(Version August 2023)

1. Purpose and scope of application

AFIAA Investment Foundation for International Real Estate Investments (hereinafter referred to as «AFIAA» or “we”) obtains and processes personal data relating to you or other persons (so-called third parties).

This Privacy Policy explains how we collect and process personal data (including sensitive personal data; hereinafter referred to as «data»). Data processing at AFIAA is not only governed by this Privacy Policy. AFIAA may also provide separate information about the processing of your data, e.g. in the context of general terms and conditions, terms of contract, declarations of consent, additional data privacy statements, forms and other notices (e.g. via apps or social networks). Furthermore, specific circumstances or legislation may also require AFIAA to process your personal data.

In cases where you provide us with data of other persons (e.g. family members, data of work colleagues, data of employees, etc.), we assume that you are authorised to do so and that this data is correct. By transmitting data about such third parties, you confirm that this is the case. Please ensure that such third parties have been made aware of this Privacy Policy (e.g. by handing over a copy).

This Privacy Policy is designed to meet the requirements of the applicable data protection laws, in particular the requirements of the Swiss Federal Data Protection Act (FADP), the Swiss Data Protection Ordinance (DPO) and – where applicable – the EU General Data Protection Regulation (GDPR). The extent to which these laws apply depends on the individual case.

2. Terms

Personal data: Any information relating to an identified or identifiable natural person.

Particularly sensitive personal data: Data on religious, philosophical, political or trade union beliefs or activities; data on health, privacy or racial or ethnic origin; genetic data; biometric data uniquely identifying a natural person; data on administrative and criminal prosecutions or sanctions; data on social assistance measures.

Data: Personal data and particularly sensitive personal data.

Processing: Any processing of personal data, regardless of the means and methods used, in particular the acquisition, storage, retention, use, modification, disclosure, archiving, deletion or destruction of data.

Disclosure: The transmission of or giving access to personal data.

3. Controllers

AFIAA Investment Foundation for International Real Estate Investments, Zollstrasse 42, 8005 Zurich, is responsible for the processing of data within the scope of this Privacy Policy.

If you have any concerns relating to data protection, please contact us at:

AFIAA Investment Foundation for International Real Estate Investments
c/o AFIAA Real Estate Investment Ltd.
Data Protection Officer
Zollstrasse 42
P.O. Box
8031 Zurich
This email address is being protected from spambots. You need JavaScript enabled to view it.  

To the extent as AFIAA is subject to the General Data Protection Regulation (GDPR), you can contact AFIAA’ Data Protection Officer pursuant to Art. 37 GDPR at the same address.

4. Categories of processed data

We process different categories of data relating to you. The main ones are listed below:

Technical data: We collect technical data when you use our website or other electronic services. For further details, see the Privacy Policy Governing the Use of the AFIAA Website (www.afiaa.com).

Communication data: When you contact us via the contact form, by email, telephone or chat, by letter or by any other means of communication, we collect the data exchanged between you and us, including your contact details and the metadata relating to the communication. If we record or monitor telephone conversations or video conferences, e.g. for training and quality assurance purposes, we will expressly point this out. Such recordings may be made and used solely in accordance with our internal guidelines. You will be alerted if and when such recordings are made, e.g. by means of a display during the video conference in question. If you do not agree with any recording or monitoring, please let us know or stop taking part. If it is only your image you do not want to be recorded, please turn off your camera. If we want or need to establish your identity, e.g. in response to your request for information, we collect data to identify you (e.g. a copy of a valid official identity document).

Communication data consists of your name and contact details (e.g. email address, postal address, telephone number, etc.), the means, place and time of the communication and usually also its content (i.e. the content of emails, letters, chats, etc.). Such data may also contain information about third parties. For identification purposes, we may also process your ID number, a password set by you or your press card. For reliable identification, the following mandatory information must be provided in connection with media enquiries: publisher, name of publication, title, first name, surname, postal address, e-mail address and telephone number of the reporting person.

Contract data: This type of data arises in connection with the conclusion or performance of contracts and includes, for example, information about contracts and the services provided or due, as well as data collected prior to the conclusion of a contract, information required or used for contract performance purposes and information about feedback (e.g. complaints or satisfaction ratings, etc.). This also includes information about third parties. We generally collect such data from you, from contractual partners and from third parties involved in the processing of the contract, but also from third party sources (e.g. providers of credit rating data) and from public sources.

Contract data includes information about the conclusion of the contract, about your contracts, e.g. the type and the date of the contract conclusion, information obtained during the enquiry process (such as an enquiry about our products or services) and information about the contract in question (e.g. its duration) and the processing and administration of the contracts (e.g. information relating to invoicing, customer service, assistance with technical matters and the enforcement of any claims under the contract). On top of this, contract data also includes information about defects, complaints and amendments to a contract, as well as information about customer satisfaction which we may, for instance, collect by means of surveys. Contract data also includes financial data, such as information on credit standing (i.e. information that indicates the likelihood that debts will be paid), on reminders and on debt collection. We receive some of this data from you (e.g. when you make payments), while other data is obtained from credit agencies, debt collection companies and public sources (e.g. commercial registers).

Master data: We define master data as the basic data we require in addition to contract data to process our contractual and other business relationships or for marketing and advertising purposes, such as name, contact details and information e.g. about your role and function, your bank details, your date of birth, customer history, powers of attorney, signature authorisations and consent forms. We process your master data if you are a client or other business contact or work for such a client or business contact (e.g. as a contact person of the business partner), or if we would like to contact you for our own purposes or the purposes of a contractual partner (e.g. in the context of marketing and advertising, involving invitations to events, vouchers, newsletters, etc.). Master data is obtained from you, from offices for which you work or from third parties, e.g. our contractual partners, associations and address dealers, or public sources such as public registers or the internet (websites, social media, etc.). As part of our master data processing, we may also process information about third parties. Moreover, we may collect master data from our shareholders and investors.

Master data includes, for example, data such as name, address, email address, telephone number and other contact details, gender, date of birth, nationality, marital status, details of affiliated persons, websites, social media profiles, photos and videos or copies of identification documents; also, details of your business relationship with us (client, supplier, visitor, beneficiary, etc.), details of your status with us, allocations, classifications and mailing lists, details of our interactions with you (including, where applicable, a history of such interactions with corresponding entries), reports (e.g. from the media) and official documents (e.g. excerpts from the commercial register, authorisations, etc.) relating to you. With regard to payment data, we collect, among others, your bank details, account number and credit card details. Consent or blocking notes are also part of the master data, as is information about third parties, e.g. contact persons, recipients of services or representatives.

The master data we process for contact persons and representatives of our clients, suppliers and partners includes, for example, name and address, details of role, function in the company, qualifications and, where applicable, details of superiors, employees and subordinates as well as particulars regarding interactions with these persons.

Master data is not collected comprehensively for all contacts. The specific data we collect depends in particular on the processing purpose.

Behaviour and preference data: Depending to your relationship with AFIAA, we endeavour to get to know you and tailor our products and services to your needs. To this end, we collect and use data relating to your behaviour and preferences. This is done through analysis of information about your behaviour in our sector, and we may supplement this information with data obtained from third parties, including from public sources. Some of the data processed for this purpose is already known to us (e.g. from your use of our services), while other data comes from recording your behaviour (e.g. how you navigate our website).

Behaviour data refers to information about certain actions, for instance your response to electronic communications (e.g. whether and when you open an email), or about your location or your interaction with our social media profiles and your participation in raffles, competitions and similar events. We may, for example, collect your location data when you use our website. We do not create a personalised movement profile without obtaining your prior express and separate declaration of consent.

Preference data helps us understand your needs, what products or services may be of interest to you, or when and how you are likely to respond to messages from us. This information is obtained through analysis of existing data, such as behaviour data, which helps us get to know you, tailor our advice and service to your needs and improve our services in general. To optimise the quality of our analyses, we may combine this data with other data that we also obtain from third parties such as address dealers, government offices and public sources such as the internet or social media.

Behaviour and preference data may be analysed in relation to individual persons (e.g. to show you personalised advertising), or non-personalised (e.g. for market research or product development purposes). Behaviour and preference data may also be combined with other data.

Other data: We also collect your data in other situations. For instance, data is collected in connection with official or judicial proceedings (such as files, evidence, etc.), that may also relate to you. We may also collect data on health and safety grounds (e.g. as part of health and safety policies). Furthermore, we may obtain or produce photographs, videos and sound recordings in which you may be identifiable (e.g. at events, through security cameras, etc.). We may also collect data on who enters certain buildings at what time or has relevant access rights (e.g. in the case of access screening, based on registration data or visitor lists, etc.), who participates in events or campaigns and at what time, or who uses our infrastructure and systems. Finally, we collect and process data relating to our investors; aside from master data, this includes information required for the relevant registers and data relating to the exercise of their rights and the organisation of events (e.g. investors’ meetings).

Most of the above data is provided by you (e.g. via forms, as part of your communication with us, in connection with contracts, during the use of our website, in the context of user accounts, registrations, etc.). You are not obliged to provide this data, except in specific cases, e.g. in the context of legal requirements. If you wish to conclude contracts with us or claim benefits, you also need to provide data as part of your contractual obligations under the relevant contract, in particular master data, contract data and registration data. When you use our website, the processing of technical data is unavoidable. If you want to gain access to certain systems, you are required to provide us with registration data. However, in the case of behaviour and preference data, you generally have the option of objecting or withholding consent.

We do not provide certain services to you unless you submit registration data, either because we, or our contractual partners, want to know who is using our services or has accepted an invitation to an event, because it is technically necessary or because we want to communicate with you. If you or someone you represent (e.g. your employer) wants to conclude or perform a contract with us, we need to collect the relevant master, contract and communication data from you and we also process technical data if you want to use our website or other electronic services for this purpose. If you fail to provide us with the data required for the conclusion and performance of the contract, you may have to accept that we will refuse to conclude the contract, that you will be in breach of contract or that we will not perform the contract. Similarly, we can only send you a response to a request you have submitted if we process the relevant communication data and, in the case of online communication, technical data, where applicable.

Where admissible, we also obtain data from public sources (e.g. debt collection registers, land registers, commercial registers, the media or the internet, including social media) or obtain data from other companies within our group, from public authorities and from other third parties (such as credit agencies, address dealers, associations, contract partners, internet analysis services, etc.).

The categories of personal data relating to you that we obtain from third parties include, but are not limited to, information from public registers, information that we obtain in connection with governmental and legal proceedings, information relating to your professional positions and activities (for example, for the purpose of concluding and processing transactions with your employer with your assistance), information relating to you in correspondence and meetings with third parties, credit ratings (insofar as we conduct business with you personally), information relating to you which is provided to us by persons close to you (family, advisors, legal representatives, etc.) for purposes of concluding or processing contracts with you or with your involvement (e.g. references, your address for deliveries, powers of attorney, information on compliance with statutory requirements such as those relating to combating fraud, money laundering and terrorism), information from banks, insurance companies and sales or other contract partners of ours regarding your use or provision of services (e.g. payments, purchases, etc.), information about you obtained from the media and the internet (where appropriate in specific cases, e.g. as part of a job application, etc.), your address and, where applicable, interests and other socio-demographic data (especially for marketing and research purposes) and data in connection with the use of third-party websites and online services where such use can be attributed to you.

5. Purposes of data processing

We process your data for the following purposes:

Communication: This relates to all purposes in connection with which we communicate with you, whether in the context of customer service, for authentication in the event of your use of the website or for training and quality assurance (e.g. in the customer service context). We process communication data for the purpose of communicating with you by email and telephone, as well as by messenger services, chat, social media and letter. Communication with you usually takes place in connection with other processing purposes, e.g. to allow us to provide services or respond to a request for information. Our data processing also serves to provide evidence of the communication and its content.

Establishment and performance of contracts: We conclude contracts of various kinds with our clients, suppliers, subcontractors or other contractual partners, such as project partners or parties to legal disputes. In particular, we process master data, contract data and communication data as well as the client’s registration data, if applicable. During the business procurement process, personal data – in particular master data, contract data and communication data – is collected from potential clients or other contractual partners or is derived from communication. In connection with the conclusion of the contract, we may also process data to check creditworthiness or identity or for the purpose of establishing a business or client relationship. To some extent, we verify this information as well as data from the criminal and debt collection registers to ensure compliance with legal requirements.

As part of the performance of our contractual relationships, we process data for the purposes of managing customer relationships, providing and receiving contractual services (which also includes the involvement of third parties, such as banks, insurance companies or credit agencies, which may in turn provide us with data), consulting and customer service. The enforcement of legal claims arising from contracts (debt collection, legal proceedings, etc.) is also part of the processing, as are bookkeeping, the termination of contracts and public communication.

Marketing and business relationship management: We process data for marketing purposes and to cultivate business relationships, e.g. to send our clients and other contract partners personalised advertising on our products and services. This may take the form of newsletters or other regular contacts (e.g. electronically, by post), via other channels for which we have your contact details, as well as in the context of individual marketing campaigns (e.g. events, competitions, etc.) and may also include free benefits, such as invitations. You may decline such contacts at any time or refuse or revoke your consent to be contacted for advertising purposes.

Our business relationship management activities also include contacting existing clients and their contacts. In this context, we may also maintain a customer relationship management system ("CRM") in which we store the data on clients, suppliers and other business partners that we require for our relationship management, e.g. data regarding contact persons, relationship history (e.g. relating to products and services purchased or supplied, interactions, etc.), interests, requests and marketing measures (newsletters, invitations to events, etc.).

Improvement of services and operations as well as product development: For the purpose of continuously improving our services and our operations as well as for product development purposes, we may, for instance, analyse how you navigate our website or which services are used by specific groups of people and in which way. To this end, we specifically process master data, behaviour data and preference data, communication data and information from customer surveys, polls and studies as well as other information, e.g. obtained from the media, social media, the internet or other public sources. Where possible, we use pseudonymised or anonymised information for these purposes.

Security and access management: We routinely assess and improve the adequacy of the security of our IT systems and other infrastructure (e.g. buildings). Since, like any other business, we cannot eliminate the possibility of data breaches with absolute certainty, we take all reasonable measures to reduce the risks. We therefore process data e.g. for purposes of monitoring, controls, analyses and tests of our networks and IT infrastructures, for system and error checks, for documentation purposes and for the purposes of backup copies. Our access management activities include, on the one hand, controlling access to electronic systems (e.g. logging into user accounts) and, on the other hand, physical access controls (e.g. access to buildings). For security purposes (to prevent and/or clarify incidents), we also keep access logs or visitor lists.

Compliance: We process data to ensure compliance with laws, official directives and recommendations as well as internal regulations. This includes, for instance, combating money laundering and the financing of terrorism as regulated by law. In certain cases, we may be required to make specific enquiries about clients (“Know Your Customer”) or make reports to authorities. Furthermore, we process data to comply with disclosure, information and reporting requirements, e.g. in connection with statutory, supervisory and tax obligations. This also includes the acceptance and processing of complaints and other reports, the monitoring of communications, internal investigations or the disclosure of documents to an authority if there are sufficient grounds, or we are legally obliged, to do so. Your personal data may also be processed in the event of external investigations, e.g. by a law enforcement or supervisory authority or a contracted private body. We also process data for the purpose of serving our investors and meeting our obligations in this regard. The data we process for all of these purposes includes, in particular, master data, contract data, communication data and other data. Among such statutory or legal obligations may be Swiss law, as well as foreign regulations to which we are subject, self-regulation, industry standards, our own corporate governance and official directives and requests.

Further purposes: These include, in particular, quality, training and educational purposes, administrative purposes (e.g. the administration of master data, bookkeeping, data archiving as well as monitoring, administration and ongoing improvement of the IT infrastructure), for the purpose of judicial or official assertion and enforcement of claims in Switzerland and abroad, or for the defence against claims brought against us. As far as reasonable, the protection of other legitimate interests is also part of the further purposes, the list of which is not exhaustive.

6. Legal basis of data processing

Where we do not ask for your consent to our processing, we process your personal data on the basis that this is necessary for the conclusion or performance of a contract with you (or the body you represent) or that we or a third party have a legitimate interest in doing so, in particular to pursue the purposes and related objectives described in Section 5 above and to take appropriate measures, or on the basis that the processing is provided for by law. Our legitimate interests also include compliance with statutory provisions unless these are already recognised as a legal basis by the applicable data protection law.

7. Obligation to provide data

In the context of our business relationship, you are required to provide such personal data as is necessary for the establishment and performance of a business relationship and the fulfilment of the associated contractual obligations. In the absence of this data, we will generally not be in a position to enter into or perform a contract with you (or the body or person you represent).

8. Data transfer to third parties

In the context of our business activities and the purposes set out in Section 5, we also disclose data to third parties, insofar as this is permitted and appropriate, either because such third parties process the data on our behalf or because they want to use the data for their own purposes. This specifically relates to the following third parties:

• our service providers, including contractors (e.g. IT providers, Property Manager, valuation experts, advisers);
• distributors, suppliers, subcontractors and other business partners;
• clients;
• Swiss and foreign authorities, official agencies or courts;
• buyers or parties interested in buying business units;
• other parties to potential or actual legal proceedings;
• AFIAA subsidiaries;
• AFIAA's management company, AFIAA Real Estate Investment Ltd., and its subsidiaries.

9. Transfer of data abroad

As set out in Section 8, AFIAA also discloses data to third parties. As a rule, such third parties are located in Switzerland or in the EU/EEA area.

Where recipients are located in a country that lacks adequate data protection, we require the recipient by contract to comply with the applicable data protection laws unless the recipient is already subject to legally recognised data protection regulations and we can invoke an exemption clause. Such exception may apply specifically in the case of legal proceedings abroad, but also in cases of overriding public interest or if the performance of a contract requires such disclosure, if you have given your consent or if you have made the data generally accessible and have not objected to its processing.

10. Period of data retention

We process and store your personal data as long as required for the performance of our contractual and legal obligations or for other purposes associated with the processing, i.e., for example, for the duration of the entire business relationship (from initiation and performance to the termination of a contract) as well as beyond pursuant to the statutory retention and documentation requirements. In this context, personal data may be retained for the time during which claims can be made against our company, or to the extent that we are otherwise required to retain the data by law or that legitimate business interests require us to do so (e.g. for evidence and documentation purposes). Once your personal data is no longer required for the above purposes, it will be deleted or anonymised as a matter of principle and to the extent possible. Operational data (e.g. system logs, other logs) are generally subject to shorter retention periods of twelve months or less.

11. Data security

We take appropriate security measures to ensure the confidentiality, integrity and availability of your personal data, to protect it against unauthorised or unlawful processing and to mitigate the risks of loss, accidental modification, unauthorised disclosure or access.

Our technical and organisational security practices may include measures such as encryption and pseudonymisation of data, logging, access restrictions, backup storage, instructions to our employees, confidentiality agreements and checks. While in transit, we protect any data you transmit via our website by using appropriate encryption mechanisms. However, we can only safeguard the areas that we control. We also oblige our contractors to take appropriate security measures. Nevertheless, it is generally impossible to completely rule out all security risks, and some residual risks are unavoidable.

12. Rights of data subjects

You have the following rights in connection with our data processing activities:

• the right to request information if and which of your data we process;
• the right to have your data corrected by us if it is inaccurate or incomplete;
• the right to request the deletion or destruction of your data;
• the right to request that we restrict the processing of your personal data;
• the right to request that we provide specific personal data in a standard electronic format or transfer it to another data controller;
• the right to withdraw consent in whole or in part, if our processing is based on your consent;
• the right to request and receive further information necessary for the exercise of these rights.

If you wish to assert any of the above rights, please send your duly signed request, together with a copy of a valid official identification document (ID or passport), to the following address:

AFIAA Investment Foundation for International Real Estate Investments
c/o AFIAA Real Estate Investment Ltd.
Data Protection Officer
Zollstrasse 42
P.O. Box
8031 Zurich

We reserve the right to impose the restrictions prescribed by law, for example in the event that we are obliged to retain or process certain data, have an overriding interest in doing so (insofar as we are entitled to rely on this) or require such retention or processing for the assertion of claims. We will notify you in advance if you will incur any costs. The exercise of your rights as a data subject may also conflict with contractual agreements, which may result in the termination of the contract or in costs. We will notify you accordingly in advance unless the matter is already covered by a contract.

In addition, all data subjects have the right to enforce their claims in court or to lodge a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Swiss Federal Data Protection and Information Commissioner (https://www.edoeb.admin.ch/edoeb/en/home.html).

13. Final provisions

AFIAA may amend this Privacy Policy at any time without prior notice. The current version as published on our website (www.afiaa.com) applies.

Should one or several of the provisions of this Privacy Policy be invalid, unlawful or unenforceable, the validity of the remaining provisions shall not be affected.

This Privacy Policy is governed exclusively by Swiss law, excluding any conflict of law provisions. The exclusive place of jurisdiction is Zurich.

In the event of any ambiguities and/or inconsistencies between the German, French and English texts of this Privacy Policy, the German text shall prevail.

 

II. Privacy Policy Governing the Use of the AFIAA Investment Foundation for International Real Estate Investments Website

(Version August 2023)

1. Purpose and scope of application

This Privacy Policy explains how AFIAA collects and processes personal data when you use the AFIAA website.

In cases where you provide us with personal data (including particularly sensitive personal data; for the definition, see Chapter I. Section 2 above) of other persons (e.g. family members, data of work colleagues, data of employees, etc.), we assume that you are authorised to do so and that this data is correct. By transmitting data via such third parties, you confirm that this is the case. Please ensure that such third parties have been made aware of this Privacy Policy (e.g. by handing over a copy).

This Privacy Policy is designed to meet the requirements of the applicable data protection laws, in particular the requirements of the Swiss Federal Data Protection Act (FADP), the Swiss Data Protection Ordinance (DPO) and - where applicable - the EU General Data Protection Regulation (GDPR). The extent to which these laws apply depends on the individual case.

2. Extent of data collection

The use of our website is generally possible without providing any personal data. However, if you want to access special services via our website, we may need to process your personal data.

When you visit our website, we primarily collect and process your data in order to provide you with an interesting, user-friendly, functional, stable and secure website including its content and services. If you contact us via a respective function (e.g. correspondence via e-mail, contact form, etc.), we record the communication between you and us as well as the personal data transmitted to us in this context for administration and communication purposes.

If you apply for a job, you must provide us with personal information and, if necessary, particularly sensitive personal data. This specifically includes personal details, education, work experience and skills as well as standard correspondence data such as postal address, e-mail address and telephone number. In addition, all documents submitted by you in connection with the application, such as cover letter, CV and references, will also be processed. Applicants may also provide us voluntarily with additional information. We process your application data for the purpose of meeting our (pre-)contractual obligations in connection with the application process and will only store, evaluate, process or forward such data internally in connection with your application. Furthermore, your data may be processed for statistical purposes (e.g. reporting). In this case, individuals are not identifiable. When you apply for a position with us, you expressly consent to the use of this information.

You have the right to object to this data processing and withdraw your application at any time. Please send your objection to the designated contact person in the job advertisement.

In other all respects, online applications are subject to the current Data Privacy Regulations governing the job application platform of Avadis Vorsorge AG.

If we conclude an employment contract with you, your submitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the application process concludes without employment, your data will be stored for another 3 months for documentation purposes before being deleted, unless you have consented that we may use your details for further application processes. You have the option to subsequently revoke this consent at any time. In this case, please send your revocation to the address mentioned in the chapter “Controllers and contact”.

3. Server log files

AFIAA automatically collects and stores information in its server log files that your browser sends to us. These are: Browser type/version, operating system used, referrer URL (the previously visited page), host name of the accessing computer (IP address) and time of the server request. This data is not used in conjunction with data from other sources.

4. Cookies

This website uses cookies. The use of cookies offers the possibility to temporarily store data and serves to make our offer more user-friendly, more effective, and safer. Cookies are small text files that are stored on your computer and saved by your browser. Most of the cookies we use are so-called “session cookies”. They are automatically deleted at the end of your visit. Cookies do not damage your computer and do not contain viruses.

You can select a setting in your browser that notifies you when cookies are set and only allows cookies in individual cases, generally excludes the acceptance of cookies for certain cases and activates the automatic deletion of cookies when you close your browser. If you deactivate cookies, you may no longer be able to use all the functions of this website. The steps you need to take to check and delete cookies depend on the browser you are using. You can find the relevant information in the help menu of your browser.

When you visit our website, some cookies from third-party companies may also be stored on your end device. These cookies allow you and AFIAA to use certain services offered by the third-party company. If third-party cookies are used or cookies are used for analytical purposes, we will notify you separately in the context of this Privacy Policy.

5. Web beacons

Single pixel gifs, so-called web beacons, are automatically placed in every newsletter. These are invisible graphic files that are associated with the user ID of the respective e-mail recipient. For each newsletter sent, the web beacons provide information about which recipients have opened the newsletter, when the newsletter was opened and whether certain links within the newsletter were clicked on. This data is used for statistical, anonymous evaluations and to optimise the content and structure of the newsletter.

In order to prevent the use of web beacons in our newsletters, you must set up your mail program so that no HTML is displayed in messages.

6. Google services

Our website uses various services provided by Google LLC based in the USA or, if you have your usual place of residence in the EU, the EEA or Switzerland, by Google Ireland Ltd based in Ireland. We use the following Google services on our websites:

• Google Tag Manager
• Google Analytics

Google uses technologies such as cookies, browser web storage and tracking pixels to analyse your use of our website. The resulting information about your use of our website may be transmitted to a Google server in the USA or in other countries and may be stored there.

We use tools provided by Google which, according to Google, can process personal data in countries where Google or its subcontractors maintain facilities. Pursuant to its “Data Processing Addendum for Products where Google is a Data Processor”, Google provides an adequate level of data protection by relying on the EU standard contract clauses. Further information about Google’s processing and privacy settings is available in Google’s privacy policy or privacy settings.

7. Google Tag Manager

Our website uses Google Tag Manager which provides an efficient tool to manage website tags. Website tags are placeholders stored in the website’s source code to record, for instance, the integration of frequently used website elements, such as code for web analytics services. Google Tag Manager triggers other tags that may in turn collect data. The latter data is, however, not accessed by Google Tag Manager. A deactivation that has been applied at domain or cookie level remains in place for all tracking tags implemented with Google Tag Manager. For more information, please refer to the Google Tag Manager Terms of Use.

8. Google Analytics

In order to recognise trends and improve our online services, we use the web analytics service Google Analytics 4.

Google Analytics 4 uses cookies that are stored on your end device (laptop, tablet, smartphone, etc.) to analyse your use of our website. This helps us to evaluate user behaviour on our website and improve our services based on the resulting statistics/reports.

In Google Analytics 4, the anonymisation of IP addresses is activated by default. This means that Google truncates your IP address in Switzerland or the EU/EEA prior to transmission. Google uses this information to evaluate your pseudonymous use of our website, compile reports on website activity and provide us with other services relating to website activity and internet usage. According to Google, the IP address transmitted by your browser in connection with Google Analytics will not be merged with other Google data. When you visit our website, your user behaviour is recorded in the form of events (such as page views, interaction with the website or your “click path”) as well as other data such as your approximate location (country and city), technical information about your browser and the end devices you use, or the referrer URL, i.e. the website / advertising medium through which you arrived at our website.

You can prevent the installation of cookies by adjusting your browser software accordingly. However, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.

An overview of data usage in Google Analytics and the measures taken by Google to protect your data can be found in the Google Analytics Help. For more information on the Google Analytics Terms of Use and Google’s Privacy Policy, please refer to the respective documents.

By using the AFIAA website, you consent to Google processing the data collected about you in the manner and for the purposes described above. You may opt out of the collection of data by Google Analytics for the future by installing a deactivation add-on for your browser: https://tools.google.com/dlpage/gaoptout?hl=de (opens in a new window).

9. Social media presence

We have social media profiles on LinkedIn and Facebook.

The data you enter on our social media profiles is published by the social media platform and will not be used or processed by us for any other purpose at any time. However, we reserve the right to delete content if this should be necessary. At most, we communicate with you via the social media platform.

Operators of social media platforms employ web tracking methods. Web tracking, which is beyond our control, may occur regardless of whether you are logged in or registered with the social media platform.

Further details on data processing and additional information on your respective rights and configuration options regarding the protection of your privacy as well as your right to opt out of the creation of user profiles by the provider of the social media platform are included in the privacy policy of the respective provider.

10. Transfer to third parties

We generally treat your data as confidential and do not pass it on without your consent unless we are legally obliged or entitled to do so, or unless this is necessary to enforce our rights, in particular to assert any claims arising from the contractual relationship.

Furthermore, we disclose your personal data to third parties if this is necessary or expedient in the context of your use of the AFIAA website or for the potential provision of services requested by you (including off-website services).

In particular, we disclose your data to the following categories of recipients:

• our service providers including contractors (e.g. IT providers, Property Manager, valuation experts, advisers);
• suppliers, subcontractors and other business partners;
• clients;
• Swiss and foreign authorities, official agencies or courts;
• buyers or parties interested in buying business units;
• other parties to potential or actual legal proceedings;
• AFIAA subsidiaries;
• AFIAA's management company, AFIAA Real Estate Investment Ltd., and its subsidiaries.

In this context, the legal regulations governing the transfer of data to third parties are complied with as a matter of course. If we use contractors to provide our services, we take appropriate legal safeguards as well as corresponding technical and organisational measures to ensure the protection of your data in accordance with the relevant statutory regulations.

11. Transfer of data abroad

As set out in Section 7, AFIAA also discloses data to third parties which are generally located in Switzerland or in the EU/EEA.

Where recipients are located in a country that lacks adequate data protection, we require the recipient by contract to comply with the applicable data protection laws unless the recipient is already subject to a set of regulations recognised by law to ensure data protection and we can invoke an exemption clause. Such exemption may apply specifically in the case of legal proceedings abroad, but also in cases of overriding public interest or if the performance of a contract requires such disclosure, if you have given your consent or if you have made the data generally accessible and have not objected to its processing.

12. Period of data retention

We exclusively process and store your data for the period of time required to achieve the purpose of storage or if such processing and storage is stipulated by laws or regulations that we are subject to. If the purpose of storage no longer applies or if a prescribed retention period expires, your data will be routinely blocked or deleted in accordance with the statutory provisions.

13. Data security

We employ technical and organisational security measures to protect your data against manipulation, loss, destruction or access by unauthorised persons, and to ensure the protection of your rights and compliance with the applicable data protection regulations.

The measures taken are designed to ensure the confidentiality and integrity of your data and to ensure the long-term availability and resilience of our systems and services for the processing of your data. They are also designed to ensure the swift restoration of availability and access to your data in the event of a physical or technical incident.

The website www.afiaa.com is operated with a valid SSL certificate. Thanks to SSL certificates, the confidentiality of online traffic is maintained despite the public nature of the Internet, and connections to the www.afiaa.com website are encrypted via HTTPS. AFIAA has also taken appropriate technical and organisational security measures to protect your data from loss and unauthorised access.

Our data processing and security measures are subject to continuous improvement in line with technological developments. We also take our in-house data protection very seriously. Our employees and the service providers we engage are obliged to maintain confidentiality and to comply with the provisions of the data protection laws. Moreover, access to personal data is granted on a need-to-know basis.

14. Your rights

As regards data processing in connection with your use of the AFIAA website, you have the following rights:

• the right to request information if and which of your data we process;
• the right to have your data corrected by us if it is inaccurate or incomplete;
• the right to request the deletion or destruction of your data;
• the right to request that we restrict the processing of your personal data;
• the right to request that we provide specific personal data in a standard electronic format or transfer it to another data controller;
• the right to withdraw consent in whole or in part, if our processing is based on your consent;
• the right to request and receive further information necessary for the exercise of these rights.

We reserve the right to impose the restrictions prescribed by law, for example in the event that we are obliged to retain or process certain data, have an overriding interest in doing so (insofar as we are entitled to rely on this) or require such retention or processing for the assertion of claims. We will notify you in advance if you will incur any costs. The exercise of your rights as a data subject may also conflict with contractual agreements, which may result in the termination of the contract or in costs. We will notify you accordingly in advance unless the matter is already covered by a contract. In addition, all data subjects have the right to enforce their claims in court or to lodge a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Swiss Federal Data Protection and Information Commissioner (https://www.edoeb.admin.ch/edoeb/en/home.html).

To exercise these rights, please refer to the contact details below.

15. Controllers and contacts

AFIAA Investment Foundation for International Real Estate Investments, Zollstrasse 42, 8005 Zurich is responsible for the collected and acquired data.

If you wish to assert any of the above rights (see Section 11), please send your duly signed request, together with a copy of a valid official identification document (ID or passport), to the following address:

AFIAA Investment Foundation for International Real Estate Investments
c/o AFIAA Real Estate Investment Ltd.
Data Protection Officer
Zollstrasse 42
P.O. Box
8031 Zurich

16. Final provisions

AFIAA may amend this Privacy Policy at any time without prior notice. The current version published on our website (www.afiaa.com) applies.

Should one or several of the provisions of this Privacy Policy be invalid, unlawful or unenforceable, the validity of the remaining provisions shall not be affected.

This Privacy Policy is governed exclusively by Swiss law, excluding any conflict of law provisions. The exclusive place of jurisdiction is Zurich.

In the event of any ambiguities and/or inconsistencies between the German, French and English texts of this Privacy Policy, the German text shall prevai