Imprint and data protection_new_version

Privacy policy of WoVe - Association for Student Housing

Status: 26/03/2024

We at the Verein für Studentisches Wohnen - "WoVe" for short - attach great importance to the protection of personal data. We are committed to handling personal data responsibly and would like to explain to you how we handle your data. We comply with the legal requirements of the Swiss Data Protection Act. These provisions apply to the data that we process from you as part of your registration with us and/or your visit to our website (http://www.wove.ch).

1. Contact

If you have any questions or notifications regarding the processing of personal data, requests for information and deletion and other data protection concerns, you can contact our management by post, enclosing a copy of an official identity document:

Association for Student Housing - WoVe Management
Bernoulli Street 16
4056 Basel
Switzerland

2. processing of personal data

We only process your personal data within the framework of the data processing principles and if a legal basis exists. Where it serves to initiate and fulfil a contract, this legal basis applies. In addition, we have an interest in continuously improving our services and adapting them to your needs. This is necessary in order to further develop our services, for statistical purposes and to ensure the security of our services. We assume that our interests prevail.

When you visit our website, we also automatically collect the data required for the homepage. You can find the cookies we use on our website at the end of this privacy policy under point 7.

We do not carry out profiling on our website in the sense of automated processing of personal data, and do not collect or process any particularly sensitive personal data, unless they are subject to contractual or legal obligations.

2.2 Legal basis

We process personal data in accordance with Swiss data protection law, in particular the Federal Act on Data Protection (FADP; SR 235.1) and the Ordinance

on data protection (DPA; SR 235.11).

2.3 Type, scope and purpose

We process the personal data required to provide our services in a permanent, user-friendly, secure and reliable manner. Such personal data may fall into the categories of inventory and contact data, browser and device data, content data, meta or marginal data and usage data, location data, sales, contract and payment data. We process personal data for the duration required for the respective purpose(s) or as required by law. Personal data that no longer needs to be processed is anonymised or deleted. Persons whose data we process generally have a right to erasure. We only process personal data with the consent of the data subject. Unless the processing is permitted for other legal reasons, for example to fulfil a contract with the data subject or for corresponding pre-contractual measures, to protect our overriding legitimate interests, because the processing is evident from the circumstances or after prior information. In this context, we process in particular information that a data subject voluntarily and personally provides to us when contacting us - for example by post, email, contact form, social media or telephone. We may store such information in an address book or with comparable tools, for example. If you transmit personal data to us via third parties, you are obliged to guarantee data protection vis-à-vis such third parties and to ensure the accuracy of such personal data. We also process personal data that we receive from third parties, obtain from publicly accessible sources or collect when providing our services, if and to the extent that such processing is permitted for legal reasons.

3. rights of data subjects

Data subjects whose personal data we process have rights under Swiss data protection law. These include the right to information and the right to rectification, erasure or blocking of the processed personal data. Data subjects whose personal data we process can - if and insofar as the General Data Protection Regulation (GDPR) is applicable - obtain confirmation free of charge as to whether we process their personal data and, if so, request information about the processing of their personal data, have the processing of their personal data restricted, exercise their right to data portability and have their personal data rectified, erased ("right to data portability").
to be forgotten"), blocked or completed. Data subjects whose personal data we process can - if and insofar as the GDPR is applicable - withdraw their consent at any time with effect for the future and object to the processing of their personal data at any time.

We reserve the right to assert the restrictions provided for by law, for example if we are obliged to store or process certain data, have an overriding interest in doing so (insofar as we may invoke this) or need it for the assertion of claims.

Among other things, data processing is not unlawful if personal data about a contractual partner is processed in direct connection with the conclusion or fulfilment of a contract. This means that lawfully obtained data of a data subject does not have to be deleted as long as the contractual relationship continues or claims are likely to be asserted.

The exercise of the aforementioned rights requires that you confirm your identity
clearly by means of an official copy of your identity card. To assert your rights, you can contact us at the address given in section 1.

Data subjects whose personal data we process have the right to lodge a complaint with a competent supervisory authority. The supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC; www.edoeb.admin.ch).

4. data security

We take appropriate and suitable technical and organisational measures to
ensure data protection and, in particular, data security.
Normal emails that you send us are not encrypted. Such information can be lost at any time or fall into the hands of unauthorised third parties. For this reason, all personal information and data is provided voluntarily and at your own risk. In this context, Wove accepts no liability whatsoever. Confidential information must be sent to Wove by post or other secure means.

4.1 Notifications and messages

We send notifications and messages such as information about the property or announcements by post, email and other communication channels such as WhatsApp.

5. cookies

Some of the Internet pages use so-called cookies. Cookies do not damage your computer and do not contain viruses. Cookies are used to make our website more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are so-called "session cookies". They are automatically deleted at the end of your visit. Other cookies remain stored on your end device until you delete them. These cookies make it possible to recognise your browser on your next visit.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, the acceptance of cookies for certain cases or in general.

and activate the automatic deletion of cookies when the browser is closed. If cookies are deactivated, the functionality of this website may be restricted.

Cookies that are required to carry out the electronic communication process are stored on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimised provision of its services. Insofar as other cookies (e.g. cookies for analysing your surfing behaviour) are stored, these are treated separately in this privacy policy.

5.1 Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are

• Browser type and browser version
• Operating system used
• Referrer URL
• Host name of the accessing computer
• Date and time of the server request
• IP address

This data is not merged with other data sources

6. social media

We are present on social media platforms and other online platforms in order to communicate with interested parties and provide information about our services. Personal data may also be processed outside Switzerland and the European Economic Area (EEA). The General Terms and Conditions (GTC) and terms of use as well as data protection declarations and other provisions of the individual operators of such online platforms also apply in each case. These provisions provide information in particular about the rights of data subjects, including in particular the right to information. We are jointly responsible with Facebook Ireland Limited in Ireland for our social media presence on Facebook, including the so-called Page Insights, if and to the extent that the GDPR is applicable. Page Insights provide information about how visitors interact with our Facebook presence. We use Page Insights to provide our social media presence on Facebook in an effective and user-friendly way.

Further information on the type, scope and purpose of data processing, information on the rights of data subjects and the contact details of Facebook and Facebook's data protection officer can be found in Facebook's privacy policy ("Data Policy").

7. success and reach measurement

We use services and programmes to determine how our online offering is used. In this context, we can, for example, measure the success and reach of our online offering and the effect of third-party links to our website. We can also, for example, test and compare how different versions of our online offering or parts of our online offering are used ("A/B test" method). Based on the results of the success and reach measurement, we can in particular correct errors, strengthen particularly popular content or make improvements to our online offering. When using services and programmes to measure success and reach, the Internet Protocol (IP) addresses of individual users must be stored. IP addresses are always truncated in order to comply with the principle of data minimisation and to improve data protection for visitors to our website by means of pseudonymisation ("IP masking"). When using services and programmes to measure success and reach, cookies may be used and user profiles may be created. User profiles include, for example, the pages visited or content viewed on our website, information on the size of the screen or browser window and the - at least approximate - location. In principle, user profiles are only created in pseudonymised form. We do not use user profiles to identify individual visitors to our website. Individual services with which you are registered as a user may be able to assign the use of our online offering to your profile with the respective service, whereby you would usually have to give your prior consent to this assignment.

We use in particular:
- Google Analytics: Performance and reach measurement; Provider: Google LLC (USA) / Google Ireland Limited (Ireland) for users in the European Economic Area (EEA) and Switzerland; Information on data protection: "Privacy and Security Principles", Privacy Policy

7.1 Third-party services

We use third-party services in order to provide our website in a permanent, user-friendly, secure and reliable manner. Such services are also used to embed content in our website. Such services - for example hosting and storage services, video services and payment services - require your Internet Protocol (IP) address, as otherwise such services cannot transmit the corresponding content. Such services may be located outside Switzerland and the European Economic Area (EEA).

provided that adequate data protection is guaranteed. For their own security-related, statistical and technical purposes, third parties whose services we use may also process data in connection with our offering and from other sources - including cookies, log files and tracking pixels - in aggregated, anonymised or pseudonymised form.

7.2 Digital infrastructure

We use third-party services in order to be able to utilise the digital infrastructure required for our offering. These include, for example, hosting and storage services from specialised providers.
We use in particular:

- CYON: Hosting; Service provider: Cyon GmbH, Brunngässlein 12, 4052 Basel (Switzerland); Privacy Policy: www.cyon.ch, see Privacy Policy.
- Dropnet: Hosting; Service provider: DropNet AG, Spalenberg 45, 4051 Basel (Switzerland); Data protection information: wwwdropnet.ch, see GTCs and data processing agreement.

8. other

This site uses so-called web fonts provided by Google for the standardised display of fonts. When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.
For this purpose, the browser you are using must connect to Google's servers. This informs Google that our website has been accessed via your IP address. The use of Google Web Fonts is in the interest of a uniform and appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.
If your browser does not support web fonts, a standard font will be used by your computer.
Further information on Google Web Fonts can be found at: https://developers.google.com/fonts/faq and in Google's privacy policy: https://www.google.com/policies/privacy/.

8.1 Card material

We use third-party services to embed maps on our website.
This site uses the Google Maps map service via an API. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
To use the functions of Google Maps, it is necessary to save your IP address. This information is usually transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.
The use of Google Maps is in the interest of an appealing presentation of our online offers and to make it easy to find the places we have indicated on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.
You can find more information on the handling of user data in Google's privacy policy: https://www.google.de/intl/de/policies/privacy/.

8.2 What applies to links to third-party websites?

This privacy policy applies to the data we collect. If a link to a third party website is provided on our website, please note that we are not responsible for the content or privacy practices of third party websites. We recommend that you read the relevant privacy policies of the websites
Third to read.

9. final provisions

We may amend and supplement this privacy policy at any time. The current version published on our website applies in each case. Please consult this declaration regularly.