Data Protection Notice

PropriX Platform

This section sets out information on the processing of personal data provided when browsing the website app.proprix.ch (the "Platform") and, unless otherwise specified, the individual Landing pages, where applicable.

This information does not apply to any third-party services that may be integrated into the Platform or the individual Landing pages (including, by way of example, Lyra, Zapier and Google). For further information on processing carried out on other websites or by third parties, please refer to the relevant notices.

This Notice applies both to processing subject to the Swiss Federal Act on Data Protection as revised ("revFADP") and to Regulation (EU) 2016/679 (the "GDPR"). It therefore also contains information required exclusively by the GDPR, such as the legal basis for processing. Such information applies only to processing to which the GDPR is applicable.

In the following, the revFADP and the GDPR, jointly and/or separately, may also be referred to as the "Applicable Data Protection Law".

We clarify that, for the purposes of the Applicable Data Protection Law:

  • "personal data" means any information relating to an identified or identifiable natural person. Personal data include, for example, first and last name, postal address, e-mail address, date of birth, telephone number, as well as data on the use of the Platform, purchases made via the Platform and the user's preferences. In this notice, the term "data" is also used to refer to personal data. Information that cannot be linked, directly or indirectly, to a natural person (i.e. to their identity) is, as a rule, not personal data;
  • "data subject" means the natural person whose personal data are processed;
  • "processing" means any operation performed on personal data, regardless of the means and procedures used, such as collection, recording, storage, use, alteration, disclosure, archiving, erasure or destruction of data;
  • "controller" means the person/entity who, alone or jointly with others, determines the purposes and means of processing.

Furthermore:

  • "Customer" means the natural or legal person who requests and benefits from PropriX's services through use of the Platform;
  • "Landing" means the web page made available to the user within the Platform for the purpose of presenting and describing real estate properties;
  • "User" means any natural person who consults the Platform and/or the Landing pages, other than the Customer.

Data Controller

The controller for personal data processed via the Platform is PropriX AG, registered office at Dorfstrasse 58 – 6332 Hagendorn (CH), registered with the Commercial Register under CH-170.3.050.072-0, UID/VAT CHE-415.373.009, e-mail: hello@proprix.ch (also referred to as "we" or the "Controller").

Categories Of Data Processed, Legal Bases And Purposes Of Processing

Data collected automatically

When browsing the Platform or the Landing pages, Users' browsing data may be collected automatically. This category of data includes IP addresses or domain names of the computers and terminals used by Users, the URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response returned by the server (success, error, etc.), and other parameters relating to the user's operating system and IT environment.

  • Such data are collected automatically solely to enable browsing of the Platform or the Landing pages and to monitor their proper functioning and, in anonymised form, may also be used for statistical purposes (e.g. to verify the number of Users connected in a given period, to monitor the number of Users who visit a page and their time spent on that page).

In addition, such data may be used to establish liability in the event of cybercrimes against the Platform, attacks on the network infrastructure or other unauthorised or abusive uses of the Platform. Provision of such data is mandatory when browsing the Platform or the Landing pages and, where the GDPR applies, the legal basis for this processing is our legitimate interests pursuant to Article 6(1)(f) GDPR.

We also use cookies or similar technologies: cookies are small files that the User's web browser automatically saves on the device's hard drive when the User visits the Platform. By clicking here you can view the extended notice. Where the GDPR applies, the legal basis for processing carried out through the installation of strictly necessary technical cookies is our legitimate interests in ensuring the functionality of the Platform pursuant to Article 6(1)(f) GDPR; where cookies other than technical cookies are installed, processing will be based on the User's consent provided via the cookie banner (Article 6(1)(a) GDPR).

Data provided voluntarily by the Customer

Purchase of services

When a Customer purchases our services, we process personal data such as first name, last name, e-mail address, telephone number and payment method, as well as any additional data specified in the general terms and conditions, for the purpose of concluding and performing the contractual relationship, i.e. to fulfil the order, to enable the Customer to create an account and to comply with any obligations arising under the contract.

For payment processing we offer common payment methods such as debit and credit cards, including via third-party providers such as Apple Pay and Google Pay. We do not know or store any payment details; such data are processed directly by the provider of the relevant payment system. In this respect, the privacy notice of the relevant payment service provider applies.

Where the GDPR applies, the legal basis for this processing is performance of a contract to which the data subject is party, pursuant to Article 6(1)(b) GDPR. Provision of such data is mandatory, as any refusal to provide the data will prevent the user from completing the purchase.

Data provided for the creation of Landing pages

When the Customer creates a Landing page on the Platform, we collect the information entered by the Customer, which may include personal data such as names, contact details and addresses. In this regard, we recommend that the information entered be kept to a minimum and, in any event, that the Customer never includes special categories of personal data within the meaning of Article 5(c) revFADP and Article 9 GDPR (such as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, health data, etc.).

Where the GDPR applies, the legal basis for this processing is performance of a contract to which the data subject is party, pursuant to Article 6(1)(b) GDPR. Provision of such data is optional, as the Customer chooses which and how much information to include on its Landing page.

Information requests

You may contact us by writing to the e-mail addresses or contact points indicated on the Platform or in this notice. We will process the personal data provided, such as first name, last name and e-mail address, in order to respond to requests.

We recommend that you never send or otherwise disclose special categories of personal data within the meaning of Article 5(c) revFADP and Article 9 GDPR (such as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, health data, etc.) or, in any event, any data that are not essential for the purpose of the relevant processing. Where the GDPR applies, the legal basis for processing of such data may, depending on the nature of the request, be the taking of pre-contractual steps at the request of the data subject pursuant to Article 6(1)(b) GDPR or our legitimate interests in providing professional information and properly handling requests (Article 6(1)(f) GDPR). Provision of such data is optional; however, refusal to provide the data, in whole or in part, may prevent us from responding to requests.

Other purposes

We may also process the data provided to prevent abuse and fraud, for the establishment, exercise or defence of a right of the Controller in legal proceedings and for the disclosure of data to public bodies and authorities in compliance with legal and regulatory provisions. Where the GDPR applies, the legal basis for such processing is, respectively, the Controller's legitimate interests and compliance with legal obligations, pursuant to Article 6(1)(f) and (c) GDPR.

Data relating to Users

The controller for data processed via each Landing page is the Customer, provided the Customer is not acting as a consumer under applicable law. A Customer acting other than as a consumer is required to make available to Users its own applicable data protection notice, including, where appropriate, by reviewing, adapting and amending the templates made available by PropriX.

In this respect, PropriX acts:

  • as an independent controller in relation to Users' data relating to browsing of the Landing pages or collected through any tracking tools used by PropriX (see the section "Data collected automatically")
  • as a processor in relation to Users' data processed for archiving purposes, i.e. the data entered by Users in the contact forms made available within the relevant Landing page.

Please note that data provided by Users via contact forms on individual Landing pages may, once appropriately anonymised, also be used for statistical analyses provided to the Customer.

As regards the methods and characteristics of processing carried out on behalf of the Customer in relation to Users' data, please refer to the document Personal Data Protection Agreement.

Recipients

Personal data will not be disclosed to third parties, except with express consent or where disclosure is required by law, and only to the extent strictly necessary to achieve the purposes of processing.

Accordingly, except where disclosures are required by law, such data may be disclosed to authorised persons within our organisation, who will act as authorised persons for processing and will be given specific instructions to ensure appropriate processing.

Data may also be transferred to external parties whose services we may use to provide our services (such as legal and tax advisers, third-party technical service providers, hosting providers, IT companies, e-mail delivery providers, and helpdesk and support providers). We will ensure that such parties provide the same or equivalent safeguards to those described in this notice. Such parties will be appointed as processors pursuant to Article 9 revFADP or Article 28 GDPR or will act as independent controllers. You may always request from the Controller an up-to-date list of processors.

Data Retention Period

Browsing data: 7 days.

Cookies and other tracking tools: for further information, please read the Cookie Notice.

Purchase of services: for the entire duration of the contractual relationship (if concluded) and, following termination, for the applicable limitation period; in the event of litigation, for the entire duration thereof until expiry of the time limits for any appeals, in each case subject to compliance with applicable law.

Information requests: for the time strictly necessary to deal with the request, unless a subsequent different purpose of processing arises, in which case the user will be informed in advance.

Other purposes: retention will vary depending on the applicable legal framework.

Data relating to Users: retention will be as set out in the Personal Data Protection Agreement.

Processing Methods

Personal data are stored mainly in electronic form, with the adoption of specific security measures designed to prevent any personal data breach, such as loss of data, unlawful or incorrect use and unauthorised access. However, due to the nature of online transmission, such measures cannot completely limit or exclude any risk of unauthorised access or loss of control of the data. We therefore recommend that you periodically check that you have appropriate software tools to protect data transmission over the network, both inbound and outbound (such as up-to-date antivirus systems), and that your Internet service provider has adopted appropriate measures to secure data transmission over the network (such as firewalls and anti-spam filters). Employees and contractors of the Controller who come into contact with personal data are duly authorised and are bound by confidentiality and compliance with applicable data protection rules.

Transfer Of Data Abroad

Personal data are processed in Switzerland, or may be disclosed to third parties operating within the European Economic Area. We note that data protection standards in the European Economic Area and in Switzerland may be regarded as at least equivalent under the applicable law.

We specify that certain IT service providers may carry out processing activities on behalf of the Controller in the United States of America. Such providers operate in compliance with the Adequacy Decision for the EU-US Data Privacy Framework of 10 July 2023.

Pursuant to Article 27 GDPR, the Controller has appointed a representative in the territory of the European Union, who may be contacted by post or e-mail at the following details:

  • Talha Aktas Warmbronnerstraße 13/2 D-71106 Magstadt, Germany
  • aktas@proprix.ch

Rights

The data subject may at any time exercise the rights set out in Articles 25 et seq. revFADP and Articles 15 et seq. GDPR. For better understanding, we recommend consulting the full provisions; for convenience, an extract is set out below.

To exercise your rights, you may write to hello@proprix.ch or use the contact details indicated on the Platform.

Right of access: the data subject may request confirmation as to whether or not personal data concerning them are being processed and, where that is the case, obtain access to the personal data and further information relating to the processing.

Right to rectification: the data subject may request that data provided or otherwise held by the Controller be rectified or completed where inaccurate or incomplete.

Right to erasure ("right to be forgotten"): the data subject may request that data obtained or processed by the Controller be erased without undue delay where (i) the data are no longer necessary for the purposes for which they were collected, (ii) consent has been withdrawn and there is no other legal basis for processing, (iii) the data subject has objected to the processing, (iv) the data have been processed unlawfully, or (v) there is a legal obligation to erase the data.

Right to restriction of processing: the data subject may request restriction of the processing of personal data where one of the following applies: (i) the data subject contests the accuracy of their data, for the period necessary for the Controller to verify the accuracy of such data; (ii) the processing is unlawful and the data subject opposes erasure of the data and requests restriction of use instead; (iii) although the Controller no longer needs the data for the purposes of processing, the data are required by the data subject for the establishment, exercise or defence of legal claims; (iv) the data subject has objected to processing, pending verification as to whether the Controller's legitimate grounds override those of the data subject.

Right to data delivery: the data subject has the right (i) to receive their data in a structured, commonly used and machine-readable format, (ii) to have those data transmitted directly by the Controller to another controller indicated by the data subject, where technically feasible, and (iii) to transmit the data to another controller without hindrance from the Controller.

Right to object: the data subject has the right to object, at any time on grounds relating to their particular situation, to processing of personal data concerning them based on the lawful basis of legitimate interests, including profiling, or on the performance of a task carried out in the public interest or in the exercise of official authority, unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing is for the establishment, exercise or defence of legal claims.

Right not to be subject to automated decision-making, including profiling: the data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.

Right to withdraw consent: the data subject may withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

Finally, the data subject has the right to lodge a complaint about the processing of personal data with the competent supervisory authority; the complaint may be lodged with the supervisory authority of the place where the data subject has their habitual residence, place of work or the place of the alleged infringement of data protection rules.

In Switzerland, the competent authority is the Federal Data Protection and Information Commissioner (FDPIC).

For the European Union, contact details for the competent supervisory authorities for data protection can be found at the following link: https://www.edpb.europa.eu/about-edpb/about-edpb/members_en.

Changes

The updated version of this data protection notice published on the Platform shall apply.

We continuously update this data protection notice to reflect the most recent measures relating to the use and protection of personal data. We recommend consulting this section regularly to remain informed about our use of personal data.

Last updated: 01/10/2025