DATA PROTECTION AND REAL ESTATE - MORE TOPICAL THAN EVER BEFORE
Art. 13 of the Federal Constitution lays down the basic principle that everyone has the right to respect for their private and family life, their home and their correspondence, post and telecommunications, and to protection against the misuse of their personal data.
New data protection law for Switzerland - the property sector is challenged!
The topic of data protection is playing an increasingly important role in the real estate industry due to ongoing digitalisation. Below you will find some legal considerations on a selection of topics from the real estate industry as a whole. The explanations are already based on the revised Data Protection Act, which is due to come into force in the second half of 2022.
The purpose of data protection is to protect informational self-determination. In principle, every person should be able to decide for themselves how their data is used. The Data Protection Act (DSG) therefore regulates the processing of personal data by private individuals and companies, among others. Only personal data is covered by the scope of the FADP. This includes all data relating to a specific or at least identifiable natural person (i.e. not data relating to legal persons). Processing is understood to mean any handling of personal data, in particular the procurement, storage, retention, use, modification, disclosure, archiving, erasure or destruction. The scope of the Data Protection Act therefore covers all actions carried out in connection with personal data. The (revised) Swiss data protection law is designed in such a way that the processing of personal data by private individuals is generally permitted, provided that the principles set out in the DPA are complied with. One such principle is the principle of purpose limitation. This states that personal data may only be obtained and processed for a specific purpose that is recognisable to the data subject. The principle of data minimisation is also relevant, according to which personal data must be destroyed or anonymised as soon as it is no longer required for the purpose of data processing.
PROTECTION - ONLINE PRIVACY
We have tips to help you protect your privacy on the internet and stop nasty online thieves. You can implement all the tips immediately.
Protect your system:
One of the worst mistakes you can make online is to open an email, bank or other sensitive account over a public Wi-Fi connection. If this is absolutely necessary, you should use a VPN.
Do not leave any private data in the cloud:
Online synchronisation services such as Dropbox, Google Drive and SkyDrive are convenient for storing photos and accessing text documents from the iCloud at any time. However, the majority of this data is stored unencrypted on the cloud servers. This means, for example, that your data can be accessed by law enforcement authorities following a court order. In addition, hackers who break into your online storage account can read your documents at will. And perhaps find weaknesses in your company's server security. Or gather enough information to be able to crack your work password. For sensitive data that you need to synchronise between different devices, you should use an encrypted cloud storage service. You can also do this yourself by encrypting the data on your own PC before sending it to Dropbox. Or you can use a data synchronisation service with built-in data encryption.
Secure your online services with two-factor authentication
For two-factor authentication, you must enter a short numerical code in addition to your password to gain access to your account. You usually receive the code via text message or a smartphone app. Facebook, for example, offers its own code generator within its smartphone app. Two-factor authentication is not as convenient as a normal login, but it is a significant hurdle for any attacker. Twitter also offers two-factor authentication. However, Twitter's authentication currently still has some problems. If two-factor authentication is not enough for you, check your email addresses to reset your online accounts. Remember to use one or more email addresses to reset your passwords. Never use these email addresses for private emails and make sure that they are not similar to your other accounts.
There are numerous starting points for handling personal data in a property cycle: As early as the project development stage or the awarding of contracts for work and labour, the first data worthy of protection arises with the personal data in the tender dossiers. During the construction phase, construction site cameras and access controls by external security companies in particular give rise to further data protection issues. When properties are sold, data protection issues arise due to the involvement of an estate agent and in connection with tenant surveys, which are quite common in practice. Finally, property management also involves the processing of personal data, as various data protection issues arise here due to numerous different data processors and data flows (management, facility management, ownership). The operational phase of residential property is particularly suitable for illustrative presentations, which is why, in addition to the brokerage business and the sales process, property management in particular will be discussed in more detail below:
NEW DATA PROTECTION ACT - WHAT DO BROKERS HAVE TO CONSIDER?
If an estate agent is involved in the marketing of a property, it should be noted that their activities will inevitably bring them into contact with the customer and personal data of interested parties and that they will process this data. Estate agents are therefore now legally obliged to draw up a data protection declaration. Among other things, they must inform the data subject about what data is collected or processed for what purpose, what the processing modalities are and what rights they are entitled to. The declaration can be published on the website or in the general terms and conditions.
In the case of rented properties, prospective buyers are often provided with so-called tenant lists, which provide information on the type and composition of the tenants, the occupancy rate of the property and the level of rents. As soon as tenant lists contain personal data, the FADP applies. Consequently, either a) the tenants' personal data must be blacked out, b) a corresponding clause must be agreed in the tenancy agreement stating that personal data may be disclosed to interested parties for sales purposes, or c) the tenants must be informed at the appropriate time about the disclosure of their personal data to third parties and the purpose of this disclosure and asked for their consent.
In the event that personal data is processed contrary to the principles of data protection law or contrary to the express declaration of intent of the data subject, and this is also directly related to the conclusion or fulfilment of a contract, the special rule applies that this circumstance constitutes an overriding interest and thus a justification for the violation of privacy. In this case, the processing of personal data is not unlawful. However, this particularity only applies to the processing of personal data of the contracting parties, but not that of third parties (e.g. tenants).
CONCLUSION
The combination of the terms "data protection" and "property" may not seem obvious at first glance. The ongoing digitalisation of the real estate sector and the impact of the new Data Protection Act will change this in the foreseeable future. Data processing organisations will now have a much greater obligation to be formally and materially aware of how they handle personal data. The example of the property cycle is only representative of numerous other processes in which data protection law is relevant, but for which there is (still) a lack of general awareness.
WENET AG - WE ALSO PROTECT YOUR PRIVACY AND DATA.
Your protection not only for property. Protecting personal data is particularly important in the digital environment. We guarantee this privacy to our customers in order to protect their rights. The protection of your personal information is of particular concern to us. We therefore process your data exclusively on the basis of the statutory provisions.
