Privacy Policy

This privacy policy informs you about how PORT (hereinafter "PORT", "we" or "us") processes personal data in connection with the use of our website and platform. Via the platform, the building usage possibilities of land parcels can be checked and visualised for any address in Switzerland, similar to a map application such as Google Maps.

The entity responsible for processing personal data within the meaning of Swiss data protection law (in particular the Federal Act on Data Protection, FADP) is: PORT Real Estate Development AG Sempachstrasse 15 CH-6003 Lucerne

Where, in individual cases, a processor or joint controller is involved, we will provide information about this in this declaration or separately.

The privacy policy applies to all processing of personal data carried out in connection with the use of our website, our platform, our services and the related communications (e.g. support, quotations, contract execution).

Personal data is any information relating to an identified or identifiable natural person. Processing means any handling of personal data, in particular the obtaining, storing, retention, use, alteration, disclosure, archiving, deletion or anonymisation.

This privacy policy uses, in part, terms which are legally defined in Swiss data protection law. In doing so, we rely on the revised Federal Act on Data Protection (FADP) and, where applicable, on international standards.

When calculating and visualising the building usage possibilities, our platform relies on various official and publicly accessible data sources. These include, among others, data from Swisstopo, the Federal Statistical Office (FSO), the Federal Office for Civil Protection, the Federal Roads Office (ASTRA), the Federal Office of Transport (FOT), the Federal Office of Civil Aviation (FOCA), the Federal Office for the Environment (FOEN), Lexfind, as well as a wide range of municipal and cantonal enactments and planning bases (e.g. building and zoning regulations, ordinances, municipal and cantonal laws), available in the form of officially published documents (in particular PDF files).

As a rule, this data is not personal data but official geodata, planning data, legal and regulatory information, statistical data and further factual information. Insofar as this information has no reference to an identifiable person, it does not fall under data protection law. If such data is, in individual cases, linked to personal data (for example in the context of an individual customer project), the following provisions apply.

When using our platform, address, parcel or coordinate queries are processed server-side in order to determine, evaluate and visualise the corresponding geodata, building regulations and other publicly available information. This processing exclusively serves to provide the platform functions requested by you.

The addresses or parcel details entered are only considered personal data if they can be linked to your person, for example if the query is logged in connection with your user account. The query contents themselves are not used for marketing purposes or for profiling.

The technical usage data arising during use (e.g. timestamps, technical query parameters or parts of the IP address) is processed exclusively to ensure system stability and security, for error analysis and for prevention of misuse. We do not create personality profiles within the meaning of applicable data protection law.

Query data is not passed on to third parties, except where necessary for the provision of the requested platform functions or for technical reasons (e.g. hosting or IT service providers). These service providers process the data exclusively on our behalf and in accordance with our instructions.

We primarily process the personal data that you provide to us yourself, for example when registering, using the platform, in connection with enquiries or as part of a business relationship. Depending on the use and scope of services, we process in particular the following categories of personal data:

We process salutation, first name, last name, email address, telephone number, postal address (street and house number), postcode, town and country. This data serves to identify your account, manage customers and users, assign orders, reports and enquiries, and properly issue quotations, contracts and invoices in case paid services are used. We also use it for support enquiries, scheduling appointments and general communication with you.

The salutation is optional and serves for personalised and correct address in communication as well as in quotations and contracts. The postcode, town and country form part of the invoicing address and may additionally be used internally in aggregated form for regional analyses, without conclusions being drawn about individual persons.

Access data is required to use the platform and the customer account. We use your email address as the user identifier, in combination with a password. Passwords are not stored in clear text but only in hashed form with individual random values ("salts"); the original password cannot be reconstructed from these hashes. In addition, your telephone number is verified using an SMS one-time-password procedure (SMS-OTP) at the initial login or registration.

The telephone number is used to verify your identity, to secure access (e.g. re-verification in case of suspicious logins, where provided) and, where requested by you, to contact you for scheduling appointments or for support. When using SMS-OTP, the one-time codes are processed only briefly and only to the extent technically necessary; they are not stored permanently. Security and system logs in which OTP use may be recorded are retained only for a limited period in order to ensure system security.

We use your email address, in addition to login, also for system- and transaction-related notifications (e.g. registration confirmations, notices on reports, confirmations of downloads, support or appointment communication) and, where offered, for password reset procedures.

If you contact us (e.g. by email, contact form, telephone or within the platform), we process the data arising in that context, in particular your contact details, the time and content of the communication, and any related technical metadata. This data is used to handle your request, for documentation, for quality purposes and to ensure consistent support.

When accessing our website and the platform, certain technical data is collected automatically, for example IP address, date and time of access, browser used, operating system, device information, pages accessed and referring page. This data serves to ensure and optimise system security, stability and performance of our offering as well as for error analysis. To the extent it qualifies as personal data, it is processed exclusively for these purposes.

We process your personal data in particular for the following purposes:

We process personal data on the basis of Swiss data protection law. Depending on the situation, we rely in particular on the following legal bases:

We only disclose personal data to the extent necessary for the provision of our services, compliance with legal obligations or the safeguarding of legitimate interests, and in each case within the framework of legal requirements.

For sending SMS-OTPs to verify your telephone number, we use specialised SMS providers as processors. They receive your telephone number and the technical information necessary for delivery solely for the purpose of delivering the one-time code to you. Any further use or disclosure by these service providers is contractually prohibited.

For sending emails, in particular system and transactional emails, we may use email or transactional mail providers as processors. They receive your email address and, where appropriate, further data necessary for delivery. The service providers are contractually obliged to process the data only on our instructions and not for their own purposes.

Further external service providers may include hosting providers, IT service providers, consultancies or accounting/fiduciary service providers. Insofar as they have access to personal data, this takes place within the framework of a processing arrangement or, where necessary, as independent controllers. In any case we ensure that data protection is guaranteed.

No disclosure to third parties for advertising purposes takes place without your express consent. Disclosure of personal data to authorities or other third parties only takes place if we are legally obliged to do so or if this is necessary to assert or defend legal claims.

In principle, your personal data is processed in Switzerland or within the European Economic Area (EEA), where we use such service providers. Should a transfer to other countries be necessary in individual cases, we ensure that either an adequacy decision of the Federal Council exists or that an adequate level of data protection is guaranteed by contractual safeguards (for example recognised standard contractual clauses) or other appropriate safeguards.

We retain personal data only for as long as it is necessary for the respective purpose or for as long as we are legally or contractually obliged to retain it.

Master, contact and account data are in principle retained for as long as the relevant account is active. After termination of the customer relationship or deletion of the account, the personal data is deleted or anonymised, unless statutory retention obligations or overriding interests (e.g. for the assertion or defence of legal claims) prevent deletion.

Data relating to accounting, bookkeeping and contractual relationships may be retained for several years due to statutory requirements (in particular commercial- and tax-law retention obligations). Support and communication data is retained only for as long as is necessary for the processing of the enquiry, for documentation purposes or for quality assurance. After that, this data is deleted or anonymised.

SMS-OTP codes are processed only briefly until verification. System and security logs in which access data is recorded are retained only for a limited period, insofar as this is necessary for security purposes, error handling and traceability of incidents.

On our website and the platform, we use cookies and similar technologies (e.g. log files, pixels, local storage in the browser) to ensure functionality, store certain settings and analyse and continuously improve the use of our offering.

Cookies are small text files stored on your end device. Some cookies are necessary for the website and the platform to function properly ("session cookies", "necessary cookies"). Other cookies may be used for statistical purposes or to improve user-friendliness.

You can set in your browser whether and which cookies you wish to allow. Cookies already stored can be deleted at any time. If you disable cookies, certain functions of our website or platform may only be available to a limited extent.

Where we use analytics or tracking tools, we provide detailed information in a separate cookie policy on the tools used, their providers, mode of operation, retention period and any cross-border data transfer.

We take appropriate technical and organisational measures to protect your personal data from unauthorised access, misuse, loss, destruction or alteration. These include in particular access controls, encryption and pseudonymisation, the use of firewalls, logging and monitoring, as well as internal policies and training.

Passwords are never stored in clear text on our servers but are protected using recognised security methods (using hashing and individual random values, so-called "salts"). Access to personal data within PORT is limited to those persons who need them to fulfil their tasks, and is granted according to the principle of least privilege. Despite these measures, no absolute protection against all risks can be guaranteed; however, the risk of security incidents is reduced through appropriate security standards and continuous improvements.

As a person affected by data processing, you have various rights under applicable data protection law. These include in particular the right to request information about whether and which personal data we process about you, the right to rectification of inaccurate or incomplete data, the right to deletion of personal data unless there is a justifying reason for further processing, the right to restrict a certain processing, and the right to receive certain data in a commonly used format or to have it transferred to another controller.

Where processing is based on your consent, you have the right to withdraw this consent at any time with effect for the future. The withdrawal does not affect the lawfulness of processing carried out until withdrawal.

You also have the right to object to a data processing, in particular where we process data to safeguard legitimate interests. In such a case, we will review your objection and refrain from further processing unless we can demonstrate compelling protectable grounds or unless the processing serves to assert, exercise or defend legal claims.

To exercise your rights, you may contact us via the contact details given in our imprint or on our website, or by email at privacy@portrealestate.ch. To avoid misuse, we may require you to provide sufficient proof of your identity.

If you believe that we are not processing your personal data in compliance with data protection law, you have the right to lodge a complaint with the competent supervisory authority. In Switzerland, this is the Federal Data Protection and Information Commissioner (FDPIC) or, where appropriate, the cantonal data protection authority at your domicile.

We appreciate it, however, if you first contact us directly so that we can review your concern and clarify it directly where possible.

We may amend this privacy policy at any time, in particular if we change our offering or our data processing or if new legal requirements so demand. In each case, the version published on our website applies. In the event of material changes, we inform registered users in an appropriate form, for example by email or within the platform.