In this privacy policy, we inform you which personal data we process in connection with our activities and operations, including our website at https://lake-campus.ch. In particular, we provide information on why, how and where we process which personal data. We also provide information about the rights of individuals whose data we process.
Additional privacy policies and other legal documents such as general terms and conditions (GTC), terms of use or terms and conditions of participation may apply to individual or additional activities and operations.
We are subject to Swiss data protection law as well as any applicable foreign data protection law, in particular that of the European Union (EU) with the General Data Protection Regulation (GDPR). The European Commission recognises that Swiss data protection law guarantees an adequate level of data protection.
Entity responsible for processing personal data:
CBRE Switzerland
Bärengasse 29
CH-8001 Zurich, Switzerland
alexandra.kovacs@lake-campus.ch
In individual cases, there may be other persons responsible for processing personal data or joint responsibility with at least one other person.
2.1 Terms
Personal data is any information relating to an identified or identifiable natural person. A data subject is a person about whom we process personal data.
Processing includes any handling of personal data, irrespective of the means and procedures used, such as requesting, aligning, adapting, archiving, storing, retrieving, disclosing, procuring, recording, collecting, deleting, publishing, sorting, organising, saving, amending, disseminating, linking, destroying and using personal data.
The European Economic Area (EEA) comprises the Member States of the European Union (EU) as well as the Principality of Liechtenstein, Iceland and Norway. The General Data Protection Regulation (GDPR) defines the processing of personal data as the treatment of all data relating to an individual.
2.2 Legal basis
We process personal data in accordance with Swiss data protection law, in particular the Federal Act on Data Protection (Datenschutzgesetz, DSG) and the Data Protection Ordinance (Datenschutzverordnung, DSV).
If and insofar as the General Data Protection Regulation (GDPR) is applicable, we process personal data in accordance with at least one of the following legal bases:
We process the personal data that is necessary to be able to carry out our activities and operations on a long-term, user-friendly, secure and reliable basis. In particular, such personal data may fall into the categories of inventory and contact data, browser and device data, content data, meta data and peripheral data and usage data, location data, sales data as well as contract and payment data.
We process personal data for the duration of the period required for the respective purpose(s) or by law. Personal data whose processing is no longer required is anonymised or deleted.
We may have personal data processed by third parties. We may process personal data together with third parties or transfer it to third parties. Such third parties are, in particular, specialised providers of services we make use of. We also guarantee the data protection of such third parties.
As a rule, we only process personal data with the consent of the persons concerned. If and to the extent that processing is permissible for other legal reasons, we may waive the right to obtain consent. For example, we may process personal data without consent to perform a contract, to comply with legal obligations or to protect overriding interests.
We also process personal data that we receive from third parties, obtain from publicly accessible sources or collect in the course of our activities and operations, if and insofar as such processing is permitted for legal reasons.
We process personal data in order to be able to communicate with third parties. In this context, this especially refers to data that a data subject transmits when contacting us, for example by letter post or email. We may store such data in an address book or with similar tools.
Third parties who transmit data about other persons are obliged to guarantee the data protection of such data subjects. Amongst other things, the accuracy of the personal data transmitted must be ensured.
We take appropriate technical and organisational measures to ensure a level of data security appropriate to the respective risk. In particular, our measures ensure the confidentiality, availability, traceability and integrity of the processed personal data, but cannot guarantee absolute data security.
Our website and other online presences are accessed using transport encryption (SSL/TLS, in particular with the Hypertext Transfer Protocol Secure, abbreviated to HTTPS). Most browsers label transport encryption with a small padlock in the address bar.
Like all digital communication, our digital communication is subject to mass surveillance without cause or suspicion by security authorities in Switzerland, the rest of Europe, the United States of America (USA) and other countries. We cannot exert any direct influence on the corresponding processing of personal data by secret services, police forces or other security authorities. We also cannot rule out the possibility that individual data subjects may be monitored specifically.
We generally process personal data in Switzerland and the European Economic Area (EEA). However, we may also export or transfer personal data to other countries, in particular to process or have it processed there.
We may export personal data to all states and territories on earth as well as elsewhere in the universe, provided that the laws there offer adequate data protection in accordance with a Resolution of the Swiss Federal Council and – if and to the extent that the General Data Protection Regulation (GDPR) is applicable – that adequate data protection is guaranteed in accordance with a Resolution of the European Commission.
We may transfer personal data to countries whose laws do not guarantee adequate data protection if data protection is ensured for other reasons, in particular on the basis of standard data protection clauses or other appropriate safeguards. In exceptional cases, we may export personal data to countries without adequate or suitable data protection if the special data protection requirements are met, for example the express consent of the data subjects or a direct connection with the conclusion or processing of a contract. On request, we will be happy to provide data subjects with information about any guarantees or provide a copy of said guarantees.
7.1 Rights under data protection law
We grant data subjects all rights in accordance with the applicable data protection law. In particular, data subjects have the following rights:
We may suspend, restrict or refuse to exercise the rights of data subjects to the extent permitted by law. We may inform data subjects of any requirements that need to be met in order to exercise their rights under data protection law. For example, we may refuse to provide information in whole or in part with reference to trade secrets or to protect other persons. For example, we may also refuse the erasure of personal data in whole or in part with reference to statutory retention obligations.
In exceptional cases, we may apply a charge for exercising said rights. We will inform affected persons of any costs in advance.
We are obliged to take appropriate measures to identify data subjects who request information or assert other rights. Data subjects are obliged to cooperate.
7.2 Legal protection
Data subjects have the right to assert their data protection claims through legal channels or to file a complaint or complaint with a competent data protection supervisory authority.
The Federal Data Protection and Information Commissioner(FDPIC) is the data protection supervisory authority for complaints by data subjects about private controllers and federal bodies in Switzerland.
European data protection supervisory authorities for complaints from data subjects – if and insofar as the General Data Protection Regulation (GDPR) is applicable – are organised as members of the European Data Protection Board (EDPB). In some Member States in the European Economic Area (EEA), data protection supervisory authorities are federal, particularly in Germany.
We may use cookies. Cookies – both our own cookies (first-party cookies) and cookies from third parties whose services we use (third-party cookies) – are data that are stored in the browser. Such stored data need not be limited to traditional cookies in text form.
Cookies can be stored in the browser temporarily as ‘session cookies’ or for a certain period of time as so-called persistent cookies. Session cookies are automatically deleted when the browser is closed. Persistent cookies have a certain storage period. In particular, cookies enable us to recognise a browser the next time you visit our website and thus measure the reach of our website, for example. However, persistent cookies can also be used, for other purposes, such as online marketing.
Cookies can be partially or completely deactivated and deleted at any time in your browser settings. Without cookies, our website may no longer be fully available. We actively request your express consent to the use of cookies, if and to the extent necessary.
For cookies that are used to measure success and reach or for advertising, a general opt-out is possible for many services via the AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).
8.2 Logging
Each time you access our website and other online presence, we may log at least the following information, insofar as it is transmitted to our digital infrastructure during such access: Date and time including time zone, IP address, access status (HTTP status code), operating system including user interface and version, browser including language and version, individual sub-page of our website accessed including the amount of data transferred, last website accessed in the same browser window (referrer).
We record such information, which may also represent personal data, in log files. The information is necessary to ensure the permanent provision of our online presence in a user-friendly and reliable manner. The information is also required in order to guarantee data security – including by third parties or with the help of third parties
8.3 Tracking pixels
We may integrate tracking pixels into our online presence. Tracking pixels are also known as web beacons. Tracking pixels, including those from third parties whose services we use, are typically small, invisible images or JavaScript-formulated scripts that are automatically retrieved when you access our online presence. Tracking pixels can be used to record at least the same information as log files.
We send notifications and communications via email and other communication channels such as
9.1 Measuring success and reach
Notifications and communications may contain web links or tracking pixels that track whether an individual message has been opened and which web links have been clicked. Such web links and tracking pixels may also record the use of notifications and communications on a personal basis. We need this statistical recording of usage for measuring success and reach in order to be able to send notifications and communications effectively and in a user-friendly manner as well as permanently, securely and reliably based on the needs and reading habits of recipients.
9.2 Consent and objection
You are required to consent to the use of your email address and other contact addresses, unless the use is permitted for other legal reasons. We can use the ‘double opt-in’ procedure to obtain consent that has been confirmed twice. In this case, you will receive a notification with instructions for the double confirmation. We may log consents obtained, including the IP address and timestamp, for evidence and security reasons.
You can object to receiving notifications and communications such as newsletters at any time. With such an objection, you can also object to the statistical recording of usage for success and reach measurement. We reserve the right to continue to send notifications and communications that are required in connection with our activities and operations.9.3 Dienstleister für Benachrichtigungen und Mitteilungen
9.2 Service providers for notifications and messages
We send notifications and messages with the help of specialised service providers.
In particular, we use:
We use services from specialised third parties in order to be able to carry out our activities and operations in a permanent, user-friendly, secure and reliable manner. Amongst other things, such services allow us to embed features and content on our website. In the event of such embedding, the services used record the IP addresses of the users at least temporarily for technical reasons.
For necessary security-related, statistical and technical purposes, third parties whose services we use may process aggregated, anonymised or pseudonymised data in connection with our activities and operations. This includes, for example, performance or usage data in order to be able to offer the respective service.
In particular, we use:
10.1 Digital infrastructure
We use services from specialist third parties in order to make use of the required digital infrastructure in connection with our activities and operations. These include hosting and storage services from selected providers.
In particular, we use:
10.2 Digital audio and video content
We use specialised third-party services to enable direct playback of digital audio and video content such as music or podcasts.
In particular, we use:
We use extensions for our website to be able to use additional features. We may use selected services from suitable providers or use such extensions on our own server infrastructure.
In particular, we use:
We endeavour to determine how our online services are used. In doing so, we may measure, for example, the success and reach of our activities and operations and the impact of third-party links on our website. However, we may also, for example, try out and compare how different parts or versions of our online offering are used (A/B test method). Based on the results of the success and reach measurement, we may, in particular, correct errors, expand popular content or make improvements to our online offering.
In most cases, the IP addresses of individual users are stored to measure success and reach. In this case, IP addresses are generally truncated (IP masking) in order to comply with the principle of data minimisation by means of corresponding pseudonymisation.
Cookies may be used and user profiles created to measure success and reach. Any user profiles created include, for example, the individual pages visited or the content viewed on our website, details of the size of the screen or browser window and the – at least approximate – location. User profiles are generally only created in pseudonymised form and are not used to identify individual users. Individual third-party services to which users are logged in may be able to assign the use of our online offering to the user account or user profile for the respective service.
In particular, we use:
We have created the original version (German) of this privacy policy using the Datenschutz-Generator from Datenschutzpartner. This is a translation.
We may amend and supplement this privacy policy at any time. We will provide information about such adjustments and additions in a suitable form, in particular by publishing the current data protection statement on our website.