top of page

Privacy Policy

Not what you were looking for? 

Company/Companies: Treehouse GmbH

Address: Schillerstrasse 21

Postal code, City, Country: 4053 Basel, Switzerland

Management: Philippe Marc Meyer, Sandra Ramona Kaiser

Responsible person: Sandra Ramona Kaiser

Phone number: +41 (0) 61 404 22 22

Email address:

The following privacy policy is written in simple, understandable language and avoids legal and technical terms wherever possible.

Version dated September 2023

1. General information on data processing

1.1. Purpose of the privacy policy

When contacting Treehouse GmbH, hereinafter referred to as "we" or "us", personal data is generally processed, which fall under the Data Protection Act (DSG) and the Data Protection Ordinance (DSV). This data typically includes names, email addresses, telephone numbers, as well as personal information related to contractual relationships with us. Additionally, technical data that can be attributed to an individual, such as cookies, are considered personal data (especially cookies, see below).

This privacy policy informs about the nature, scope, and purpose of processing personal data by us.

1.2. Legal basis

The legal basis of our data processing includes in particular Articles 5–9 DSG ("Terms and Principles"). We follow the "Industry recommendation for the revised Data Protection Act", (available here) of SVIT Schweiz in the measures taken.

To protect the managed data against manipulation, loss, destruction, or unauthorized access according to the current state of the art, we employ modern technical security measures and continuously improve them.


1.3. Processed personal data

The personal data processed by us include sensitive personal data within the meaning of the DSG. Particularly sensitive personal data are only processed in individual cases and with the appropriate consent (e.g., debt collection register extracts, credit reports).

1.4. Your rights

According to Article 25 DSG, every individual has the right to request information free of charge from us about whether personal data about them is being processed. From the second request within 12 months, we may charge a cost-covering fee (maximum CHF 300 according to Article 19 paragraph 2 DSV).

Subject to the conditions of Article 28 paragraph 1 DSG, every individual has the right to request from us the disclosure of their personal data that they have disclosed to us in a common electronic format. Requests for information and disclosure are to be addressed to:

2. Processing procedures

2.1. Rental process

In the rental process, personal data of owners, tenant applicants, and tenants are processed as far as necessary for the process or for rental contracts.

By providing personal data, the affected individuals consent to data processing.

In the rental process, we inform the affected individuals that we obtain personal data from third parties (in particular credit reports).

We inform the affected individuals in an appropriate manner about the source of externally obtained personal data. Personal data of tenant applicants will be deleted after the conclusion of the rental process, unless the process does not result in a rental or the affected individual does not consent to the use of the personal data for a later rental process.

Personal data collected before the entry into force of the DSG from ongoing rental orders and rental agreements are processed without further notice.

Personal data of tenant applicants collected before the entry into force of the revised DSG will be deleted unless consent to data processing is given.

Rental agreements and the personal data associated with them are kept for 10 years beyond the last contractual performance (usually settlement of ancillary costs or refund of the rental deposit) according to the principles of the general limitation period (Article 127 CO).

2.2. Marketing process

In the marketing process, personal data of sellers, potential buyers, and buyers are processed as far as necessary for the process.

By providing personal data, the affected individuals consent to data processing. Personal data of sellers, buyers, and process documents are kept for a period of 5 years (period of complaint and limitation according to SIA).

All personal data of potential buyers will be deleted after the completion of the marketing process, unless the affected individual consents to the use of the personal data for a later marketing process. Anonymous retention is reserved.

2.3. Consultation process

Individuals from consulting mandates are kept for 2 years beyond the completion of the consulting mandate. Anonymous storage is reserved.

2.4. Collaboration with third parties

To provide our services, we work with various external partners. A condition for collaboration is the DSG or GDPR-compliant data processing of the contractors. In individual cases, the relevant data protection provisions may deviate from ours. The disclosure of personal data to cooperation partners is exclusively for the purpose of fulfilling our services and only to the extent necessary. We inform the affected individuals about the disclosure.

2.5. Disclosure of personal data abroad

Data processing servers may be located abroad, and service providers may be based abroad. However, we only work with service providers who commit to DSG or GDPR-compliant data processing.

2.6. Customer Relationship Management

Personal data in our Customer Relationship Management system (CRM system) only include information necessary for contact or business relationships. The personal data are stored for 2 years beyond the last customer contact and then deleted. Anonymous retention is reserved.

2.7. Digital customer/user account

We offer certain services through a personal customer/user account on our servers.

By opening a customer/user account, individuals agree to us processing their personal data (storing, retaining, using, etc.), creating evaluations from the usage to improve our services, and contacting the affected individuals.

A personal customer/user account can be deleted by the individual at any time. The personal data will be removed from our databases within 3 months. Anonymous retention is reserved.

We refrain from making the use of our digital information offerings dependent on a customer/user account.

2.8. Newsletter

We do not send unsolicited newsletters.

2.9. Email

We secure our email traffic for a period of 1 year from the last email communication in a conversation history, unless ongoing business relationships or similar require longer retention.

2.10. Contact form

Personal data from digital contact forms are deleted from our web servers within 1 month. Further communication takes place via email (see above), telephone, or personal contact.

2.11. Events

Personal data from registrations and participation in events we organize are deleted after 1 year.

2.12. Shipments via postal mail and social media

For paid postings on social media (Facebook, Instagram, etc.), we use the contact details of the respective providers.

2.13. Credit reports

To the extent necessary for our services, we consider credit reports from market-standard providers (e.g., for rentals). To request a self-disclosure, affected individuals contact or

2.14. Automated individual decisions

We currently do not make automated individual decisions for the rental process in our company. If this changes in the future, these decisions will fall under the exceptions according to the DSG. This means specifically that all automated individual decisions are reviewed by a natural person and, if necessary, changed.

2.15. Data backups

For data security, we regularly create backups of our business data, which are stored on data carriers and cloud services in Switzerland. The backup rhythm follows relevant recommendations.

2.16. Data protection measures

Data security is an important concern for us. Our measures to protect against unauthorized access follow the recommendations of the National Center for Cybersecurity NCSC of the Federal Government.

2.17. Website(s)

In addition to the domains, the website includes project-specific websites and services from service partners. Visitors to the website are not obliged to provide personal data unless we specifically point it out in individual cases.

2.18. Use of cookies

Cookies are data stored by our websites via the browser on the user's device. The cookies we use serve to increase and improve the user-friendliness of our websites.

They also help to capture statistical data on website usage and use the data obtained for analysis and advertising purposes. Some cookies are automatically deleted from your device when the browser is closed (session cookie). Other cookies are stored for a specified period, not exceeding 2 years in each case (persistent cookies).

We also use so-called third-party cookies, which are managed by third parties, to offer certain services. You can influence the use of cookies. Most browsers have an option to restrict or completely prevent the storage of cookies. However, we would like to point out that the use, and especially the convenience of use, may be restricted without cookies.

2.19. Server log files

With every access to this website, we automatically collect a series of technical data, which are personal data. These are:

  • IP address of the user

  • Name of the accessed website or file

  • Date and time of access

  • Message about successful retrieval

  • The response to the request (successful or unsuccessful)

  • The page that was requested

  • Browser type and version

  • User's operating system

  • Referrer URL (the previously visited page)

  • Protocol information such as protocol type, version, desired action, status codes, or information about the transferred data (e.g., the size of a request or a response)

  • Error messages

  • Application-specific information such as message IDs for emails or, for web accesses, information about the browser used (user agent string) or, if applicable, the page from which the visitor accessed the website

Server log files are not merged with other personal data. We collect and evaluate server log files to administer the website, improve it, and detect and defend against unauthorized access.

Server log files are collected and evaluated by our data processors, Google LLC (United States), Hostpoint AG (Switzerland), (Israel), and W & W Immo Informatik AG (Switzerland).

The server log files with the above-mentioned data are deleted after no later than 6 months, unless there is a legitimate interest or a service-oriented concern. We reserve the right to store the server log files for a longer period if there are facts suggesting unauthorized access.

This applies not only to interactions with websites but to all our services

bottom of page