Privacy Policy

Information about data protection according to Swiss law (revDSG) and EU GDPR

Responsible Authority

BoVita Herbst

Sole proprietorship (Einzelfirma)

Burgstrasse 19

5634 Merenschwand

Canton of Aargau, Switzerland

UID (Commercial Register Number): CHE-380.769.623

Data Protection Contact: info@bovita.ch | +41 79 899 44 33

General Information on Data Processing

We process personal data exclusively within the framework of the legal provisions of the Swiss Data Protection Act (revDSG, in force since 1 September 2023) and, where applicable, the EU General Data Protection Regulation (GDPR). Personal data is any information that relates to an identified or identifiable person.

We collect and process data only to the extent necessary for providing our website, answering inquiries, processing rental agreements, and fulfilling our legal obligations.

Collected Data and Purposes

a) When visiting the website

  • IP address (anonymized), date and time of access, browser type and version, operating system
  • Referring URL (website you came from)
  • Pages visited, time spent, click behavior

Purpose: Technical provision, security, website optimization, anonymous usage statistics

Legal basis: Legitimate interest (Art. 31 para. 1 revDSG)

b) For inquiries via contact or inquiry forms

  • Name, first name, email, phone number, message and optional information (e.g., desired location, move-in date, rental duration)

Purpose: Processing inquiries, contract preparation, communication

Legal basis: Pre-contractual measures / contract performance

c) Within rental relationships

  • Contract and master data (name, address, date of birth, ID copy, payment details)

Purpose: Conclusion and processing of rental agreements, legal obligations

Legal basis: Contract performance, legal obligations (OR, revDSG)

d) For downloading free resources (Lead Magnets)

  • Email address, downloaded resource, source page, language preference

Purpose: Providing requested free resources (checklists, guides, templates), occasional information about relevant topics and offers

Legal basis: Your explicit consent when submitting your email address (Art. 6 para. 6 revDSG). You can revoke this consent at any time by contacting us.

e) When using affiliate/referral links

  • Click data, referral source, anonymized conversion information

Purpose: Attribution of referrals, commission tracking by third-party provider

Legal basis: Legitimate interest, consent via cookie banner

Current partner: Digitec Galaxus AG (mobile, internet, TV subscriptions)

Legal Basis for Processing

We base the processing of personal data on the following grounds according to revDSG (and GDPR where applicable):

  • Consent of the data subject (Art. 6 para. 6 revDSG / Art. 6 para. 1 lit. a GDPR)
  • Performance of a contract or pre-contractual measures (Art. 6 para. 1 lit. b GDPR)
  • Legal obligations (Art. 6 para. 1 lit. c GDPR)
  • Legitimate interest, e.g., to ensure the security of our website, optimize our offer, or measure advertising effectiveness (Art. 31 para. 1 revDSG / Art. 6 para. 1 lit. f GDPR)

Google Analytics & Google Ads

Google Analytics 4

This website uses Google Analytics 4 (Measurement ID: G-2KYWLQB7SJ), a web analytics service by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses cookies and similar technologies to analyze the use of our website. The information generated (including your shortened IP address) is transferred to a Google server and processed there. IP anonymization is active.

Data collected: Pages visited, session duration, bounce rate, approximate location (city level), device and browser information, traffic source/medium.

Opt-out: You can prevent data collection by Google Analytics by using the browser add-on to disable Google Analytics or by rejecting analytics cookies via our cookie banner.

Google Ads Conversion Tracking

We use Google Ads Conversion Tracking (Conversion ID: AW-17966674235) to measure the effectiveness of our advertising campaigns. When you reach our website through a Google ad, a conversion cookie is set on your device. This cookie expires after 30 days and does not serve personal identification. It allows us to track whether certain actions were performed on our website (e.g., submitting a form, viewing a property). We only receive anonymous, aggregated statistics.

Tracked conversion events: Page views, contact form submissions, property inquiry submissions, phone call clicks.

Opt-out: You can disable conversion tracking cookies in your browser settings, via our cookie banner, or in your Google Ads settings deactivate.

Data Transfer to USA

Google may transfer data to the USA. Google LLC is certified under the EU-US Data Privacy Framework, ensuring an adequate level of data protection. For more information, see Google's privacy policy: policies.google.com/privacy

Disclosure of Data to Third Parties

Personal data will not be passed on to third parties, except:

  • If this is necessary for contract fulfillment (e.g., banks for payments, insurance companies, administrative or social services)
  • If there is a legal obligation
  • If there is explicit consent
  • To service providers who process data on our behalf (data processors) under strict contractual conditions

Current data processors:

  • Google Ireland Ltd.Web analytics, advertising (Ireland/USA)
  • Replit, Inc.Website hosting (USA)
  • Google LLC (Gmail)Email communication (USA)
  • Digitec Galaxus AGAffiliate/referral tracking (Switzerland)

International Data Transfers

Some of the services we use (Google, Replit) are based in the USA. Data transfers to the USA are safeguarded by:

  • EU-US Data Privacy Framework (for certified companies like Google)
  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Switzerland's adequacy decisions under the revDSG

Retention and Deletion of Personal Data

We store personal data only for as long as necessary for the respective purpose or as required by legal retention obligations (Art. 958f OR, Swiss Code of Obligations; for EU citizens also Art. 17 GDPR). After that, the data will be deleted or anonymized.

Specific retention periods for your data:

Contact form inquiries (general inquiries)

Retention period: 6 months after completion of the inquiry

Rental applications (property applications)

If approved: Duration of the tenancy + 10 years (legal retention obligation)

If rejected: 6 months after rejection

Waitlist registrations

Retention period: Until placement or 12 months of inactivity

Lead magnet email addresses

Retention period: Until revocation of consent or 24 months of inactivity

Partner inquiries (companies, social services, universities)

Without partnership: 6 months after conclusion of discussions

With partnership: Duration of the collaboration + 10 years

Business correspondence and invoices

Retention period: 10 years (Art. 958f Swiss Code of Obligations)

Google Analytics data

Retention period: 14 months (Google's default setting for GA4)

Your right to deletion

You can request deletion of your personal data at any time by contacting info@bovita.ch. We will process your request within 30 days, unless legal retention obligations prevent deletion.

Rights of Data Subjects

Under the revDSG (and GDPR for EU/EEA residents), you have the following rights:

  • Right to information: Information about which data we process about you
  • Right to correction: Correction of incorrect or incomplete data
  • Right to deletion: Deletion of data, provided no legal retention obligations exist
  • Right to restrict processing: Restriction of data processing under certain conditions
  • Right to object: Objection to processing based on legitimate interest
  • Right to data portability: Transfer of your data in a structured, commonly used format
  • Right to withdraw consent: Revocation of previously given consent at any time

To exercise your rights, contact us at info@bovita.ch. We will respond within 30 days.

Right to lodge a complaint: You have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) or, if you are an EU/EEA resident, with a supervisory authority in your country of residence.

Data Security

We implement appropriate technical and organizational measures to protect personal data from loss, misuse, unauthorized access, or unlawful processing. These include:

  • SSL/TLS encryption for all data transmissions
  • Access controls and password-protected admin areas
  • Regular security updates and system monitoring
  • Encrypted database connections

Cookies

Our website uses cookies. Cookies are small text files that are stored on your device when you visit our website. They help us to make our website more user-friendly and to analyze the use of our offer.

Necessary Cookies

Essential for the operation of the website. They enable basic functions such as page navigation, language selection, and cookie consent storage. Without these cookies, the website cannot function properly. No consent required.

Analytics Cookies (Google Analytics)

Help us understand how visitors interact with our website by collecting anonymous information about page views and navigation patterns. Set only with your consent. Provider: Google Ireland Ltd. Cookie names: _ga, _ga_*. Duration: up to 14 months.

Marketing Cookies (Google Ads)

Used to measure the effectiveness of advertising campaigns and track conversions. Set only with your consent. Provider: Google Ireland Ltd. Cookie name: _gcl_aw. Duration: 90 days.

You can manage your cookie preferences at any time on our Cookie Settings page or in your browser settings.

Third-Party Services

Google Fonts

This website uses Google Fonts for uniform font display. Fonts are loaded from Google servers, which may result in your IP address being transmitted to Google.

Google Maps

We embed Google Maps to show property locations. Using Google Maps may result in data being transmitted to Google. Only loaded with your consent.

Vimeo

We embed videos from Vimeo (Vimeo, Inc., USA). When playing a video, a connection to Vimeo servers is established and data (including your IP address) may be transmitted.

Hosting (Replit)

This website is hosted by Replit, Inc., 1051 Market Street, San Francisco, CA 94103, USA. Server log files (IP address, browser type, access time) are collected for technical purposes. Privacy policy: replit.com/site/privacy

Email (Gmail / Google Workspace)

We use Gmail for email communication (automated notifications, inquiry responses). Emails are processed and stored on Google servers. Privacy policy: policies.google.com/privacy

Changes to this Privacy Policy

We reserve the right to change this privacy policy at any time. The current version published on the website is authoritative. We recommend checking this page periodically for updates.

Last updated: 25.02.2026