Legal
This Privacy Policy applies to Priveluxe ("we", "us", "our"), a luxury travel concierge service operating between Lake Como (Italy) and Canton Ticino (Switzerland). We are the data controller responsible for your personal information.
Data Controller:
Priveluxe
Canton Ticino, Switzerland
Email: info@priveluxe.ch
WhatsApp: +41 76 366 18 22
We are subject to the Swiss Federal Act on Data Protection (FADP / nDSG), in force since 1 September 2023, and where applicable to EU/EEA residents, the EU General Data Protection Regulation (GDPR). Where our services are accessed from other jurisdictions, we also comply with applicable local data protection laws.
When you contact us or request a luxury experience, you may provide:
When you visit our website, we may automatically collect:
We may receive limited information when you contact us via:
We may collect special category data (as defined by GDPR Art. 9) only when strictly necessary to deliver your experience — for example, dietary requirements that may reveal health or religious information. We collect this only with your explicit consent and store it only for the duration required to fulfil your booking.
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Design and deliver your private experience | Identity, contact, travel preferences | Contract performance (GDPR Art. 6(1)(b)) |
| Process invoicing and payments | Identity, financial data | Contract performance; Legal obligation |
| Respond to enquiries | Identity, contact, communications | Legitimate interest (Art. 6(1)(f)) |
| Improve our website and services | Technical data, usage data | Legitimate interest (anonymous/aggregated) |
| Send updates on new experiences (newsletter) | Name, email | Consent (Art. 6(1)(a)); opt-out anytime |
| Legal compliance (accounting, tax records) | Identity, financial data | Legal obligation (Art. 6(1)(c)) |
| Fraud prevention and security | Technical data, IP address | Legitimate interest |
For residents of the EU/EEA, we rely on the following legal bases under GDPR Article 6:
Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.
We do not sell, rent, or trade your personal data to third parties.
We share your data only in limited, necessary circumstances:
To deliver your experience, we may share relevant details (name, contact, preferences) with carefully selected partners such as hotels, private transfer companies, boat charter operators, restaurant partners, and experience providers in Italy and Switzerland. All partners are bound by confidentiality agreements and may only use your data to fulfil the services you have requested.
| Provider | Purpose | Data Shared | Safeguards |
|---|---|---|---|
| Google Fonts (Google LLC) | Font delivery | IP address, browser headers | Google Privacy Policy; EU SCCs |
| Web hosting provider | Website hosting | Server logs (IP, access data) | Processor agreement (DPA) |
| Email service provider | Sending contact form responses | Name, email, message content | Processor agreement (DPA) |
We may disclose your data if required by applicable law, court order, or governmental authority in Switzerland, Italy, or another jurisdiction where we operate.
Priveluxe operates between Switzerland and Italy. Switzerland is recognised by the European Commission as providing adequate protection for personal data (adequacy decision under GDPR Art. 45). As such, transfers between Switzerland and the EU/EEA do not require additional safeguards.
Where data is transferred to countries outside the EU/EEA/Switzerland (e.g. to technology providers in the United States), we ensure appropriate safeguards are in place, including:
| Data Type | Retention Period | Reason |
|---|---|---|
| Booking and contract data | 10 years from booking date | Swiss/Italian legal accounting obligation |
| Financial records | 10 years | Swiss Code of Obligations; Italian law |
| Marketing communications consent | 3 years from last interaction, or until opt-out | Legitimate interest / consent |
| Enquiries / contact form data (no booking) | 2 years from last contact | Legitimate interest (follow-up) |
| Website analytics data | 14 months (aggregated/anonymised) | Service improvement |
| Cookie consent records | 13 months | GDPR compliance evidence |
After the applicable retention period, data is securely deleted or anonymised.
Under the General Data Protection Regulation (GDPR), you have the following rights:
Request a copy of the personal data we hold about you (Art. 15)
Request correction of inaccurate or incomplete data (Art. 16)
"Right to be forgotten" — request deletion of your data where there is no compelling reason to continue processing (Art. 17)
Request that we limit how we use your data in certain circumstances (Art. 18)
Receive your data in a structured, machine-readable format and transfer it to another controller (Art. 20)
Object to processing based on legitimate interest, including direct marketing (Art. 21)
Withdraw consent at any time where processing is consent-based, without affecting past processing
File a complaint with a supervisory authority, particularly in your EU Member State of residence
To exercise any of these rights, contact us at info@priveluxe.ch. We will respond within 30 days. For complex requests, we may extend this to 60 days with prior notice.
You may also contact the relevant supervisory authority:
If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), grants you the following rights:
To submit a verifiable consumer request, contact us at info@priveluxe.ch. We will acknowledge within 10 business days and respond within 45 days (extendable by 45 further days where necessary).
You may also designate an authorised agent to make a request on your behalf.
UK residents have rights equivalent to EU GDPR rights listed in Section 8. The UK supervisory authority is the Information Commissioner's Office (ICO) — ico.org.uk.
Canadian residents may request access to, or correction of, their personal information held by us. For Quebec residents, additional rights apply under Law 25. Contact us at info@priveluxe.ch.
Brazilian residents have rights under the Lei Geral de Proteção de Dados (LGPD), including rights to access, correction, anonymisation, portability, deletion, and objection. Contact us at info@priveluxe.ch to exercise these rights.
Australian residents may access personal information we hold and request correction of inaccuracies. Complaints may be directed to the Office of the Australian Information Commissioner (OAIC) — oaic.gov.au.
Residents of Gulf countries are protected by applicable local data protection legislation. We handle all guest data with the same standard of care regardless of geographic origin. For any enquiries, contact info@priveluxe.ch.
Regardless of where you are located, you may contact us at any time to request access, correction, or deletion of your personal information. We treat all such requests with equal priority.
Our website uses cookies and similar technologies. For full details on the types of cookies we use, their purpose, and how to manage your preferences, please read our Cookie Policy.
In summary:
You may update your cookie preferences at any time by clicking Manage Cookie Preferences.
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These include:
No internet transmission or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority as required by applicable law.
Our services are intended for adults aged 18 and over. We do not knowingly collect personal data from children under 16. If you believe we have inadvertently collected data from a minor, please contact us at info@priveluxe.ch and we will delete it promptly.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
We encourage you to review this Policy periodically. Your continued use of our services after changes take effect constitutes acceptance of the revised Policy.
For any questions, concerns, or requests regarding this Privacy Policy or the processing of your personal data, please contact the data controller. All data protection, privacy, and legal enquiries should be sent to the same address:
| Data Controller | Priveluxe — Luxury Experiences in Switzerland & Italy |
| Responsible Person | Sciary |
| Address | Lugano, Canton Ticino, Switzerland |
| Email (all enquiries) | info@priveluxe.ch |
| +41 76 366 18 22 | |
| Legal framework | Swiss Federal Act on Data Protection (FADP / nDSG, in force since 1 Sept 2023) & EU GDPR where applicable |
| Response time | Within 30 days for GDPR/FADP requests; within 45 days for CCPA requests |