Privacy Policy

Rhystadt AG
Data Protection Officer WKL-136.EG Klybeckstrasse 191 P.O. Box 3775 4002 Basel [email protected]

This privacy policy is written in plain language and avoids legal and technical jargon wherever possible.

Version dated September 1, 2023

1.1 Purpose of the privacy policy
When you contact Rhystadt AG, personal data is generally processed which falls within the scope of the Data Protection Act (DSG) and the Data Protection Ordinance (DSV). This data typically includes your name, email address, telephone number and personal information relating to contractual relationships with us. Furthermore, technical data that can be linked to a specific individual are regarded as personal data.

This privacy policy explains the nature, scope and purpose of our processing of personal data.


1.2 Legal basis
The legal basis for our data processing is set out in Articles 5–9 of the Data Protection Act (‘Definitions and Principles’). The measures we have taken are based on the ‘Industry Recommendation on the Revised Data Protection Act’ issued by SVIT Switzerland.

To protect the data we manage against tampering, loss, destruction or unauthorised access, in line with the latest technological standards, we implement organisational and state-of-the-art technical security measures and continuously improve them.


1.3 Processed personal data
The personal data we process includes personal data requiring protection within the meaning of the Data Protection Act. Personal data requiring special protection is processed only on a case-by-case basis and following the provision of the relevant consent (e.g. extracts from debt collection registers, criminal records, credit reports).


1.4 Your rights
In accordance with Article 25 of the Data Protection Act, every individual has the right to request information from us, free of charge, as to whether personal data concerning them is being processed. Subject to the provisions of Article 28(1) of the Data Protection Act, every individual has the right to request that we provide them with their personal data, which they have disclosed to us, in a commonly used electronic format. Requests for information and for the return of personal data should be addressed to: [email protected]

2.1 Leasing process
During the leasing process, personal data relating to prospective tenants and existing tenants is collected, insofar as this is necessary for the process or for tenancy agreements. By providing their personal data, the data subjects consent to the processing of that data.

Personal data relating to prospective tenants will be deleted once the leasing process has been completed, unless the process results in a tenancy being agreed or the data subject gives their consent for their personal data to be used for a future leasing process.

Tenancy agreements and the associated personal data are retained for 10 years following the last contractual obligation, in accordance with the principles governing the general limitation period (Art. 127 of the Swiss Code of Obligations).

2.2 Transaction process
During the transaction process, personal data relating to sellers, prospective buyers and buyers is collected, as well as personal data associated with the transaction process, insofar as this is necessary for the process.

Personal data relating to sellers and buyers, as well as documentation relating to the transaction, must be retained for a period of 20 years (Art. 70 VAT Act; VAT Sector Information 17, para. 3.2) plus a limitation period of 5 years (Art. 42 and Art. 91 VAT Act).

All personal data relating to prospective buyers and sellers, as well as personal data associated with the transaction process, will be deleted within five years of the transaction process being completed, unless the data subjects give their consent for the personal data to be used for a future transaction process. We reserve the right to retain such data in anonymised form.

2.3 Collaboration with third parties
We work with a wide range of external partners to provide our services. We have very little control over how these third parties process personal data. Please refer to the privacy policies of these third parties.

Personal data may be disclosed to the following companies, amongst others:

Partners and suppliers such as designers, general contractors and turnkey contractors

Property management companies and facility managers

Property valuers

Auditing firms

Insurers and insurance brokers

Law firms and notary’s offices

IT providers and IT service companies

Personal data is disclosed to third parties solely for the purpose of providing our services and only to the extent necessary for that purpose.

2.4 Disclosure and transfer of data abroad
We may disclose your data to third parties where necessary, based on your consent, or where they require your data to fulfil our contractual and legal obligations or to carry out their respective tasks. We may then share your data in order to protect our legitimate interests.

In particular, the following recipients may receive your data:

Third parties such as consultants, marketing agencies, translation agencies or IT service providers who process your data, as well as other external service providers and organisations such as banks, asset managers, insurance companies, auditors and associations

Our contractual partners, including our customers, i.e. in some cases your employer

Public bodies and authorities (e.g. FINMA, tax authorities) where there is a legal or regulatory obligation, or for quality control purposes

Third parties who have access to the personal data processed when you visit our website

Other third parties, such as alternative delivery addresses, payees and service recipients, third parties involved in M&A transactions, lawyers, industry organisations, etc.

The recipients of your data may, in turn, engage third parties. We restrict the processing of data by certain selected third parties, for example through contractual agreements. This is not always possible with other third parties (e.g. public bodies and authorities, as well as financial intermediaries).

The recipients of your data may be located in Switzerland and Europe, but in exceptional cases may also be located in any other country in the world.

If the data recipient is located in a country without adequate legal data protection and is not already subject to a recognised regulatory framework designed to ensure data protection, appropriate additional safeguards will be required, for example through specific data protection clauses agreed in a contract. However, there may be exceptions to this rule (e.g. where there is a direct link to the conclusion or fulfilment of a contract, legal proceedings abroad, an overriding public or private interest, or your consent).

2.5 Customer Relationship Management
Personal data stored in our Customer Relationship Management (CRM) system comprises only the information necessary for communication purposes or the business relationship. Personal data will be deleted as soon as it is no longer required for its intended purpose or the data subject has withdrawn their consent.

2.6 Newsletter
For digital newsletters, we use the CleverReach solution provided by CleverReach. Personal data is stored on their servers for the purpose of dispatch. Recipients may view, edit and delete their personal data at any time.

We do not send out unsolicited newsletters.

2.7 Events
Personal data collected from registrations for and participation in events that we organise will be deleted as soon as the data is no longer required for its intended purpose or the data subject has withdrawn their consent.

2.8 Data backups
To ensure data security, we regularly back up our business data, which is stored on data storage media and cloud services in Switzerland. The frequency of data backups is based on relevant recommendations.

2.9 Website/s
Visitors to the website [email protected] and the project-specific websites are not obliged to provide personal data, unless we indicate otherwise in individual cases.

2.10 Use of cookies
Cookies are pieces of data that are stored by our website on the user’s device via the browser. We only use temporary ‘session cookies’, which are necessary for the website to function and are automatically deleted from your device as soon as you close your browser. No ‘persistent cookies’ are used; these are cookies that remain in your browser until they expire or are deleted. We also do not use cookies to collect statistical data on website usage or to use the data obtained in this way for analytical or advertising purposes.

2.11 Server log files
Every time this website is accessed, we automatically collect a range of technical data, which constitutes personal data.

These are:

The user’s IP address

Name of the webpage or file accessed

Date and time of access

Notification of successful retrieval

Browser type and version

The user’s operating system

Referrer URL (the previously visited page)

Server log files are not combined with other personal data. We collect server log files for the purpose of administering and improving the website, and to detect and prevent unauthorised access. Server log files are collected and analysed by our contractors (IT service providers).

The server log files containing the data mentioned above will be deleted after one month at the latest, unless there is a legitimate interest or a service-related requirement. We reserve the right to retain server log files for a longer period if there are grounds to suspect unauthorised access.

2.12 Changes
This privacy policy may be amended at any time without prior notice. The version published on our website or sent to you by other means shall apply, provided it is the most recent version. Unless otherwise agreed, the privacy policy does not form part of any contract entered into with you.