Hakan Elaldi
Westgate Investments AG
Nüschelerstrasse 30
8001 Zurich
Switzerland
T: +41 44 218 78 00
E: info@westgate.ch
The following overview summarizes the types of processed data, the purposes of their processing, and the categories of data subjects.
Applicable legal bases under the Swiss Data Protection Act (DSG): If you are located in Switzerland, we process your data based on the Federal Act on Data Protection (Swiss DSG). Unlike, for example, the GDPR, the Swiss DSG generally does not require stating a legal basis for data processing but mandates that data processing is carried out in good faith, lawful, and proportionate (Art. 6 para. 1 and 2 Swiss DSG). Furthermore, personal data is only collected for a specific, recognizable purpose and processed in a manner compatible with that purpose (Art. 6 para. 3 Swiss DSG).
We implement technical and organizational measures in accordance with legal requirements, considering the state of technology, implementation costs, the nature, scope, circumstances, and purposes of processing, as well as the varying probabilities and severity of threats to the rights and freedoms of natural persons. These measures ensure an appropriate level of protection against risks.
The measures include securing the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, access to data, input, disclosure, availability, and separation of data. We have also established procedures that ensure the exercise of data subjects’ rights, deletion of data, and responses to data breaches. Additionally, we incorporate data protection into the development and selection of hardware, software, and processes in accordance with the principle of data protection through technology design and data protection-friendly settings.
In the course of our processing activities, personal data may be disclosed to other entities, companies, legally independent organizational units, or individuals, or they may be made accessible to them. These recipients may include IT service providers or providers of services and content integrated into a website. In such cases, we comply with legal requirements and enter into agreements or contracts with the recipients that serve to protect your data.
Disclosure of personal data abroad: According to the Swiss DSG, we only disclose personal data abroad if adequate protection of the data subjects is ensured (Art. 16 Swiss DSG). If the Federal Council has not established adequate protection (list: https://www.bj.admin.ch/bj/en/home/state/data-protection/internationales/anerkennung-staaten.html), we implement alternative safeguards, such as international treaties, specific guarantees, contractual data protection clauses, standard data protection clauses approved by the Swiss Data Protection and Information Commissioner (FDPIC), or internal company data protection regulations recognized by the FDPIC or another competent data protection authority of a foreign country.
Exceptions for international data transfers are permitted under Art. 16 of the Swiss DSG when certain conditions are met, including consent of the data subject, contract fulfillment, public interest, protection of life or physical integrity, publicly disclosed data, or data from a legally provided register. These disclosures are always made in compliance with legal requirements.
We delete personal data processed by us in accordance with legal provisions as soon as the underlying consents are revoked, or no further legal bases for processing exist. This applies to cases where the original processing purpose ceases or the data is no longer needed. Exceptions to this rule exist where legal obligations or particular interests require longer retention or archiving of data.
Particularly, data required to be retained for commercial or tax purposes or needed for legal proceedings or to protect the rights of other natural or legal persons must be archived accordingly.
Our data protection notices contain additional information on data retention and deletion specifically applicable to certain processing activities.
When multiple retention or deletion periods are indicated for a data point, the longest period always applies.
If no specific date triggers a period and it is at least one year long, it starts automatically at the end of the calendar year in which the triggering event occurred. For ongoing contractual relationships involving stored data, the triggering event is the date the termination or other end of the legal relationship becomes effective.
Data no longer required for the original intended purpose but retained due to legal requirements or other reasons will only be processed for the reasons justifying its retention.
Further Notes on Data Processing Procedures and Services:
We process data from our contractual and business partners, such as customers and prospects (collectively referred to as “contractual partners”), within the framework of contractual and similar legal relationships, as well as related measures, including communication with the partners (or pre-contractually), for example, to respond to inquiries.
We use this data to fulfill our contractual obligations, which include providing the agreed services, updates, and remedies for warranty and other service issues. We also process this data to protect our rights, manage associated administrative tasks, and organize the company. Additionally, data is processed based on our legitimate interests in proper business operations and security measures to protect our partners and business operations from misuse or threats to their data, trade secrets, information, and rights.
Where legally permitted, we share data with third parties only as necessary for the aforementioned purposes or to fulfill legal obligations. Additional processing, such as for marketing purposes, is covered in this privacy policy.
We inform contractual partners about the necessary data during collection (e.g., in online forms, through specific labels or symbols) or personally.
We delete data after the expiration of statutory warranty and similar obligations, generally after four years, unless stored in a customer account or for legal archival purposes (e.g., tax purposes, typically ten years). Data disclosed during a contract will be deleted per the partner’s instructions or upon task completion.
We process user data to provide our online services. This includes processing user IP addresses, which are required to deliver the content and functionality of our online services to user browsers or devices.
Additional Notes on Data Processing Procedures and Services:
Cookies are small text files or other memory markers that store and retrieve information from devices, such as login status, cart content, or user preferences. They may serve purposes such as enabling functionality, enhancing security, improving comfort, and analyzing visitor flows.
Consent Notice: We use cookies in compliance with legal regulations, obtaining prior user consent unless otherwise legally permitted. Necessary cookies required to deliver requested services are exempt. Consent is clearly communicated and includes relevant cookie information.
Notes on Data Protection Legal Bases: The legal basis on which we process users’ personal data using cookies depends on whether we obtain consent from them. If users give their consent, the declared consent serves as the legal basis for processing their data. Otherwise, data processed via cookies is based on our legitimate interests (e.g., ensuring the economic operation of our online offering and improving usability) or, if required, fulfilling our contractual obligations. The purposes for which we use cookies are explained in this privacy policy or as part of our consent and processing procedures.
Storage Duration: Regarding storage duration, the following types of cookies are differentiated:
General Notes on Withdrawal and Objection (Opt-out): Users can revoke their consent at any time and also object to the processing of their data in accordance with legal requirements, including through their browser’s privacy settings.
Further Notes on Data Processing Procedures and Services:
We use the consent tool “Real Cookie Banner” to manage the cookies and similar technologies (tracking pixels, web beacons, etc.) used and the related consents. Details about the functionality of “Real Cookie Banner” can be found at https://devowl.io/rcb/data-processing/.
The legal bases for processing personal data in this context are Art. 6(1)(c) GDPR and Art. 6(1)(f) GDPR. Our legitimate interest lies in managing the cookies and similar technologies and their associated consents.
The provision of personal data is neither contractually required nor necessary for the conclusion of a contract. You are not obligated to provide personal data. If you do not provide personal data, we cannot manage your consents.
When you contact us (e.g., by post, contact form, email, phone, or via social media) or within the framework of existing user and business relationships, the information provided by the inquiring persons is processed as necessary to respond to the contact inquiries and any requested measures.
We send newsletters, emails, and other electronic notifications (hereinafter referred to as “newsletter”) only with the consent of the recipients or based on a legal basis. If the contents of the newsletter are specified during registration, they are decisive for the users’ consent. Typically, providing your email address is sufficient to subscribe to our newsletter. However, to offer a personalized service, we may request your name for a personal salutation in the newsletter or additional information if necessary for the purpose of the newsletter.
Contents:
We process personal data for promotional communication purposes, which can be carried out via various channels, such as email, telephone, post, or fax, in compliance with legal requirements.
Recipients have the right to revoke consent at any time or object to promotional communication at any time.
After a withdrawal or objection, we retain the data necessary to demonstrate prior authorization for contact or sending up to three years after the end of the year of withdrawal or objection, based on our legitimate interests. The processing of this data is limited to the purpose of potential defense against claims. On the basis of legitimate interest, we also store the data required to permanently respect the withdrawal or objection of users (e.g., depending on the communication channel, email address, phone number, name).
Web analysis (also known as “reach measurement”) serves to evaluate visitor flows to our online offering and may include behavior, interests, or demographic information about visitors, such as age or gender, in pseudonymous values. With reach analysis, we can, for example, determine at what times our online offering or its functions or content are most frequently used, or invite repeated use. Likewise, we can understand which areas need optimization.
In addition to web analysis, we may also use testing procedures to test and optimize different versions of our online offering or its components.
Unless otherwise stated, profiles (i.e., data grouped into a usage process) may be created and information stored in a browser or a device, then read out for these purposes. Collected data includes, in particular, visited websites and the elements used there, as well as technical details, such as the browser used, the computer system, and usage times. If users have agreed to the collection of their location data with us or with the providers of services we use, processing location data is also possible.
Additionally, users’ IP addresses are stored. However, we use an IP masking procedure (i.e., pseudonymization by shortening the IP address) to protect users. In general, no clear data (e.g., email addresses or names) of users is stored during web analysis, A/B testing, and optimization, but pseudonyms. This means that neither we nor the providers of the software used know the actual identity of the users, only the data stored in their profiles for the purpose of the respective processes.
Legal Basis Notes: If we ask users for their consent to use third-party providers, the legal basis for data processing is the consent. Otherwise, user data is processed based on our legitimate interests (i.e., interest in efficient, economical, and user-friendly services). In this context, we also refer to the information on the use of cookies in this Privacy Policy.
The statements in the profiles are usually stored in cookies or by similar methods. These cookies can later generally also be read on other websites that use the same online marketing procedure, analyzed for the purpose of displaying content, and supplemented with other data stored on the server of the online marketing provider.
In exceptional cases, clear data can be assigned to the profiles, particularly when users are, for example, members of a social network that employs our online marketing procedures and the network combines user profiles with the mentioned data. Please note that users may enter into additional agreements with providers, such as granting consent during registration.
We generally only have access to aggregated information about the success of our advertisements. However, as part of conversion measurements, we can determine which of our online marketing procedures have led to a conversion, such as a contract conclusion with us. Conversion measurement is solely used to analyze the success of our marketing efforts.
Unless otherwise stated, please assume that deployed cookies are stored for a period of two years.
Notes on Legal Basis:
If we ask users for their consent to use third-party providers, the legal basis for data processing is the consent granted. Otherwise, user data is processed based on our legitimate interests (i.e., interest in efficient, economic, and user-friendly services). In this context, we also refer to the information on the use of cookies in this privacy policy.
Notes on Withdrawal and Objection:
Please refer to the privacy notices of the respective providers and the objection options provided by the providers (“Opt-Out”). If no explicit opt-out option is specified, you can disable cookies in your browser settings. However, this may restrict the functionality of our online offer. We also recommend the following opt-out options that are collectively offered for respective regions:
We participate in review and rating procedures to evaluate, optimize, and promote our services. When users review us on the involved review platforms or procedures or otherwise provide feedback, the terms of use and privacy policies of the respective providers apply. Reviews usually require registration with the respective providers.
To ensure that reviewers have actually used our services, we provide, with customer consent, the required data concerning the customer and the service received (e.g., name, email address, and order or item number) to the respective review platform. These data are solely used to verify the authenticity of the reviewer.
We maintain an online presence within social networks and process user data to communicate with active users or provide information about us.
Please note that user data may be processed outside the European Union. This can pose risks for users, such as making it more difficult to enforce user rights.
Furthermore, user data within social networks is generally processed for market research and advertising purposes. For example, usage profiles can be created based on user behavior and resulting interests. These profiles may, in turn, be used to display advertisements within and outside the networks that presumably match user interests. Cookies are usually stored on users’ devices, storing user behavior and interests. These profiles may also contain data regardless of the devices used by users (especially if they are members of the respective platforms and logged in).
We refer to the privacy statements and information provided by the operators of the respective networks. In the case of inquiries and the assertion of data subject rights, we also note that these can most effectively be asserted with the providers. Only they have access to the user data and can take appropriate measures directly and provide information. If you still need assistance, you can contact us.
Legal Bases: Legitimate Interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
Website: https://www.instagram.com
Privacy Policy: https://privacycenter.instagram.com/policy/.
Data Transfer Basis: Adequacy Decision (Ireland).
Legal Bases: Legitimate Interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
Website: https://www.facebook.com
Privacy Policy: https://www.facebook.com/privacy/policy/.
Data Transfer Basis: Adequacy Decision (Ireland).
Legal Bases: Legitimate Interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
Website: https://www.linkedin.com
Privacy Policy: https://www.linkedin.com/legal/privacy-policy.
Opt-Out: Retargeting Opt-Out.
We integrate functional and content elements into our online offering, obtained from the servers of their respective providers (“third-party providers”). These elements may include graphics, videos, or maps.
Embedding these elements always requires that third-party providers process the user’s IP address since they could not send the content to the user’s browser without the IP address. To the extent possible, we only use such content whose providers use the IP address solely for delivering the content.
The data processing encompasses various aspects, ranging from the initiation of the contract to its termination. It includes the organization and management of daily working hours, access rights and permissions management, as well as handling employee development measures and performance reviews. Processing also covers payroll management and salary administration, which are critical aspects of contract execution.
Additionally, data processing considers the legitimate interests of the responsible employer, such as ensuring workplace safety or capturing performance data for evaluating and optimizing operational processes. Furthermore, it includes the disclosure of employee data in external communication and publication processes where required for business or legal purposes.
Englisch 
Deutsch 
Französisch