EPIC understands that your privacy is important to you and that you care about how your personal data is used and shared online. We respect and value the privacy of everyone who visits this website: www.epic.ch or any other website operated by EPIC ("Website") and (subject to the limited exceptions in section 4, below) we do not collect personal data about you unless you contact us (see section 5, below). Any personal data we do collect will only be used as permitted by law.
Please read this Data Protection Policy for Websites ("Policy") carefully and ensure that you understand it. Your acceptance of the Policy is deemed to occur upon your first use of the Website. If you do not accept and agree with this Policy, you must stop using the Website immediately.
In this Policy, the following terms shall have the following meanings:
EPIC Suisse SA (including all its direct and indirect subsidiaries), Alrov Properties & Lodgings Ltd, EPIC Luxembourg SA and European Property Investment Corporation Ltd.
This Policy applies only to your use of the Website. The Website may contain links to other websites. Please note that we have no control over how your data is collected, stored, or used by other websites and we advise you to check the privacy policies of any such websites before providing any data to them.
You have the right to ask for a copy of any of your personal data held by us (where such data is held). Please contact us for more details at email@example.com.
If you have any questions about the Website or this Policy, please contact us by email at firstname.lastname@example.org. Please ensure that your query is clear, particularly if it is a request for information about the data we hold about you.
We may change this Policy from time to time (for example, if the law changes). Any changes will be immediately posted on the Website and you will be deemed to have accepted the terms of the Policy on your first use of the Website following the alterations. We recommend that you check this page regularly to keep up-to-date.
This Policy will enter into force on 1 September 2023.
This Policy sets out the obligations of the Firm regarding data protection and the rights of the Partners in respect of their personal data under the Swiss Data Protection Act ("DPA") and General Data Protection Regulation (“GDPR”), as amended from time to time (collectively "Regulation").
The Regulation defines “personal data” as any information relating to an identified or identifiable natural person (a Partner); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
This Policy sets out the procedures that are to be followed when dealing with personal data of Partners.
Please contact us if you have any questions relating to this Policy or the personal data we hold about you. Either contact us by email email@example.com or write to the Portfolio Director, Philipp Küchler, at: Data Protection Officer, EPIC Suisse AG, Seefeldstrasse 5a, 8008 Zurich.
We process your personal data in order to perform our obligations under the respective contract concluded with you or to be concluded with you in the future, or for the purpose of other legitimate interests, or in order to comply with a legal duty imposed on the Firm in connection with the respective contract.
The following personal data may be collected, held, and processed by the Firm: your name, ID or passport, telephone number(s), mailing address, email address, social security number, bank details, tax declaration, salary information, debt register extract, marital status and any other information relating to you which you have provided us.
Generally, the Firm may collect your personal data in the following ways:
This Policy aims to ensure compliance with the Regulation. The Regulation sets out the following principles with which any party handling personal data must comply. All personal data must be:
The Firm shall carry out Privacy Impact Assessments as defined in the Regulation when and as required under the Regulation. Privacy Impact Assessments shall be overseen by the Firm’s data protection officer and shall address the following areas of importance:
Under the Regulation you have the following rights:
The Firm generally provides the following information to Partners when personal data is collected (non-exhaustive list):
As far as the Partner does not already have the information, the information set out above in section 8.1 shall be provided to the Partner at the following applicable time:
A Partner may make a subject access request ("SAR") at any time to find out more about the personal data which the Firm holds about them. The Firm is normally required to respond to SARs within one month of receipt (this can be extended by up to two months in the case of complex and/or numerous requests, and in such cases the Partner shall be informed of the need for the extension).
All subject access requests received must be forwarded to firstname.lastname@example.org, the Firm’s data protection officer.
The Firm does not charge a fee for the handling of normal SARs. The Firm reserves the right to charge reasonable fees for additional copies of information that has already been supplied to a Partner, and for requests that are manifestly unfounded or excessive, particularly where such requests are repetitive.
If a Partner informs the Firm that personal data held by the Firm is inaccurate or incomplete, requesting that it be rectified, the personal data in question shall be rectified, and the Partner informed of that rectification, within one month of receipt the Partner’s notice (this can be extended by up to two months in the case of complex requests, and in such cases the Partner shall be informed of the need for the extension).
In the event that any affected personal data has been disclosed to third parties, those parties shall be informed of any rectification of that personal data (unless it is impossible or would require disproportionate effort to do so).
Partners may request that the Firm erases the personal data it holds about them in the following circumstances:
Unless the Firm has reasonable grounds to refuse to erase personal data, all requests for erasure shall be complied with, and the Partner informed of the erasure, within one month of receipt of the Partner’s request (this can be extended by up to two months in the case of complex requests, and in such cases the Partner shall be informed of the need for the extension).
In the event that any personal data that is to be erased in response to a Partner request has been disclosed to third parties, those parties shall be informed of the erasure (unless it is impossible or would require disproportionate effort to do so).
Partners may request that the Firm ceases processing the personal data it holds about them. If a Partner makes such a request, the Firm shall retain only the amount of personal data pertaining to that Partner that is necessary to ensure that no further processing of their personal data takes place.
In the event that any affected personal data has been disclosed to third parties, those parties shall be informed of the applicable restrictions on processing it (unless it is impossible or would require disproportionate effort to do so).
The Partner has the legal right under the Regulation to receive a copy of their personal data and to use it for other purposes (namely transmitting it to other data controllers, e.g. other organizations).
To facilitate the right of data portability, the Firm shall make available all applicable personal data to the Partner in the appropriate format.
Where technically feasible, if requested by a Partner, personal data shall be sent directly to another data controller.
All requests for copies of personal data shall be complied within one month of the Partner’s request (this can be extended by up to two months in the case of complex requests or numerous requests, and in such cases the Partner shall be informed of the need for the extension).
Partners have the right to object to the Firm processing their personal data based on legitimate interests (including profiling), direct marketing (including profiling).
Where a Partner objects to the Firm processing their personal data based on its legitimate interests, the Firm shall cease such processing forthwith, unless it can be demonstrated that the Firm’s legitimate grounds for such processing override the Partner’s interests, rights and freedoms; or the processing is necessary for the conduct of legal claims.
In the event that the Firm uses personal data for the purposes of automated decision-making and those decisions have a legal (or similarly significant effect) on the Partner, the Partner have the right to challenge to such decisions under the Regulation, requesting human intervention, expressing their own point of view, and obtaining an explanation of the decision from the Firm.
Where the Firm uses personal data for profiling purposes, the following shall apply:
The Firm shall ensure that all its employees working on its behalf comply with the appropriate and necessary technical and organizational data protection measures when working with personal data.
In the event a consent was given, Partners have the right to withdraw such consent given at any time by sending a written notice or email to the Firm's data protection officer.
This Policy shall enter into force on 1 September 2023.
This policy governs the video monitoring by EPIC Suisse AG (including all its direct and indirect subsidiaries), Alrov Properties & Lodgings Ltd, EPIC Luxembourg SA and European Property Investment Corporation Ltd. ("EPIC") in EPIC real estate premises ("Premises") with the purpose of preventing material damage, theft and facilitating the prosecution thereof. Video monitoring also serves to protect the employees of the customer, its own customers and visitors as well as any other users of the Premises from criminal acts in the monitored areas. If EPIC's tenants themselves conduct video monitoring, it is their responsibility to comply with the applicable laws.
Video monitoring can be installed in public areas of the Premises and shall, as far as possible, not cover other parts of the Premises, in particular no workplaces and sanitary facilities.
When selecting and setting up the video monitoring system EPIC must comply with all applicable laws.
The users of the Premises must be made aware of the video monitoring system by means of the information board provided (e.g. a pictogram with a camera on it). The information board or, if necessary, several information boards must be placed clearly visible in the entry areas of the Premises.
The monitoring can be carried out in real time or delayed by the employees or persons designated by EPIC ("EPIC Staff"). Monitoring shall be carried out on a random basis and is not directed towards specific individuals.
In case of suspicion of actions which violate Clause 1 of this Policy, the relevant recordings must be evaluated on an individual basis within seven days. If the suspicion is not confirmed, the relevant recordings must be deleted immediately. All recordings that are not evaluated on the basis of a suspicion shall be irrevocably deleted after two months.
In the event that an infringement of Clause 1 of this Policy is found, the recordings evaluated by the EPIC Staff will be stored securely for evidence purposes until the specific case has been clarified/prosecuted.
The access to any recordings and/or to the technical monitoring system should be limited to a few authorized EPIC Staff-members which are entitled to: (i) view and evaluate recordings retrospectively; (ii) view and evaluate recordings in real time; (iii) delete recordings; and (iv) access the technical surveillance system.
If external bodies (agents/appointees) are assigned with the technical maintenance, a data protection agreement (including, if applicable, a data processing agreement) must be concluded.
Video monitoring, as a rule, does not involve concealed monitoring. In exceptional cases, EPIC may use concealed monitoring in which video cameras are used independently of the video monitoring system, subject to the following conditions.
Persons identified within personal evaluation are made individually aware of:
The notification shall take place within a reasonable period of time, unless the information would make it impossible or considerably more difficult to prevent, investigate or establish and prosecute criminal offences or acts which contradict the purpose of this Policy according to Clause 1. If the notification to the identified person is not to be provided as a temporary measure, the EPIC privacy officer must be consulted, in particular to ensure that the rights of the identified person are respected.
Identified persons must be made aware of their rights under the privacy law applicable to them, in particular the rights related to:
The identified person who intends to exercise any of the above rights must identify himself/herself. Actions necessary for the exercise of these rights shall be free of charge, unless the number and nature of the requests are high and contrary to the principle of good faith.
The rights of the identified person may be restricted if the prevention, investigation or establishment and prosecution of criminal offences or acts which are contrary to the purpose of this Policy according to Clause 1 are rendered impossible or considerably impeded thereby or if it is necessary for the protection of rights of privacy of other persons.
Recordings and other personal data of an identified person may only be transferred to the competent authorities or to insurance companies within the reporting of a criminal offence or as part of the assertion of civil law claims.
Before a possible transfer a profound analysis of the necessity as well as the compliance with the purpose of monitoring and this Policy must be carried out. The transfer of recordings to other persons outside EPIC is excluded, except in cases in which the external person has a legal claim.
Each transfer of recordings and other personal data of an identified person outside the security department of EPIC is to be documented in an appropriate manner.
The privacy officer of EPIC must be consulted prior to any transfer.
EPIC Staff shall be trained in relevant aspects of privacy law. New employees and if necessary assigned persons are to be trained systematically before or with the beginning of their activity in connection with the monitoring.
Each two years EPIC carries out a work shop for the EPIC Staff with a focus on compliance with privacy law.
EPIC protects all data collected in connection with video monitoring through appropriate technical and organizational measures, in particular with the following.
EPIC's privacy officer carries out an internal audit at least every two years and assesses whether the measures taken and this Policy are still sufficient and whether a less restrictive alternative is available from a data protection point of view (adequacy audit). Also, compliance with this Policy in practice shall be audited (conformity audit).
This Policy shall enter into force on 1 September 2023.
The purpose of the information and data on the EPIC Suisse website and/or contained in any documentation presented by EPIC Suisse (herein referred to collectively as the "Documentation") is to provide information about EPIC Suisse to the recipient. The Documentation does not constitute an offer or invitation to make transactions and may not be construed as a recommendation, to make transactions with EPIC Suisse under any jurisdiction. Neither the receipt of the Documentation nor the information contained herein or other information provided in connection therewith or subsequently communicated to any person, shall be deemed a recommendation by EPIC Suisse or its advisers or their group companies. The Documentation or any copy thereof may not be sent or taken to or distributed in any jurisdiction in which such transmission or distribution is unlawful.
Although reasonable care has been taken in preparing the Documentation neither EPIC Suisse nor its advisors make any warranties or guarantees of any kind, expressed or implied, as to the accuracy and completeness of the information contained in the memorandum.
In addition, EPIC Suisse assumes no liability for assumptions made, opinions expressed and for the forecasts made. Such information may contain uncertainties and risks, which may lead to actual events or outcomes differing considerably from the forecasts made. Any responsibility and liability for direct or indirect damages as well as consequential damages to third parties resulting from the use of such information or opinions is explicitly excluded. None of the statements, forecasts or other information contained in the Documentation should be taken as a representation of the occurrence of future events. Although EPIC Suisse may change or supplement the memorandum at any time or provide interested parties with additional information EPIC Suisse is not obliged to update or correct the information contained in the Documentation or to provide additional information. In particular, EPIC Suisse shall not be obliged to remove any outdated information from the Documentation or to expressly mark it as being outdated. Neither EPIC Suisse nor its advisers accept any responsibility or liability for any costs or expenses incurred by the recipient. EPIC Suisse also excludes any and all liability with regard to third party websites, content and information. The Documentation, including the "Disclaimer" section, and the resulting rights and obligations of a person in connection with the Documentation (if any at all) are subject to Swiss law. Exclusive place of jurisdiction is Zurich, Switzerland. The provisions of this section apply to all sections of the Documentation, as well as to all other information that recipients of the Documentation receive in written, oral, electronic or other form.