Privacy statement relating to personal data processing and the use of our website


Dear Customer,


Our customer operates in the real estate agency sector. In addition to traditional real estate agency services, our company is specialised in the short term lease of properties in a number of European locations. Thanks to our network of trusted partners, we offer our customers a number of services (such as drivers, limousines, etc.), food and management services (chefs, waiters, housekeepers, etc.).


Since the General Data Protection Regulation came into force on 25 May 2018 (known as "GDPR" or Regulation 2016/679 – hereinafter the "GDPR"), the European Union has strengthened the rights of individuals resident in the EU in relation to the processing of their personal data. There is currently a broad review of federal data protection legislation underway in Switzerland, which is expected to afford data subjects the same rights as GDPR.


In order to provide our services, we need to obtain some personal data from our customers. This privacy statement – which is provided under Article 13 of GDPR - is aimed at providing you with all the necessary information that protects customer and website user rights.


A. Who we are

B. Which data we collect and why

C. Consent

D. Your rights

E. Safety measures (how we protect your data)

F. Data retention periods

G. Transferring your data to third parties and abroad

H. Cookies, analysis and tracing systems, social media plug ins, external links

I. Minors

L. General provisions

M. Changes to this privacy statement


A. Who we are


CDL SWISS SAGL, Strada Cantonale, Stabile n. 218, 6563 Mesocco, hereinafter referred to as the "Company", is responsible for managing the websites,, and  The Company acts as controller for the processing of personal data via those websites.


B. Which data we collect and why


We need to collect personal data from our Customers and from website users in order to provide our services.

Part of that data is automatically transmitted by the device you use when connecting with our website. If you would like to block that automatic transfer, then you need to disable the transfer of personal data via your browser.

Other data is provided directly by Customers in order to receive information, newsletters or other communications relating to our services, proposals or offers available on the website.


1. Data collected via our server when you access our website:

  • Date and time of access;

  • IP number for your computer;

  • The browser you are using via your device;

  • The country connecting with our server and information on language, screen, position, etc.;

  • Your operating system;

  • Your Internet service provider


2. Data that you provide when registering with our website:


  • Name and surname;

  • Address;

  • E-mail address;

  • Telephone number;

  • Fax number, if any;

  • Preferred language;

  • Credit card details and/or other payment details;

  • Date of birth.


3. Data you provide for communicating with the Company:


  • Name and surname;

  • Preferred language;

  • E-mail address;

  • Services (purchases/sales/leases)


C. Consent


1. The GDPR defines consent as: "any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her".


Domestic data protection law will specify that: "consent is valid if given freely and unequivocally after being duly informed. Express consent is required for the processing of personal data that requires special protection or for profiling".


Consent must always be granted expressly with respect to particularly sensitive personal data, such as for example data regarding religious beliefs, ethnicity, political affiliations, etc. Our Company does not collect this type of information given that it is not needed in order to provide our services.


For less sensitive data, consent may be granted freely by any means, for example via mere confirmation, or it can be assumed to have been granted if the data in question is mandatory for the provision of our services. In that case, your request for services from our Company will imply that you agree with the Company using your data in order to provide you with the requested service (for example, payment details, delivery address, etc.).


Other data is required for marketing purposes and is expressly collected for that purpose. Please note that you can deny your consent to data processing for that purpose and you may simply withdraw your consent if you had granted it in the past.


Our personnel is available if you have any doubts or queries regarding the processing of personal data. See Section D below if you wish to make a request.


D. Your rights


If the GDPR applies, you have the right to request that your data is:


  • updated, rectified or (in the event data is incomplete) integrated;

  • erased, if:

    • your data is no longer required for the purpose for which it was collected or processed;

    • You have withdrawn your consent or objected to processing;

    • Your data was processed unlawfully or has to be erased to comply with law;

  • Limited in terms of processing, if:

    • Your data is inaccurate or processed unlawfully or if you have objected to its processing;

    • Even if the Company no longer needs it for processing, it is necessary for the Company to protect your statutory rights;

  • Transferred to another controller (“right to portability”), if the processing is on a consent basis and processed automatically.


We note that in accordance with tax requirements and laws regulating the sale of alcohol, the Company must retain part of your personal data; please see the section "Data retention periods" below for more information.


In accordance with applicable law, you are entitled to contact the competent authorities (in Switzerland the Federal Data Protection and Information Commissioner and in other countries, the national Data Protection Authorities).


E. Safety measures (how we protect your data)


1. The Company implements appropriate technical and organisational measures to protect your personal data from unauthorised processing and data loss. The technical systems are maintained adequately taking into account the constant developments in technology.


In order to avoid unlawful processing or data loss, we advise our customers and our users to use updated systems and not to share sensitive information with third parties, such as credit card details, user names or passwords.

In order to guarantee a high quality service, excellent products and the discretion that we are known for, the Company has strengthened its corporate policies so that your personal data is accessible solely by the personnel effectively needed to process your requests.


F. Data retention periods


1. Customer personal data is processed and retained in accordance with the principle of the time strictly required to provide the services requested by the Customer (contractual basis) or in accordance with law (legal basis). In particular, the data is stored for the entire duration of the contractual relationship between the Customer and the Company for accounting and legal purposes (for example, in the event of litigation brought by or against the Company). In any event, in the event the Company no longer has legal grounds for storing the data, they will be anonymized or respectively erased.


G. Transfer of your data to third parties and abroad


1. In order to provide the services, in some circumstances the Company has to provide your personal data to third parties (outsourcing), in particular in relation to the management of the website, sending out newsletters and for profiling or marketing purposes. Moreover, the data must be sent to our partners with respect to leased and sold items.


2. In general, the Company mainly carries out its business in Switzerland and Europe. The information is therefore exchanged with partners subject to GDPR, the FADP and guarantee the protection of personal data.


3. Under the GDPR, users resident in Europe are guaranteed the protection of their personal data as the GDPR applies outside resident states.


4. With respect to the communication of personal data in the United States of America, note that the transfer is managed in accordance with GDPR provisions and FADP respectively. We wish to inform Customers that the United States of America, as with other countries in the world, do not offer an adequate protection of personal data.


In order to offer sufficient protection, recipients of the data must be obliged either by contract or by specific programmes (such as privacy shield) to offer an adequate protection of personal data.


CDL SWISS has contracts in place with US partners aimed at protecting personal data and complying with GDPR requirements. If in order to perform a contract with you, we need to send your data to the US, we will ask you for your express consent and if you deny said consent, we will not be able to perform the contract.  


5. In any event, only the personal data that is strictly required to provide the requested services is processed.


H. Cookies, analysis and tracing systems, social media plug ins, external links and the use of videos on You Tube


1. Cookies are small bundles of data, a kind of ID tag, which your device exchanges with our server when you surf our website. The information stored in cookies makes it easier and more efficient to use the website. Cookies are saved automatically on your device via your internet browser and make it possible to trace your choices ad your settings, so that each time you visit the website again in the future, the experience is more efficient. Your browser setting control cookies and can even be set to block them. You can also partially or totally delete cookies and be informed when a system is trying to exchange cookies. Please note that your navigation experience will be adversely affected without cookies and some services might not work properly or not at all.  


2. Our website has a tracing system, which allows us to collect all the necessary information for the management and implementation of the website. Cookies are used in this case as well, including for the tracing offered by third parties, such as for example Google Analytics (see comprehensive list).


3. In order to allow our Customers a choice in how to stay in contact with the Company, we also communicate via social media. Our website is fitted with plug ins, which allow users to activate communications with their chosen social media. Only then, so at the express request of the Customer, will there be an exchange of data to use the relevant social media outlet.


4. Our website offers links to external websites that are of help in the provision of our services. The Company does not constantly monitor said websites, hence we invite you to read their terms and conditions relating to personal data protection before using them. The Company will not be held liable for the content of said website or for their implementation of personal data protection. In any event, unless expressly instructed otherwise, the Company shall not provide said websites with personal data.






13 months


13 months


7 days


At the end of the session


2 years


2 years


At the end of the session


3 months


2 years


20 years


2 years


6 months


2 years


1 month


2 years


4 months


At the end of the session


2 years


2 years


1 year


3 years


1 day


At the end of the session


6 months


2 years


At the end of the session


At the end of the session


At the end of the session


At the end of the session


At the end of the session


At the end of the session



I. Minors


1. Our Company does not collect or process the personal data of minors. However, given that we do not systematically collect personal data other than on the terms set out in this privacy statement and in accordance with law, we are not able to identify for example, the effective age of website visitors. If you believe that a minor in your care has provided us with their personal data without your consent, please inform us without delay in order to avoid that said minor receives our promotional messages, for example. Our personnel will then take the necessary action.


L. General provisions


1. Please note that the transmission of communications, documents and other information via e-mail is considered to be less reliable, safe and confidential than via letter or fax. We use modern technology to combat viruses and spam. We however recommend that customers use adequate antivirus protection and we cannot be held liable for any damage incurred via e-mail or the loss of e-mails. We reserve the right to reject e-mails with potentially dangerous attachments.


M. Amendments to this privacy statement


1. The Company is entitled to update this privacy statement in order to provide adequate protection and compliance with law. For that reason, in particular in the event of changes to legislations, this privacy statement may be subject to review and amended.


Please do not hesitate to contact us if you have any doubts or queries regarding the scope of this privacy statement.


N. Misunderstanding and discrepancies in interpretation

In the event of any miscomprehension or discrepancy between the Italian version of this privacy statement and versions in other languages, the Italian version shall prevail.




Revised August 2018