This privacy policy informs you about which personal data we process in connection with our activities, including those related to our website, www.vpz.ch. In particular, we explain what personal data we process, for what purposes, how, and where. We also provide information about the rights of individuals whose data we process. For detailed activities and services within a client mandate, a separate privacy policy applies.

1. Contact Address and Data Protection Officer
‍Responsible for the processing of personal data and the contact point for affected individuals and authorities in matters of data protection:

VPZ Vermögens Planungs Zentrum AG
Data protection officer
P.O. Box, 8058 Zurich Airport
Balz Zimmermann-Strasse 7, 8302 Kloten

‍info@vpz.ch

We will indicate if there are other parties responsible for processing personal data in individual cases. As we continue to develop our website to improve our services, it may be necessary to make additions to this privacy policy.

The website is subject to Swiss data protection law, in particular the Federal Act on Data Protection (FADP) and any applicable foreign data protection law, such as the General Data Protection Regulation (GDPR) of the European Union (EU). The EU recognizes that Swiss data protection law ensures adequate data protection.

‍2. Terms and legal basis
‍
2.1 Terms
Personal data is any information relating to an identified or identifiable natural person. A data subject is a person about whom we process personal data.
Processing includes any handling of personal data, regardless of the means and procedures used, such as querying, comparing, adapting, archiving, storing, reading, disclosing, procuring, recording, collecting, deleting, disclosing, arranging, organizing, saving, changing, distributing, linking, destroying, and using personal data.

2.2 Legal bases
‍The website is subject to Swiss data protection law, in particular the Federal Act on Data Protection (FADP) and any applicable foreign data protection law, such as the General Data Protection Regulation (GDPR) of the European Union (EU). The EU recognizes that Swiss data protection law ensures adequate data protection.

3. Type, scope, and purpose
‍We process personal data that is necessary to enable us to carry out our activities and operations in a sustainable, user-friendly, secure, and reliable manner. Such personal data may fall into the categories of inventory and contact data, browser and device data, content data, meta or peripheral data and usage data, location data, sales data, and contract and payment data.

We process personal data for as long as is necessary for the respective purpose or purposes or as required by law. Personal data that no longer needs to be processed is anonymized or deleted.

We may have personal data processed by third parties. We may process personal data jointly with third parties or transfer it to third parties. Such third parties are, in particular, specialized providers whose services we use. We also guarantee data protection with such third parties.

We only process personal data with the consent of the persons concerned. If and to the extent that processing is permissible for other legal reasons, we may refrain from obtaining consent. For example, we may process personal data without consent in order to fulfill a contract, to comply with legal obligations, or to protect overriding interests.

In this context, we process in particular information that a data subject voluntarily provides to us when contacting us—for example, by letter, email, instant messaging, contact form, social media, or telephone—or when registering for a user account. We may store such information in an address book, a customer relationship management system (CRM system), or similar tools. If we receive data about other persons, the persons transmitting the data are obliged to guarantee data protection for these persons and to ensure the accuracy of this personal data.

We also process personal data that we receive from third parties, obtain from publicly available sources, or collect in the course of our activities and operations, provided that such processing is permitted for legal reasons.

4. Applications
‍We process personal data relating to applicants insofar as this is necessary to assess their suitability for an employment relationship or for the subsequent performance of an employment contract. The required personal data arises in particular from the information requested, for example in the context of a job posting. We also process personal data that applicants voluntarily provide or make publicly available, in particular as part of cover letters, résumés and other application documents, as well as online profiles.

Application documents are treated with strict confidentiality and are not disclosed to any third party. Unless you have expressly consented otherwise, the (electronic) application file will be deleted or destroyed upon completion of the application process, insofar as it is not subject to a statutory retention obligation.

‍5. Personal Data Abroad
As a rule, we process personal data in Switzerland. Where personal data is disclosed abroad, VPZ ensures that the relevant EU country provides an adequate level of data protection or that appropriate data protection is contractually guaranteed with the recipient, unless such disclosure abroad is based in individual cases on a statutory exception (e.g. for the conclusion and performance of our contracts, or for the defense or enforcement of legal claims in proceedings and litigation).

‍6. Rights of Data Subjects
‍
6.1 Data Protection–Related Claims
We grant data subjects all rights in accordance with the applicable data protection law. In particular, data subjects have the following rights:
‍
Information: Data subjects may request information as to whether we process personal data about them and, if so, what personal data is involved. Data subjects shall also receive the information necessary to assert their data protection rights and to ensure transparency. This includes the personal data processed as such, but also, among other things, information on the purpose of processing, the duration of storage, any disclosure or export of data to other countries, and the origin of the personal data.
‍
Correction and restriction: Data subjects may correct inaccurate personal data, complete incomplete data and restrict the processing of their data.
‍
Deletion and objection: Data subjects may have personal data deleted (‘right to be forgotten’) and object to the processing of their data with future effect.
‍
Data disclosure and data transfer: Data subjects may request the disclosure of personal data or the transfer of their data to another controller.

We may postpone, restrict or refuse the exercise of data subjects' rights within the legally permissible framework. We may inform data subjects of any conditions that must be met in order to exercise their data protection rights. For example, we may refuse to provide information in whole or in part on the grounds of business secrecy or the protection of other persons. We may also refuse to delete personal data in whole or in part on the grounds of statutory retention obligations.

We may charge a fee for exercising these rights in exceptional cases. We will inform data subjects in advance of any costs involved.

We are obliged to take appropriate measures to identify data subjects who request information or assert other rights. Data subjects are obliged to cooperate.
‍
6.2 Right to appeal
Data subjects have the right to enforce their data protection rights through legal action or to lodge a complaint with a competent data protection supervisory authority. The data protection supervisory authority for private controllers and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
‍

‍7. Data security
We take appropriate technical and organisational measures to ensure data security commensurate with the respective risk. However, we cannot guarantee absolute data security. Access to our website is secured by transport encryption (SSL/TLS, in particular with the Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers indicate transport encryption with a padlock in the address bar. Like all digital communication, our digital communication is subject to mass surveillance without cause or suspicion, as well as other surveillance by security authorities in Switzerland, the rest of Europe, the United States of America (USA) and other countries. We cannot directly influence the processing of personal data by secret services, police forces and other security authorities.

‍8. Use of the website
‍
8.1 Purposes for which personal data is used
‍Your personal data will be used exclusively for sending information. All data entered will be treated confidentially by VPZ and will not be passed on to third parties. You can visit our website without having to provide any personal information.
‍
8.2 Cookies
VPZ uses browser cookies (hereinafter referred to as ‘cookies’) to obtain information about the use of this website and to identify areas for improvement in the information and services available on the website. In this Cookie Policy, we inform you about the use of cookies on the website.

How cookies work: Cookies are small text files that the browser stores in a designated directory on the user's computer. Cookies enable, for example, text entries made in form fields on the website to be saved so that you do not have to re-enter them the next time you visit the website or switch between individual functions on the website.

Cookie settings: You can decide for yourself whether the web server of our website may store cookies on your computer or not. You can choose at any time to set your browser so that no cookies are accepted and stored. Instead, you can also choose to display a warning message each time before accepting a cookie, or set your browser so that only cookies from certain websites are accepted. You can also delete cookies that have already been stored at any time.

Please note that the use of certain features of our website may be restricted or prevented if you reject cookies from the website. To simplify the use of the website, we therefore recommend that you set your browser to accept cookies from the website.

For cookies used to measure success and reach or for advertising, a general objection (‘opt-out’) is possible for numerous services via AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).
‍
8.2 Server log files
When you access this website, standard web server log files are created with the following information: IP address, date and time, browser request including the origin of the request (known as the referrer), operating system used including version, browser used including language and version (Legal basis according to the GDPR: Art. 6(1)(f) with information security as a legitimate interest). The log files are used to identify technical problems, ensure security and statistically evaluate the use of our website.

The following data is collected::
- IP address
- Date and time of the enquiry
- Time zone difference from GMT time zone
- Content of the request
- Access status/HTTP status code
- Amount of data transferred in each case
- Website from which the request originates
- Browser (including language and version)
- Operating System

When using this general data, no assignment to a specific person takes place. The collection of this data is technically necessary in order to display our website to you and to ensure its stability and security.

We store such information, which may also constitute personal data, in server log files. This information is necessary in order to provide our website in a permanent, user-friendly and reliable manner and to ensure data security and, in particular, the protection of personal data – including by third parties or with the help of third parties.
‍
8.3. Contact form
Contact forms can be filled out on our website. We store the information that visitors to our website enter themselves. We may also store the IP address and the time and date in order to combat misuse, in particular identity theft and spam (legal basis in accordance with the GDPR: Art. 6(1)(a), (b) and (f) with information security as a legitimate interest).
‍
8.4. Newsletter
You can subscribe to a free newsletter on our website. We store the information that visitors to our website enter themselves. We may also store the IP address and the time and date in order to combat misuse, in particular identity theft and spam (legal basis in accordance with the GDPR: Art. 6(1)(a), (b) and (f) with information security as a legitimate interest).
‍
8.5 Tracking pixel
We may use tracking pixels on our website. Tracking pixels are also known as web beacons. Tracking pixels – including those from third parties whose services we use – are small, usually invisible images that are automatically retrieved when you visit our website. Tracking pixels can be used to collect the same information as server log files.

‍9. Notifications and messages
We send notifications and messages by email and via other communication channels such as instant messaging or text message.
‍
9.1 Success and reach measurement
Notifications and messages may contain web links or tracking pixels that record whether an individual message has been opened and which web links have been clicked on. Such web links and tracking pixels may also record the use of notifications and messages on a personalised basis. We require this statistical recording of usage for success and reach measurement in order to be able to send notifications and messages effectively and in a user-friendly manner, as well as permanently, securely and reliably, based on the needs and reading habits of the recipients.
‍
9.2 Consent and objection
You must expressly consent to the use of your email address and other contact details, unless such use is permitted for other legal reasons. Where possible, we use the ‘double opt-in’ procedure for any consent, which means that you will receive an email with a web link that you must click on to confirm, so that no misuse by unauthorised third parties can occur. We may log such consents, including Internet Protocol (IP) addresses and dates and times, for evidence and security reasons.

You can object to receiving notifications and communications such as newsletters at any time. By objecting, you can also object to the statistical recording of usage for the purpose of measuring success and reach. This does not apply to necessary notifications and communications in connection with our activities and operations.
‍
9.3 Service provider for notifications and communications
‍
We send notifications and communications with the help of specialised service providers. In particular, we use:
Mailchimp: Communication platform; provider: The Rocket Science Group LLC DBA Mailchimp (USA) as a subsidiary of Intuit Inc. (USA); information on data protection: privacy policy (Intuit) including ‘Country and Region-Specific Terms’, ‘Frequently Asked Questions about Data Protection at Mailchimp’, ‘Mailchimp and European Data Transfers’, “Security”, Cookie Policy, ‘Privacy Rights Requests’, ‘Legal Terms’.

‍10. Social Media
We are present on social media platforms and other online platforms in order to communicate with interested parties and provide information about our activities and operations. In connection with such platforms, personal data may also be processed outside Switzerland.

The general terms and conditions (GTC) and terms of use as well as privacy policies and other provisions of the individual operators of such platforms also apply. These provisions provide information in particular about the rights of data subjects directly vis-à-vis the respective platform, including, for example, the right to information.

‍11. Third-party services
‍We use services provided by specialised third parties to ensure that our activities and operations are sustainable, user-friendly, secure and reliable. These services enable us to embed functions and content into our website, among other things. When embedding such content, the services used collect the Internet Protocol (IP) addresses of users, at least temporarily, for technical reasons.

For necessary security-related, statistical and technical purposes, third parties whose services we use may process data in connection with our activities and operations in an aggregated, anonymised or pseudonymised form. This includes, for example, performance or usage data, in order to be able to offer the respective service.

We use in particular:
‍
Google services: Providers: Google LLC (USA) / Google Ireland Limited (Ireland) for users in the European Economic Area (EEA) and Switzerland; General information on data protection: ‘Principles of data protection and security’, Privacy Policy, ‘Google is committed to complying with applicable data protection laws’, ‘Guide to data protection in Google products’, ‘How we use data from websites or apps that use our services’ (information from Google), ‘Types of cookies and other technologies used by Google’, ‘Personalised advertising’ (activation/deactivation/settings).
Microsoft services: Providers: Microsoft Corporation (USA) / Microsoft Ireland Operations Limited (Ireland) for users in the European Economic Area (EEA), the United Kingdom and Switzerland; General information on data protection: ‘Data protection at Microsoft’, ‘Data protection and privacy (Trust Centre)’, Data protection declaration, Data protection dashboard (data and data protection settings).
‍
11.1 Digital infrastructure
We use the services of specialised third parties in order to be able to utilise the digital infrastructure required in connection with our activities and operations. These include, for example, hosting and storage services from selected providers.

We use in particular:
Swizzonic: Hosting; Provider: Swizzonic AG (Switzerland); Information on data protection: Privacy policy.
Webflow: Website builder and hosting platform. Provider: Webflow, Inc. (USA). Responsible for users worldwide, including Europe. Further information: Privacy Policy | Cookie Policy
‍
11.2 Contact details
‍We use services from selected providers to improve communication with third parties, such as potential and existing customers.

We use in particular:
Salesforce: Customer relationship management (CRM); providers: Salesforce.com Inc. (USA) / Salesforce.com Germany GmbH (Germany); information on data protection: ‘Data protection’.

11.3 Audio and video conferences
We use specialised audio and video conferencing services to communicate online. This allows us to hold virtual meetings or conduct online lessons and webinars, for example. Participation in audio and video conferences is also subject to the legal texts of the individual services, such as privacy policies and terms of use.

Depending on your living situation, we recommend muting your microphone by default when participating in audio or video conferences, as well as blurring the background or displaying a virtual background.

We use in particular:
Microsoft Teams: Platform for audio and video conferencing, among other things; provider: Microsoft; Teams-specific information: ‘Data protection and Microsoft Teams’.
Zoom: Video conferencing; provider: Zoom Video Communications Inc. (USA); information on data protection: privacy policy, ‘Data protection at Zoom’, ‘Compliance Centre’.
‍
11.4 Social media functions and social media content
We use third-party services and plugins to embed functions and content from social media platforms and to enable content to be shared on social media platforms and by other means.

We use in particular:
Facebook (Social plugins): Embedding of Facebook functions and Facebook content, for example ‘Like’ or ‘Share’; providers: Meta Platforms Ireland Limited (Ireland) and other Meta companies (including in the USA); information on data protection: privacy policy.
Instagram platform: Embedding of Instagram content; providers: Meta Platforms Ireland Limited (Ireland) and other Meta companies (including in the USA); information on data protection: privacy policy (Instagram), privacy policy (Facebook).
LinkedIn Consumer Solutions Platform: Embedding LinkedIn functions and content, for example with plugins such as the ‘Share Plugin’; provider: Microsoft; LinkedIn-specific information: ‘Privacy’, privacy policy, cookie policy, cookie management / objection to email and SMS communication from LinkedIn, objection to interest-based advertising.
‍
11.5 Map material
We use third-party services to embed maps into our website.

We use in particular:
Google Maps, including Google Maps Platform: Map service; provider: Google; Google Maps-specific information: ‘How Google uses location information’.
‍
11.6 Fonts
We use third-party services to embed selected fonts, icons, logos and symbols into our website.

In particular, we use:
Google Fonts: Fonts; Provider: Google; Google Fonts-specific information: ‘Privacy and Google Fonts’, ‘Privacy and data collection’.
‍
11.7 Advertising
We use the opportunity to display targeted advertising for our activities and services on third-party platforms such as social media platforms and search engines.

We want to use this type of advertising to reach people who are already interested in our activities and services or who may be interested in them (remarketing and targeting). To do this, we may transfer relevant information, including personal data, to third parties who enable such advertising. We can also determine whether our advertising is successful, i.e. whether it leads to visits to our website (conversion tracking).

Third parties with whom we advertise and where you are registered as a user may assign the use of our website to your profile there.

We use in particular:
Facebook advertising (Facebook Ads): Social media advertising; providers: Meta Platforms Ireland Limited (Ireland) and other Meta companies (including in the USA); information on data protection: remarketing and targeting, in particular with Facebook Pixel and Custom Audiences, including Lookalike Audiences, privacy policy, ‘advertising preferences’ (user registration required).
Google Ads: Search engine advertising; provider: Google; Google Ads-specific information: Advertising based on search queries, among other things, whereby various domain names – in particular doubleclick.net, googleadservices.com and googlesyndication.com – are used for Google Ads, ‘Advertising’ (Google), ‘Why am I seeing a particular advert?’.
Instagram Ads: Social Media advertising; Providers: Meta Platforms Ireland Limited (Ireland) and other Meta companies (including in the USA); Information on data protection: Remarketing and targeting, in particular with Facebook Pixel and Custom Audiences, including Lookalike Audiences, Privacy Policy (Instagram), Privacy Policy (Facebook), ‘Advertising Preferences’ (Instagram) (registration as a user required), ‘Advertising Preferences’ (Facebook) (registration as a user required).
LinkedIn Ads: Social Media advertising; Providers: LinkedIn Corporation (USA) / LinkedIn Ireland Unlimited Company (Ireland); information on data protection: remarketing and targeting, in particular with the LinkedIn Insight Tag, ‘Data Protection’, Privacy Policy, Cookie Policy, Objection to personalised advertising.

‍12. Extensions for the website
‍We use extensions for our website to enable additional functions.

In particular, we use:
Google reCAPTCHA: Spam protection (Distinguishing between desired comments from humans and undesired comments from bots and spam); Provider: Google; Google reCAPTCHA-specific information: ‘What is reCAPTCHA?’
jQuery (OpenJS Foundation): Free JavaScript library; provider: OpenJS Foundation (USA) using StackPath CDN; data protection information: privacy policy (OpenJS Foundation), cookie policy (OpenJS Foundation).
jQuery (Google Hosted Libraries): Free JavaScript library; provider: Google; Google Hosted Libraries-specific information: ‘What does using Google Hosted Libraries mean for the privacy of my users?’

‍13. Success and reach measurement
‍We try to determine how our online offering is used. In this context, we can, for example, measure the success and reach of our activities and the impact of third-party links on our website. However, we can also test and compare how different parts or versions of our online offering are used (using the ‘A/B testing’ method). Based on the results of the success and reach measurement, we can, in particular, correct errors, strengthen popular content or make improvements to our online offering.

In most cases, the Internet Protocol (IP) addresses of individual users are stored for the purpose of measuring success and reach. In this case, IP addresses are always shortened (‘IP masking’) in order to comply with the principle of data minimisation through appropriate pseudonymisation.

Cookies may be used to measure success and reach, and user profiles may be created. Any user profiles created may include, for example, the individual pages visited or content viewed on our website, information about the size of the screen or browser window, and the location (at least approximately). As a matter of principle, any user profiles are created exclusively in pseudonymised form and are not used to identify individual users. Individual third-party services to which users are registered may assign the use of our online offering to the user account or user profile for the respective service.

We use in particular:
Google Analytics: Success and reach measurement; provider: Google; Google Analytics-specific information: measurement also across different browsers and devices (cross-device tracking) and with pseudonymised Internet Protocol (IP) addresses, which are only transmitted in full to Google in the USA in exceptional cases, ‘Data protection’, ‘Browser add-on to deactivate Google Analytics’.

‍14. Disclaimer
Despite careful content control, we assume no liability for the content of external links. The operators of linked sites are solely responsible for their content.

‍15. Final provisions
We have created this privacy policy using the privacy policy generator from Datenschutzpartner. We have adapted and supplemented some of the information in this privacy policy ourselves. We may adapt and supplement this privacy policy at any time. We will provide information about such adaptations and supplements in an appropriate form, in particular by publishing the current privacy policy on our website.