. For private clients, we also process details about your financial circumstances and bank connections, as well as your risk capacity and willingness to take risks. To comply with legal requirements, we identify you through online onboarding or video identification, in line with regulations to combat money laundering and terrorist financing. We collect and document legally required data for this purpose. Additionally, we perform sanctions and similar checks on our clients, or their managing bodies and economically entitled individuals, and obtain data from relevant databases, including identification data such as birth dates, details about economic and political ties, and sanctions information. This may also include particularly sensitive personal data.
• When we enter into a contract with you, we process data from the pre-contractual phase as well as data concerning the contract itself (e.g., date of completion and subject matter of the contract). We continue to process personal data during and after the duration of the contract. This includes—for private clients—information related to asset management (e.g., data about your personal and financial situation, questions about your financial risk willingness and inclination, asset holdings, investment mix, transactions, returns, deposits and withdrawals, details about the economic justification and origin of the assets brought in, and tax status), our fees, and generally also details about payments, contacts with us, mutual claims, contract termination, and—if disputes arise related to the contract—also those and corresponding procedures. Without this data processing, we could not execute contracts. We may also obtain personal data from other group companies (see section 4).

In relation to our property management and buying or selling properties, we also process your data when you are a tenant of a property we manage (or for businesses, the contact person of a tenant). This particularly includes basic data like name and address, and information about the tenancy, such as its duration, rent rates, and other details related to managing the tenancy.

You may provide us with data that also relates to other people (e.g., economically entitled individuals, authorized persons, guarantors, representatives, family members, etc.). In such cases, we assume that this information is accurate and that you are permitted to provide it to us. Since we often have no direct contact with these individuals and cannot directly inform them about our data processing, we ask you to inform them on your behalf about our data processing activities (e.g., by referring them to this Privacy Policy).

We also process personal data to promote our services:

• Newsletter: We send electronic information and newsletters, which may also contain advertising for our offerings. We request your consent beforehand, except when we are advertising specific offers to existing customers. In this context, we process, in addition to your name and email address, details about the services you have already used, whether you open our newsletters, and which links you click on. Our email service provider offers a feature that essentially works with invisible image data, loaded via an encoded link from a server, which thereby conveys the corresponding information. This is a common practice that helps us gauge the effectiveness of our newsletters and optimize them. You can avoid this tracking by adjusting your email settings (e.g., by disabling the automatic loading of image files).
• Online Advertising: We may also advertise our services on partner websites. For more details, see Section 5.
• Calls: We may call our customers and, in individual cases, potential customers, processing relevant data about our conversation partners and, if applicable, associated individuals within the company being called.
• Market Research: We also process data to improve services and develop new products. For example, this includes data about your reaction to newsletters or information from customer surveys, polls, or from social media, media monitoring services, and public sources.

We may disclose personal data as part of our activities to various entities, including:

• Our Group Companies: We are part of the Helvetica Group, under the umbrella of the Helvetica Property Group AG (refer to Section 1 above). Currently, all our group companies are located in Switzerland, except for Helvetica Property Investor SA in Oslo. The group centrally receives certain services from HPI, such as accounting and IT services, where personal data can be exchanged. Group companies also mutually support each other in other matters and can also exchange personal data for this purpose, such as for group-wide reporting or cross-company customer management. We assume that no secrecy interests conflict with such disclosures unless you inform us otherwise. For your rights as a data subject, you can contact us (we will coordinate in such cases with other group companies);
• Persons Associated With You: e.g., authorized representatives, guarantors, substitutes, and relatives, and for company contact persons, employees and the company itself;
• Property Owners We Manage: To whom we may disclose tenant data (name, address, details about the rental relationship). Within the scope of our management, we may also disclose tenant data to other rental parties and service providers;
• Public Offices, Authorities, and Courts: In the context of our legal obligations and in connection with proceedings in which we are a party or a third party;
• Third Parties: e.g., in connection with the acquisition or sale of assets by us;
• Service Providers: Particularly IT service providers (examples include providers of hosting or data analysis services and other applications, e.g., our CRM, for which we use Hubspot), administration and consulting services, and services in the real estate sector including maintenance; also services from banks, postal services, etc. For service providers for our website, refer to Section 5. These service providers may also process personal data to the extent necessary.

These data recipients are not solely located in Switzerland. This particularly affects service providers. These have locations also in the EU or the EEA, but also in other countries worldwide, especially through their subcontractors and again their subcontractors. They may also process personal data in some cases. We can also disclose data to authorities and other individuals abroad if we are legally obligated to do so or e.g., in the context of a company sale or legal proceedings (refer to Section 6). Not all of these states have adequate data protection. We compensate for the lower protection through appropriate contracts, particularly the so-called standard contractual clauses of the European Commission, which are available here. In certain cases, we can transmit data in accordance with data protection regulations even without such contracts, e.g., if you have consented to the corresponding disclosure or if the disclosure is necessary for contract processing, for the establishment, exercise, or enforcement of legal claims, or for overriding public interests.

What Data is Collected When Using Our Website?
Each time our website is used, certain data is generated for technical reasons. This data is temporarily stored in log files and primarily includes the IP address of the device, information about your Internet Service Provider and your device's operating system, the referring URL, information about the browser used, the date and time of access, and the content accessed during the website visit. We use this data to enable the use of our website, to ensure system security and stability, and for statistical purposes to optimize our website.

Our website also uses cookies, i.e., files that your browser automatically stores on your device. This allows us to distinguish individual visitors, usually without identifying them. Cookies may also contain information about the pages accessed and the duration of the visit. Certain cookies ("session cookies") are deleted when the browser is closed. Others ("persistent cookies") are stored for a specific duration to recognize visitors upon a subsequent visit.

We may also use other technologies for data storage in the browser and for recognition purposes, such as pixel tags or fingerprints. Pixel tags are invisible images or program code that are loaded from a server and transmit certain information (similar to what is already mentioned in Section 3 about newsletters). Fingerprints are data about the configuration of your device that distinguish your device from other devices.

These cookies and other technologies may also be provided by third-party companies offering certain functionalities to us. These may be located outside of Switzerland and the EEA (more information can be found in Section 4). For example, we use analytics services to optimize our website. Cookies and similar technologies from third parties also enable them to target and measure personalized advertising on our or other websites, as well as on social media platforms they cooperate with (e.g., whether you came to our website through an advertisement and the actions you then take on our website). The respective third-party providers can record website usage and combine their records with further information from other websites. They can track user behavior across multiple websites and devices to provide us with statistical evaluations based on this data. Providers may also use this information for their own purposes, such as personalized advertising on their own or other websites. If a user is registered with the provider, they can attribute the usage data to that individual.

You can configure your browser settings to block certain cookies or similar technologies, or to delete cookies and other stored data. More information can be found in the help pages of your browser, usually under the keyword "privacy".

How Do Our Service Providers Process Data for Our Website?
Two examples of our service providers are Google and Hubspot. You can find additional information about them below. We may also use other third-party providers who generally process personal and other data in a similar manner.

We use Google Analytics, an analytics service provided by Google LLC (Mountain View, USA) and Google Ireland Ltd. (Dublin, Ireland). Google collects certain information about user behavior on the website and about the device used. IP addresses of visitors are truncated in Europe before being forwarded to the USA. Based on the recorded data, Google provides us with evaluations but also processes certain data for its own purposes. You can find information on the privacy policy of Google Analytics here, and if you have your own Google account, you can find further details here.

Hubspot is a marketing automation software from HubSpot, Dublin, Ireland. It assists us in analyzing the use of our website. For this purpose, Hubspot uses cookies. Usage data is only linked to your person if you use our contact form. In this case, we store this data in our CRM (Customer Relationship Management software) operated by Hubspot. You can find Hubspot's privacy policy here.

How Do We Process Data Through Social Media?
We operate our own presences on social networks and other platforms (e.g., on LinkedIn). If you communicate with us there or comment on or share content, we collect information related to this, primarily for the purpose of communication with you, for marketing purposes, and for statistical evaluations. We may also delete comments or report them to the provider in case of a violation of usage guidelines. Please note that the platform provider also collects and uses data themselves (e.g., on user behavior), possibly in conjunction with other data known to them (e.g., for marketing purposes or for the personalization of platform content).

Yes, because many processes are not possible without the processing of personal data, including usual and even unavoidable internal procedures. It is not always possible to determine this in advance, nor the extent of the data processed, but below you will find information on typical (though not necessarily frequent) cases:

• Communication: When we are in contact with you, we process information about the content of the communication, the type, time, and location of the communication. For your identification, we may also process proof-of-identity information.
• Compliance with Legal Requirements: Within the framework of legal obligations or powers and for compliance with internal regulations, we may disclose data to authorities.
• Prevention: We process data to prevent criminal activities and other violations, for example, in the context of combating fraud or internal investigations.
• Legal Procedures: As far as we are involved in legal procedures (e.g., a court or administrative procedure), we process data about parties involved and other individuals such as witnesses or informants and disclose data to such parties, courts, and authorities, possibly also abroad. 
• IT Security: We also process data for the monitoring, control, analysis, securing, and review of our IT infrastructure, as well as for backups and data archiving.
• Competition: We process data about our competitors and the general market environment (e.g., the political situation, the association landscape, etc.). In this context, we may also process data about key individuals, particularly names, contact details, roles or functions, and public statements.
• Transactions: If we sell or acquire claims, other assets, parts of operations, or companies, we process data to the extent necessary for the preparation and execution of such transactions, for example, details about customers or their contact persons or employees, and disclose such data to buyers or sellers.
• Other Purposes: We process data to the extent necessary for other purposes, such as training and education, administration (e.g., contract management, accounting, enforcement and defense of claims, evaluation and improvement of internal processes, creation of anonymous statistics and evaluations), acquisition or sale of claims, businesses, parts of operations, or companies, and the safeguarding of other legitimate interests.

We process your personal data as long as it is necessary for the purpose of the processing (in the case of contracts, usually for the duration of the contractual relationship), as long as we have a legitimate interest in storing the data (e.g., to enforce legal claims, for archiving, or to ensure IT security), and as long as the data is subject to a legal retention obligation (for certain data, for example, a ten-year retention period applies). After the expiry of these periods, we will delete or anonymize your personal data.

Depending on the applicable law, data processing is only allowed if specifically permitted by that law. This is not the case under Swiss data protection law, but is true under the European General Data Protection Regulation (GDPR) when it applies. Since we focus our services on companies in Switzerland, this is only applicable in exceptional cases and for Helvetica Property Investor SA in Oslo. Here, the processing of your personal data is based on the necessity for the preparation and execution of contracts (Section 2), the necessity for legitimate interests of us or third parties, e.g., for statistical evaluations (Section 2) or for marketing purposes (Section 3), that it is legally prescribed or allowed, or that you have separately consented to the processing. You can find the relevant provisions in Articles 6 and 9 of the GDPR.