Data protection

Privacy Policy

Version in force on 5 June 2026.

Discretion is not a marketing promise. It is the foundational commitment of our house. The present policy formalises the principles and practices by which Palatial Kpodar protects the personal data entrusted to it, in compliance with Swiss and European law.

1. Data controller

The data controller for the processing of personal data within the meaning of the Swiss Federal Act on Data Protection (FADP) and the General Data Protection Regulation (GDPR) is:

Palatial Kpodar
Sole proprietorship under Swiss law
Grand-Rue 2, 1188 Gimel
Canton of Vaud, Switzerland
Business identification number (IDE): CHE-267.292.802

Representative: Killan Kpodar, Founder
Data protection contact: contact@palatial.ch

2. Applicable legal framework

The processing of personal data by Palatial Kpodar is governed by:

the Swiss Federal Act on Data Protection (FADP, SR 235.1), as revised and effective from 1 September 2023;
the Ordinance on Data Protection (ODP, SR 235.11);
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR), insofar as it applies to data subjects residing in the European Economic Area.

3. Data collected and purposes of processing

3.1 — When browsing the website

Browsing www.palatial.ch does not entail any active collection of personal data. No form, no audience measurement cookie, no third-party tracking tool (notably Google Analytics, Meta Pixel, or equivalent analytics systems) is implemented.

However, the website host (Infomaniak Network SA) automatically records limited technical information in server log files, including:

the IP address of the connection;
the date and time of the request;
the pages consulted;
the type of browser and operating system used;
the referring page, where applicable.

Purpose: server security, abuse prevention, technical incident diagnostics.
Legal basis: legitimate interest of the controller in ensuring the security of the website (art. 31 para. 1 FADP; art. 6 para. 1 lit. f GDPR).
Retention period: according to Infomaniak's policy, generally 30 days.

3.2 — When contacting us by email

If you send us an email via contact@palatial.ch, we process the following data:

first name and surname;
email address;
any information you freely communicate in your message;
the person who introduced you, where applicable.

Purpose: to respond to your request, assess the relevance of a potential contractual relationship, and — if such a relationship is established — perform the agreed services.
Legal basis: pre-contractual measures taken at your request (art. 31 para. 2 lit. a FADP; art. 6 para. 1 lit. b GDPR).
Retention period: exchanges are retained for the time necessary to process the request, and for a maximum of twelve (12) months from the last exchange, unless a contractual relationship is established — in which case the statutory accounting and tax retention period of ten (10) years applies (art. 958f Swiss Code of Obligations).

3.3 — During the contractual relationship

Within the framework of a client relationship formalised by written mandate, Palatial Kpodar processes the data necessary for the performance of its services. The details of such processing, its specific purposes, legal bases, and retention periods are specified in the mandate itself and in the contractual schedules provided to the client at the time of signing.

4. Communication with our clients via WhatsApp Business

For operational communication with its clients, Palatial Kpodar may use WhatsApp Business, a service provided by WhatsApp Ireland Limited, a subsidiary of the Meta Platforms Inc. group (United States).

When a client communicates with us via WhatsApp:

the contents of the messages are end-to-end encrypted and cannot be read either by WhatsApp or by Meta;
however, certain metadata (telephone number, date, time, frequency of exchanges, online status) are processed by Meta according to its own terms;
such data may be transferred to the United States, considered a third country under Swiss and European law.

This transfer is governed by the European Commission's Standard Contractual Clauses and by the EU–U.S. Data Privacy Framework to which Meta adheres.

If you do not wish us to communicate with you via WhatsApp, please let us know: we will then communicate exclusively by email or telephone.

5. Recipients of the data

Your personal data is in no case sold, rented, or transferred to third parties for commercial purposes.

It may, however, be disclosed to the following categories of recipients, exclusively to the extent necessary for the performance of services:

Technical providers: website host (Infomaniak Network SA, Switzerland), email service provider (Infomaniak Network SA, Switzerland);
Communication providers: WhatsApp Ireland Ltd. / Meta Platforms Inc. (EU / United States), exclusively when the client chooses to communicate via this channel;
Execution partners: within the strict framework of a mandate, and after explicit client consent, certain trusted third parties (hoteliers, transporters, craftsmen, advisors, clinics, etc.) may receive the data strictly necessary for the requested service;
Authorities: in the event of a legal obligation, notably upon duly grounded judicial, tax, or administrative requisition.

6. International data transfers

Data processed by Palatial Kpodar is in principle stored and processed in Switzerland. Certain processing operations may, however, involve transfers to third countries, in particular:

within the European Economic Area (EEA), countries benefiting from a level of data protection recognised as adequate by the Swiss Federal Council;
to the United States, in the context of WhatsApp Business use, on the basis of the Standard Contractual Clauses and the Data Privacy Framework;
to any other country where the performance of a service abroad so requires (hotel reservation, organisation of private travel, international logistical coordination), on the basis of art. 17 FADP (informed consent of the client or necessity for the performance of the contract).

7. Data security

Palatial Kpodar implements reasonable technical and organisational measures to protect personal data against loss, alteration, destruction, unauthorised access, or accidental disclosure. These measures include in particular:

hosting of the website on secure servers in Switzerland (Infomaniak, certified ISO 27001 and ISO 9001);
encryption of communications via the HTTPS protocol (SSL certificate);
access limitation to authorised persons only, who are bound by a duty of confidentiality;
regular backups and encrypted storage of data.

Since no security measure can be absolute, Palatial Kpodar cannot guarantee total security and invites its correspondents to exercise the usual precautions in their own communications.

8. Rights of data subjects

In accordance with the Swiss FADP and the GDPR, you have at any time the following rights over your personal data:

Right	Scope
Access	Obtain confirmation that data concerning you is being processed, and receive a copy thereof.
Rectification	Have any inaccurate or incomplete data concerning you corrected.
Erasure	Request the deletion of your data, subject to legal retention obligations.
Restriction	Request the temporary suspension of a contested processing operation.
Objection	Object to processing based on the legitimate interest of the controller.
Portability (GDPR)	Receive your data in a structured, machine-readable format.
Withdrawal of consent	Withdraw at any time a previously given consent, without retroactive effect.

To exercise any of these rights, please send your request by email to contact@palatial.ch or by postal mail to the head office indicated above. A response will be provided within thirty (30) days from receipt of the request.

In order to ensure the security of processing, reasonable identity verification may be requested.

9. Right to lodge a complaint with an authority

If you consider that the processing of your personal data infringes applicable law, you have the right to lodge a complaint with the competent authority:

In Switzerland: Federal Data Protection and Information Commissioner (FDPIC), Feldeggweg 1, 3003 Bern — www.edoeb.admin.ch;
In the European Union: with the supervisory authority of your State of residence (in France: CNIL — www.cnil.fr; in Germany: BfDI; in Italy: Garante; etc.).

We nevertheless invite you to contact us first: most situations can be resolved directly and in confidence.

10. Cookies

The website www.palatial.ch uses no audience measurement, advertising, or behavioural tracking cookies.

The website uses only a strictly technical local storage mechanism (localStorage), the sole purpose of which is to remember the user's language preference (French or English) between visits. This information remains exclusively on the user's device and is never transmitted to any third-party server.

11. Modifications to the policy

The present policy may be modified at any time to reflect legislative, regulatory, or operational developments. The applicable version is the one accessible on the website at the time of consultation. The date of the last update is shown at the beginning of this document.

Any substantial modification will be notified to clients by electronic means.

12. Governing law and jurisdiction

The present policy is governed by Swiss law. Any dispute relating to its interpretation or application shall be subject to the exclusive jurisdiction of the ordinary courts of the district of Lausanne, subject to the mandatory provisions applicable to consumers residing in the European Union, who may bring proceedings before the courts of their place of residence.

13. Contact

For any question relating to the present privacy policy or to the processing of your personal data, please write to: contact@palatial.ch