Privacy Policy

Last updated: 7 June 2026

We are pleased that you are visiting our website and thank you for your interest in our real-estate photography and visual property-marketing services. The protection of your personal data is a central concern for us. In this Privacy Policy, we transparently inform you about which data we collect, the purposes for which we use it, and the rights to which you are entitled.

This Privacy Policy has been prepared in accordance with the revised Swiss Federal Act on Data Protection (revFADP). Where individuals from the EU/EEA visit our website, we additionally take into account the requirements of the EU General Data Protection Regulation (GDPR).

The controller responsible for data processing within the meaning of the revFADP is:

Visualista GmbH
Hagenholzstrasse 102
8050 Zurich, Switzerland

Telephone: +41 44 577 62 56
Email: info@visualista.ch
Website: visualista.ch

This Privacy Policy applies to the processing of personal data by Visualista GmbH on the website visualista.ch and on any subdomains associated with it.

The primary legal basis is the Swiss revFADP. As our website may also be accessed by individuals from the EU/EEA, we additionally take the GDPR into account. Where consent is required, we obtain it prior to processing. Otherwise, we base our processing on the following legal grounds:

• Art. 6(1)(a) GDPR (consent)
• Art. 6(1)(b) GDPR (performance of a contract and pre-contractual measures)
• Art. 6(1)(c) GDPR (legal obligation)
• Art. 6(1)(f) GDPR (legitimate interests)
• Art. 31 revFADP (overriding interests)

Personal data: Any information relating to an identified or identifiable natural person (under the GDPR: “personal data”).

Processing: Any operation involving personal data, in particular collecting, storing, using, transmitting and erasing.

Controller: The natural or legal person who determines the purposes and means of the processing.

Processor: A person or entity that processes personal data on behalf of the controller.

Cookies: Small text files stored in the user’s browser that enable recognition and analysis of user behaviour.

Each time our website is accessed, our hosting provider automatically collects information that your browser transmits to our server. These so-called server log files include:

• anonymised IP address of the accessing device
• date and time of access
• name and URL of the file retrieved
• amount of data transferred
• notification of successful retrieval
• browser type, browser version and operating system
• referrer URL (previously visited page)

These data are evaluated exclusively to ensure uninterrupted operation of the website and to improve our offering. Storage takes place for security reasons for a maximum of 14 days. The legal basis is our legitimate interest pursuant to Art. 6(1)(f) GDPR and Art. 31(2)(a) revFADP.

For security reasons and to protect the transmission of confidential content, this website uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the address bar of the browser changes from “http://” to “https://” and by the padlock icon in your browser bar.

Our website is operated on servers provided by our hosting partner. As part of the hosting service, personal data (e.g. IP addresses, contact enquiries) is processed. We have concluded a data processing agreement with the provider in accordance with Art. 9 revFADP and Art. 28 GDPR.

In addition, content elements (e.g. emoji icons) are loaded from WordPress.com (Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA). Data may be transferred to the USA in the process. The transfer is based on the Swiss-US Data Privacy Framework and the EU Standard Contractual Clauses.

Our website uses cookies and comparable technologies (e.g. LocalStorage, web beacons, pixel tags). Cookies are small text files stored on your device and assigned to your browser.

We distinguish between:

• Necessary cookies: These are technically required to operate the website (e.g. language preference via WPML, session management, storage of your cookie selection).
• Statistics cookies: These collect anonymised data to analyse user behaviour.
• Marketing cookies: These are used to make content and advertising more relevant, as well as to integrate external content (e.g. social media feeds, embedded videos).

To manage your consent, we use the WordPress plugin Reply42 Cookie Consent, which we operate ourselves. The plugin was developed by our web agency Reply42 and runs exclusively on our own servers. The consent tool itself does not transfer your data to any third party (and in particular does not transfer data to third countries).

When you first access the website, a cookie banner is displayed in which you are informed about the cookie categories used and can grant or refuse your consent in a granular manner. The “Accept” and “Reject” buttons are designed with equal prominence (FDPIC-compliant, no so-called “dark patterns”). Your selection is stored in a technically necessary cookie named “r42cc_consent” on your device (storage period: 30 days).

To document consent pursuant to Art. 7(1) GDPR and Art. 6(6) revFADP, the plugin logs your selection in a database on our server. The following data is stored:

• a randomly generated consent ID (UUID)
• your IP address in hashed form (SHA-256 with a site-specific salt — the original IP address cannot be reconstructed from it)
• browser identifier (user agent)
• the selected cookie categories
• the language in which the banner was displayed
• the URL of the page on which consent was given
• type of action (accept, reject, individual selection, withdrawal)
• timestamp

As long as you have not yet made a selection, all non-essential cookies and third-party scripts (e.g. embedded YouTube videos, embedded Google Maps, Instagram feed, Google Reviews/Trustindex, and the Meta Pixel/Facebook Pixel) are automatically blocked by the plugin. For Google services, we additionally implement Google Consent Mode v2, so that only those signals corresponding to your consent are transmitted to Google.

You can withdraw or adjust your consent at any time via the “Cookie settings” link in the footer of our website. The legal basis for processing the consent logs is Art. 6(1)(c) GDPR (legal obligation to demonstrate consent) and our legitimate interest in compliance documentation under Art. 6(1)(f) GDPR and Art. 31(2) revFADP.

8.1 Contact Form (WPForms)

When you send us enquiries via the contact form on our website, your details from the enquiry form, including the contact data you provide there (name, company, email address, telephone number, message), are stored by us for the purpose of processing the enquiry and in case of follow-up questions.

We do not share this data without your consent. Processing is based on Art. 6(1)(b) GDPR (pre-contractual measures) and Art. 6(1)(f) GDPR (legitimate interest in responding to your enquiry). We use the WordPress plugin WPForms for data entry. The data is processed exclusively on our servers.

8.2 Email and Telephone Contact

If you contact us by email or telephone, your details will be stored for the purpose of processing the enquiry and in case of follow-up questions.

8.3 Dispatch of System Emails (WP Mail SMTP)

For the reliable dispatch of system and notification emails (e.g. confirmations of form enquiries) we use the WordPress plugin WP Mail SMTP. Emails are sent via our own SMTP server (or one operated by our hosting provider) (“Other SMTP”). Your data is not passed on to any external email marketing or delivery service provider (e.g. Brevo, SendGrid) in this context.

To display opt-in forms, pop-ups and promotional notices, as well as to allow sign-up for news, we use the Convertful service (Convertful, USA) in the form of the WordPress plugin of the same name. When you complete and submit such a form, the data you enter (in particular email address and, where applicable, name) as well as technical connection data (e.g. IP address, time) is processed in order to send you the requested information. Transfer to the USA may take place in the process.

Registration is voluntary and based on your consent pursuant to Art. 6(1)(a) GDPR and Art. 6(6) revFADP; the transfer to the USA is based on the Swiss-US and EU-US Data Privacy Frameworks and on the EU Standard Contractual Clauses. You can withdraw any consent given at any time with effect for the future by sending us an informal message to info@visualista.ch. Further information: convertful.com/privacy-policy

For reach and usage measurement, we do not use any web analytics services provided by Google (e.g. Google Analytics) or other third parties, nor do we use Google Tag Manager. The analysis of how our website is used is carried out exclusively with our self-operated first-party tool “Reply42 Conversion Tracker” (see section 11.10). This processes the data exclusively on our own servers and does not transfer any data to third parties or to third countries.

11.1 Meta Pixel (Facebook Pixel)

On our website, we use the “Meta Pixel” (also “Facebook Pixel”) provided by Meta Platforms Ireland Limited (Merrion Road, Dublin 4, Ireland; parent company Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California, USA). For this we use the WordPress plugin “Meta pixel for WordPress”. The Meta Pixel makes it possible to track the behaviour of visitors after they have been redirected to our website by clicking on a Meta advertisement (Facebook/Instagram), to evaluate the effectiveness of our advertisements for statistical and market research purposes, and to optimise the delivery of future advertising. In the process, personal data (in particular IP address, device and browser information, pages visited and, where applicable, an assignment to your Meta account) may be transmitted to Meta; a transfer to the USA is possible. The Meta Pixel is only loaded after your consent via our consent tool. The legal basis is your consent pursuant to Art. 6(1)(a) GDPR and Art. 6(6) revFADP. Further information: facebook.com/privacy/policy

11.2 Instagram Feed (Smash Balloon)

With the “Smash Balloon Instagram Feed” plugin, we embed content from our Instagram profile. Connections are established with servers of Meta Platforms Ireland Limited and Meta Platforms, Inc. (USA) as soon as content (images, reels) is loaded. The legal basis is your consent pursuant to Art. 6(1)(a) GDPR. Further information: privacycenter.instagram.com/policy

11.3 Embedded YouTube Videos

Videos from the YouTube platform (Google Ireland Limited) are embedded on our website. Where possible, we use the extended data protection mode (“youtube-nocookie.com”). When you access a page with an embedded video, a connection to YouTube servers is established and cookies may be set. The legal basis is your consent pursuant to Art. 6(1)(a) GDPR. Further information: policies.google.com/privacy

11.4 Google Reviews (Trustindex)

To display our Google reviews, we use the “Widgets for Google Reviews” / “Reviews Feed” widget by Trustindex.io Kft. (Andrássy út 60, 1062 Budapest, Hungary). The review data is retrieved via the Google API; when the reviews are displayed, connections are established with Trustindex servers (Hungary/EU) and, where applicable, with Google (see above). Personal data of our website visitors is only processed in the form of technical connection data (IP address, user agent). The legal basis is your consent pursuant to Art. 6(1)(a) GDPR. Further information: trustindex.io/privacy-policy

11.5 Embedded Map (Google Maps)

On our contact page, we embed an interactive map of our location using the Google Maps service. The provider is Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) and Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). When the map loads, connections are established to Google servers, and personal data (in particular IP address, browser and device information, and where applicable your approximate location) may be transmitted to Google. Transfer to the USA may take place. The legal basis is your consent pursuant to Art. 6(1)(a) GDPR; transfers to the USA are based on the Swiss-US and EU-US Data Privacy Frameworks and on the EU Standard Contractual Clauses. Further information: policies.google.com/privacy

11.6 Fonts and Gravatar

The fonts used on our website (including “Sofia Sans Extra Condensed” and “Noto Sans”) are served locally from our own server; no connection to Google or other third parties is established in the process. In connection with comment functions, the Gravatar service (Automattic Inc., USA) may also be used to display profile pictures. The legal basis is our legitimate interest in an appealing presentation pursuant to Art. 6(1)(f) GDPR or your consent pursuant to Art. 6(1)(a) GDPR. Further information on Gravatar: automattic.com/privacy

11.7 WPML (Multilingual Plugin)

To provide multilingual content (German/English) we use the WordPress plugin WPML. A technically necessary cookie is set to store your language selection. No personal data is transferred to third parties.

11.8 Imagify

To optimise the loading speed of our website, we compress image files with the Imagify service (WP Media SAS, 331 rue Pierre Mauroy, 59000 Lille, France). The compression takes place server-side; image files are transmitted to an Imagify server for this purpose. No personal data of website visitors is transferred. Further information: imagify.io/privacy

11.9 Security Services (Sucuri and All-In-One Security)

To protect against cyber attacks and malware, we use the Sucuri security service (Sucuri Inc., 4035 Westshore Blvd, Tampa, Florida, USA) and the WordPress plugin “All-In-One Security (AIOS)”. IP addresses and access patterns (e.g. failed login attempts) may be processed to detect and prevent attacks. The legal basis is our legitimate interest in the security of our website pursuant to Art. 6(1)(f) GDPR. Further information: sucuri.net/privacy

11.10 Reply42 Conversion Tracker

To measure the effectiveness of our own content, we use the WordPress plugin “Reply42 Conversion Tracker” developed by our web agency Reply42. The plugin records which internal links (e.g. from articles to service or contact pages) are clicked and presents these evaluations in an internal dashboard. Processing takes place exclusively on our own servers; no data is transferred to third parties and, in particular, not to third countries. The legal basis is our legitimate interest in the statistical evaluation and improvement of our offering pursuant to Art. 6(1)(f) GDPR and Art. 31(2) revFADP.

11.11 Yoast SEO

For search engine optimisation, we use the WordPress plugin Yoast SEO. The plugin does not process any personal data of website visitors and does not embed any external resources.

In connection with the services mentioned above (in particular Google services / Google Maps, YouTube, Meta/Meta Pixel/Instagram, Convertful, WordPress.com, Gravatar, Sucuri), your personal data may be transferred to the USA or other third countries. We base these transfers on:

• Swiss-US Data Privacy Framework (recognised by the Federal Council since 15 September 2024)
• EU-US Data Privacy Framework (adequacy decision of the European Commission of 10 July 2023)
• EU Standard Contractual Clauses (SCC) pursuant to Decision (EU) 2021/914
• your express consent pursuant to Art. 49(1)(a) GDPR and Art. 17 revFADP, in particular for transfers to third countries without an adequacy decision

We only store personal data for as long as is necessary for the respective purposes or as required by statutory retention periods:

• Server log files: max. 14 days
• Contact enquiries: until final processing, max. 24 months
• Business correspondence and quotations (tax-relevant): 10 years (retention obligation under the Swiss Code of Obligations, Art. 958f CO)
• Newsletter/marketing registrations (Convertful): until withdrawal of consent; after unsubscribing, the email address is removed from the distribution list and the registration record is retained for up to 3 years as proof of the consent given
• Consent cookie (r42cc_consent) on your device: 30 days
• Consent logs (consent log in our database, with hashed IP): 12 months

You have the following rights under the revFADP and the GDPR:

• Right of access (Art. 25 revFADP / Art. 15 GDPR): You can request information about which personal data we process about you.
• Right to rectification (Art. 32(1) revFADP / Art. 16 GDPR): You can request the correction of inaccurate data.
• Right to erasure (Art. 32(2)(c) revFADP / Art. 17 GDPR): You can request the deletion of your data.
• Right to restriction of processing (Art. 18 GDPR).
• Right to data portability (Art. 28 revFADP / Art. 20 GDPR).
• Right to object (Art. 30 revFADP / Art. 21 GDPR): You can object to the processing of your data.
• Withdrawal of consent: You can withdraw consent that has been granted at any time with effect for the future.
• Right to lodge a complaint with a supervisory authority: In Switzerland with the Federal Data Protection and Information Commissioner (FDPIC), in the EU with the respective competent national data protection authority.

To exercise your rights, please contact us informally at: info@visualista.ch. We will respond to your request as quickly as possible, and at the latest within 30 days.

For Switzerland:

Federal Data Protection and Information Commissioner (FDPIC)
Feldeggweg 1
3003 Bern, Switzerland
www.edoeb.admin.ch

We take appropriate technical and organisational measures (TOMs) to protect your data against accidental or unlawful destruction, loss, alteration and unauthorised access. These include, among others:

• SSL/TLS encryption of data transmission
• access restrictions and role-based permissions
• regular backups (BackWPup) and security updates
• web application firewall and malware scanner (Sucuri, All-In-One Security)

In the event of a data breach with a high risk to the data subjects concerned, we will inform the FDPIC and, where applicable, the affected individuals in accordance with Art. 24 revFADP.

We reserve the right to amend this Privacy Policy in order to keep it in line with current legal requirements at all times or to implement changes to our services, for example when introducing new offerings. The new Privacy Policy will then apply to your next visit.

Last updated: 7 June 2026 · Visualista GmbH, Zurich