P.IVA CHE-406.525.355IVA
Choose your destination
Guests 2
  • Home
  • Privacy
  • Privacy


    With this Privacy Policy we inform you which personal data we process in relation to our activities and operations including our crestapalace.ch-website. We inform you in particular about what personal data we process, how and where. We also inform you about the rights of the people whose data we process.

    For some specific or additional activities and operations, additional privacy policies and other legal documents such as General Terms and Conditions (T&Cs), Terms of Use or Terms of Participation may apply.

    We are subject to Swiss data protection law as well as any applicable foreign data protection law, in particular that of the European Union (EU) with the General Data Protection Regulation (GDPR). The European Commission recognizes that Swiss data protection law ensures adequate data protection.


    Responsible for the processing of personal data:

    Special Immobilien SAGL

    Via Chalchera – 9 – 7505 – Celerina



    In specific cases, there may be another controller for the processing of personal data or joint responsibility with at least one other controller.


    We have the following Data Protection Officer or Data Protection Advisor as a point of contact for data subjects and authorities for data protection-related inquiries:

    Cantaluppi Nicola

    Special Immobilien SAGL

    Via Chalchera – 9 – 7505 – Celerina




    2.1 TERMS

    Personal data is any information relating to an identified or identifiable natural person. A data subject is a person whose personal data we process.

    Processing includes any operation or set of operations carried out on personal data, regardless of the means and procedures used, such as querying, matching, adjustment, archiving, conservation, retrieval, disclosure, acquisition, collection, deletion, disclosure, sorting, organization, storage, modification, dissemination, connection, destruction and use of personal data.

    The European Economic Area (EEA) includes the member states of the European Union (EU) as well as the Principality of Liechtenstein, Iceland and Norway. The General Data Protection Regulation (GDPR) defines the processing of personal data as processing of personal data.


    We process personal data in accordance with Swiss data protection law, in particular the Federal Data Protection Act (LPD) and the Data Protection Ordinance (OPD).

    We process – to the extent that the General Data Protection Regulation (GDPR) is applicable – personal data based on at least one of the following legal principles:

    Article 6 par. 1 letter b GDPR for the necessary processing of personal data for the performance of a contract with the data subject or for the implementation of pre-contractual measures.

    Article 6 par. 1 letter f GDPR for the necessary processing of personal data to pursue the legitimate interests of us or of a third party, unless the interests or fundamental rights and freedoms of the data subject prevail. Legitimate interests are in particular our interest in carrying out our activities and operations in a long-lasting, user-friendly, secure and reliable manner, as well as in communicating about them, ensuring IT security, protecting against abuse, enforcing our legal claims and comply with Swiss law.

    Article 6 par. 1 letter c GDPR for the necessary processing of personal data for compliance with a legal obligation to which we are subject under the applicable law of member states in the European Economic Area (EEA).

    Article 6 par. 1 letter and GDPR for the necessary processing of personal data for the performance of a task in the public interest.

    Article 6 par. 1 letter a GDPR for the processing of personal data with the consent of the interested party.

    Article 6 par. 1 letter d GDPR for the necessary processing of personal data to protect the vital interests of the data subject or of another natural person.


    We process those personal data that are necessary to be able to carry out our activities and operations in a long-lasting, user-friendly, secure and reliable manner. Such personal data may belong, in particular, to the categories of personal and contact data, browser and device data, content data, metadata or marginal data and usage data, location data, sales data, as well as contractual data and of payment.

    We process personal data for the duration necessary for the respective purpose or purposes or as required by law. Personal data whose processing is no longer necessary will be anonymized or deleted.

    We may have personal data processed by third parties. We may process personal data together with third parties or pass them on to third parties. Such third parties are in particular specialized providers whose services we use. We also ensure data protection with these third parties.

    We generally process personal data only with the consent of the data subjects. If and to the extent processing is permitted for other legal reasons, we may dispense with obtaining consent. For example, we may process personal data without consent to fulfill a contract, comply with legal obligations or pursue a legitimate interest.

    We also process personal data that we receive from third parties, acquire from publicly accessible sources or collect in the course of our activities and operations, if and to the extent such processing is permitted for legal reasons.


    We process personal data in order to communicate with third parties. In this context, we process in particular data transmitted by a data subject during contact, for example by post or e-mail. We may save this data in an address book or similar means.

    Third parties who transmit data about other persons are obliged to ensure data protection towards these data subjects. This includes, among other things, ensuring the accuracy of the personal data transmitted.

    We use selected services from appropriate providers to be able to communicate better with third parties.


    We adopt appropriate technical and organizational measures to guarantee a level of security appropriate to the specific risk. With our measures we guarantee in particular the confidentiality, availability, traceability and integrity of the personal data processed, without however being able to guarantee absolute data security.

    Access to our website and our online presence takes place via transport encryption (SSL / TLS, in particular with the abbreviated HTTPS protocol of Hypertext Transfer Protocol Secure). Most browsers indicate transport encryption with a small padlock in the address bar.

    Our digital communication is subject – as in principle all digital communication – to mass surveillance without cause and suspicion by security authorities in Switzerland, in the rest of Europe, in the United States of America (USA) and in other countries. We cannot directly influence the relevant processing of personal data by secret services, police forces and other security authorities. We cannot exclude that individual data subjects are specifically monitored.


    We process personal data mainly in Switzerland and the European Economic Area (EEA). However, we may also export or transmit personal data to other countries, in particular for processing or having it processed there.

    We may export personal data to all states and territories on Earth and elsewhere in the universe, provided that local law, as decided by the Swiss Federal Council, ensures adequate data protection and – to the extent that the General Data Protection Regulation (GDPR) is applicable – according to the decision of the European Commission adequate data protection.

    We may transmit personal data to countries whose law does not guarantee adequate data protection, provided that data protection is ensured for other reasons, in particular on the basis of standard data protection clauses or with other appropriate safeguards. In exceptional cases, we may export personal data to countries without adequate or adequate data protection if special data protection conditions are met, for example explicit consent of the data subjects or a direct relation to the conclusion or performance of a contract . We will gladly provide interested parties with information on any guarantees upon request or provide a copy of the guarantees.




    We grant data subjects all rights under applicable data protection law. In particular, interested parties have the following rights:

    Access: Interested parties may request to know whether we process personal data concerning them and, if so, which data. Data subjects also receive the information necessary to assert their data protection rights and ensure transparency. This includes the personal data processed, but also information on the purpose of the processing, the duration of storage, any disclosure or export of data to other countries and the origin of the personal data.

    Rectification and Limitation: Interested parties can correct inaccurate personal data, complete incomplete data and limit the processing of their data.

    Erasure and Opposition: Interested parties can have their personal data erased ("right to be forgotten") and object to the processing of their data in the future.

    Data Portability: Data subjects may request the delivery of personal data or the transfer of their data to another data controller.

    We may postpone, limit or refuse the exercise of data subjects' rights to the extent permitted by law. We may advise interested parties of any conditions they must meet to exercise their data protection rights. For example, we may partially or completely refuse access by reference to trade secrets or the protection of other people. For example, we can also partially or totally refuse the deletion of personal data by referring to legal retention obligations.

    We may exceptionally incur costs for exercising your rights. We inform interested parties in advance about any costs.

    We are required to identify data subjects requesting information or exercising other rights with appropriate measures. Interested parties are required to cooperate.


    Data subjects have the right to assert their data protection rights in court or to lodge a complaint or complaint with a competent data protection supervisory authority.

    The data protection supervisory authority for complaints by data subjects against private data controllers and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

    The European data protection supervisory authorities for data subject complaints – to the extent that the General Data Protection Regulation (GDPR) is applicable – are organized as members of the European Data Protection Board (EDPB). In some member states of the European Economic Area (EEA), data protection supervisory authorities are structured on a federal basis, in particular in Germany.





    8.1 COOKIES

    We may use cookies. Cookies – both our own (First-Party-Cookies) and those of third parties whose services we use (Third-Party-Cookies) – are data stored in the browser. Such stored data does not necessarily have to be limited to cookies in text form.

    Cookies can be stored in your browser temporarily as "Session Cookies" or for a specific period as permanent cookies. "Session Cookies" are automatically deleted when you close the browser. Permanent cookies have a specific shelf life. Cookies allow, in particular, to recognize a browser on the next visit to our website and, for example, to measure the reach of our website. Permanent cookies can also be used, for example, for online marketing.

    Cookies can be deactivated or deleted at any time via your browser settings. Without cookies, our website may not be fully available. We ask – at least to the extent necessary – explicit consent to the use of cookies.

    For cookies used to measure success and reach or for advertising, you can exercise a general refusal ("Opt-out") option for many services via AdChoices (Digital Advertising Alliance of Canada), Network Advertising Initiative (NAI ), YourAdChoices (Digital Advertising Alliance) or Your Online Choices ( European Interactive Digital Advertising Alliance, EDAA).


    We may record each access to our website and our online presence by recording at least the following information, if transmitted to our digital infrastructure during such accesses: date and time including time zone, IP address, access status (HTTP status code), operating system including user interface and version, browser including language and version, specific web page visited on our website including amount of data transmitted, last web page visited in the same browser ( referrer or referrer ).

    We record this information, which may also be personal data, in log files. This information is necessary to provide our online presence in a permanent, user-friendly and reliable manner. The information is also necessary to ensure data security – including through third parties or with the help of third parties.


    We may integrate tracking pixels into our online presence. Tracking pixels are also known as web beacons. Tracking pixels – including those of third parties whose services we use – are usually small invisible images or scripts formulated in JavaScript, which are automatically retrieved when you access our online presence. With tracking pixels, at least the same information recorded in log files can be collected.


    Send notifications and communications via email and through other communication channels such as instant messaging or SMS.


    Notifications and communications may contain web links or tracking pixels that record whether an individual communication has been opened and which links have been clicked. These web links and tracking pixels may also record your use of notifications and communications on a personal basis. We need this statistical record of usage to measure success and reach, in order to send notifications and communications in an effective and user-friendly manner, as well as in a permanent, secure and reliable manner, based on users' needs and reading habits. recipients.


    You must generally consent to the use of your email address and other contact addresses, unless the use is permitted for other legal reasons. To obtain confirmed consent in two stages, we can use the «Double Opt-in» procedure. In this case you will receive a communication with instructions for double confirmation. We may record the consents obtained, including IP address and timestamp , for evidence and security purposes.

    You can generally object at any time to receiving notifications and communications, such as newsletters. With such opposition, you can at the same time oppose the statistical collection of use for measuring success and reach. Necessary notifications and communications relating to our activities and operations are reserved.


    Send notifications and communications with the help of specialized service providers.


    We are present on social media platforms and other online platforms to communicate with interested people and inform them about our activities and operations. In relation to these platforms, personal data may also be processed outside Switzerland and the European Economic Area (EEA).

    The general terms and conditions (T&Cs), conditions of use, privacy statements and other provisions of the individual operators of such platforms also apply. These provisions inform in particular about the rights of data subjects directly against the specific platform, which include for example the right of access.

    For our social media presence on Facebook, including so-called Page Insights, we are - insofar as the General Data Protection Regulation (GDPR) applies - jointly responsible with Meta Platforms Ireland Limited (Ireland). Meta Platforms Ireland Limited is part of the Meta companies (including the United States). Page Insights provide information on how visitors interact with our presence on Facebook. We use Page Insights to deliver our social media presence on Facebook in an effective and user-friendly manner.

    Further information on the nature, scope and purpose of data processing, information on the rights of data subjects and the contact details of Facebook and its data protection officer can be found in Facebook's data protection declaration. We have concluded with Facebook the so-called «Addendum for data controllers» and agreed in particular that Facebook is responsible for guaranteeing the rights of data subjects. Relevant information for Page Insights is available on the “Page Insights information” page including “About Page Insights data”.


    We use specialized third-party services to be able to carry out our activities and operations in a continuous, user-friendly, safe and reliable manner. With these services, we can, among other things, embed functions and content into our website. For technically necessary reasons, the services used capture the IP addresses of users at least temporarily.

    For necessary security, statistical and technical purposes, third parties, whose services we use, may process data in connection with our activities and operations in aggregate, anonymized or pseudonymized form . This is, for example, performance or usage data to be able to provide the specific service.

    We use in particular:

    Google Services: Providers: Google LLC (USA) / Google Ireland Limited (Ireland) for users in the European Economic Area (EEA) and Switzerland; General information on privacy: «Privacy and security principles», Privacy Policy, «Google and compliance with applicable privacy laws», «Guide to privacy in Google products», «How we use data from websites or apps that use our services" (Information from Google), "Types of cookies and similar technologies used by Google", "Advertising you can control" ("Personalised advertising").

    Microsoft Services: Providers: Microsoft Ireland Operations Limited (Ireland) for users in the European Economic Area (EEA), Switzerland and the United Kingdom / Microsoft Corporation (USA) for users in the rest of the world; General privacy information: «Privacy at Microsoft», «Privacy and data protection», Privacy Policy, «Privacy and data settings».


    We use specialized third-party services to provide us with access to the digital infrastructure necessary for our business and operations. This includes, for example, hosting and storage services from selected providers.



    We use specialized platforms to integrate and connect existing third-party apps and services. We can also automate flows and tasks with third-party apps and services via these «No-Code» platforms.



    We use third-party services to facilitate online collaboration. In addition to this privacy policy, the conditions of the services used, such as terms of use or privacy statements, also apply.


    We use third-party services and plugins to embed features and content from social media platforms, as well as to enable the sharing of content on social media platforms and in other ways.


    We use third-party services to embed maps on our website.


    We use specialized third-party services to enable direct playback of digital audio and video content, such as music or podcasts.

    1. 7 E-COMMERCE

    We operate e-commerce and use third-party services to be able to successfully offer services, content or goods.

    11.8 PAYMENTS

    We use specialized service providers to be able to manage our customers' payments safely and reliably. The legal texts of the individual service providers, such as General Terms and Conditions (T&Cs) or privacy statements, also apply for payment processing.


    We use the ability to display advertising on third parties such as social media platforms and search engines for our activities and operations.

    With such advertising, we particularly want to reach people who are already interested or who may be interested in our activities and operations ( Remarketing and Targeting). For this purpose, we may transmit corresponding data – including personal data – to third parties who enable such advertising. We can also determine whether our advertising is effective, i.e. whether it leads to visits to our website (Conversion Tracking).

    Third parties, on whose sites we publish advertisements and with whom you are registered as a user, may possibly associate the use of our website with your profile present there.


    We may modify and supplement this privacy policy at any time. We will inform you about such changes and additions appropriately, in particular by publishing the updated privacy policy on our website.