Back to homepage

Privacy Policy

Version of June 25, 2025

With this privacy policy, Cosa Mirai Homes Ltd and Cosa Mirai Ltd. (both Lättichstrasse 4A, 6340 Baar, Switzerland) (hereinafter jointly referred to as we or Cosa Mirai) provide information on how we collect, use, disclose and otherwise process personal data. This is not an exhaustive description of all data processing by Cosa Mirai. Other data protection declarations, individual data protection statements or information may apply to specific circumstances. Personal data means any information relating to an identified or identifiable natural person.

Controller and Contact Details

Cosa Mirai Homes AG is generally the controller of the data processing described in this privacy policy, unless we inform you otherwise in individual cases. You can contact us at the following address if you have any data protection concerns:

Cosa Mirai Homes Ltd

Lättichstrasse 4A

6340 Baar

Switzerland

contact@cosamirai.ch

If another company, namely Cosa Mirai Ltd., refers to this privacy policy, the referring company is generally the controller of the corresponding data processing and its processing is governed by this privacy policy.

If Cosa Mirai companies are joint controllers of a certain processing, we will point this out separately.

Collection and Processing of Personal Data

We process personal data that we receive from you, our tenants and their employees, business partners, credit agencies, authorities, courts or other third parties, that we receive in connection with our business activities or that we collect via our website, apps and other applications and offers. Where permitted, we may also obtain certain personal data from publicly accessible sources.

The categories of personal data that we collect and process about you may include the following data in particular:

  • Personal information and contact details, such as name, address, telephone number, e-mail address, date of birth, nationality, gender, pictures, professional functions and activities, education, qualifications, information about family members, relatives and related parties, connections to third parties, biometric data for access systems.
  • Contract data, such as information on the preparation, conclusion and execution of the rental agreement; in the case of smart home applications used, the corresponding personal data.
  • Information contained in communications and other interactions with us, such as correspondence by letter or email or through other communication channels with you or with third parties, meetings, call logs, notes related to communications, access logs, requests, social media activity.
  • Financial information, such as information related to invoices, payment data, bank data, insurance information, financial situation data, accounting information, creditworthiness, debt collection and bankruptcy information.
  • Information on legal regulations, such as anti-money laundering laws.
  • Data in connection with marketing activities, such as preferences and interests, subscriptions and unsubscriptions to newsletters, reactions to marketing activities, invitations and participation in events and activities.
  • Data in connection with the use of our website and other applications, such as connection data, IP address and other identifiers (e.g. user name in social media, MAC address of the smartphone or computer, data from cookies and similar technologies), date and time of the visit to our website, duration of the visit to the website, requested internet address (URL), referrer URL (i.e. the internet address of the website from which you accessed our website, if applicable with the search term used), browser type and version, operating system used and the amount of data sent in bytes, as well as the number of visitors to our website.i.e. the internet address of the website from which you accessed our website, including the search term used if applicable), browser type and version, operating system used, amount of data sent in bytes and the search term used, location data, pages and content accessed, functions used.
  • Data from public registers and other public sources, such as the debt collection register, credit rating directories, land register, commercial register, media and internet.

Purposes of Data Processing and Legal Bases

We may process personal data in accordance with applicable data protection law for the following purposes and, if required under applicable data protection law, based on the following legal bases:

  • For the fulfillment of contracts: We process personal data in connection with the conclusion and performance of contracts with our tenants and business partners, in particular in the context of letting residential and commercial space for our tenants and procuring products and services from our suppliers and subcontractors, as well as to fulfill our legal obligations in this regard, including debt collection. You may be affected by our data processing in your capacity as an employee of commercial tenants or business partners. The purposes of data processing and further information on data protection are set out in the respective contracts, terms and conditions and/or other applicable provisions.
  • To fulfill legal obligations: We process personal data in order to comply with our legal obligations. The processing purposes include, among other things, documentation and compliance with legal requirements.
  • To safeguard legitimate interests: We process personal data for the following purposes if this is necessary to protect our legitimate interests or those of third parties or to protect legitimate public interests:
  • Offering and developing our services, websites, applications (including smart home applications, if you use them) and other platforms;
  • Communication with third parties and processing of inquiries (e.g. applications, media inquiries);
  • Advertising and marketing (including marketing of properties, organization of events), provided you have not objected to the use of your data for such purposes;
  • Property valuation, market and opinion research, media monitoring;
  • Assertion of legal claims and defense in connection with disputes and proceedings;
  • Prevention and investigation of criminal offenses and other misconduct (e.g. data analysis to combat fraud or investigate damage to property);
  • Ensuring and maintaining our business operations, including our IT, website, apps and other applications;
  • Video surveillance to safeguard domiciliary rights and other measures for IT, building and facility security and to protect our employees and other persons as well as our facilities and assets (e.g. access controls, visitor lists, network and mail scanners);
  • Any transactions under company law or property law and the associated transfer of personal data;
  • Business management measures to the extent necessary to comply with Cosa Mirai's internal regulations.
  • On the basis of your consent: If you have given us consent to process your personal data for specific purposes (e.g. when you register to receive newsletters), we will process your personal data to the extent of and based on this consent, unless we have another legal basis and require one. Consent that has been given can be withdrawn at any time; however, this has no effect on any data processing that has already taken place.

Cookies, Tracking and Other Technologies in Connection with the Use of Our Website

We use cookies and similar technologies on our website and in our marketing communications that allow us to store information on your device and/or access the information stored on your device or obtain information about your response to website offers and other marketing activities. This enables us to better understand user behavior and preferences and to provide our services in a technically error-free, secure, user-friendly and needs-based manner:

  • Cookies: These are small text files that are stored permanently or temporarily on your device when you visit our website. By using cookies, your browser receives an identifier and shows this on request.

We use so-called session cookies. These store your entries while you navigate our website during a visit. Session cookies are automatically deleted after your visit to our website. We also use permanent cookies, which remain stored on your device for a certain period of time over several sessions and enable us to recognize your browser the next time you visit the website. We use persistent cookies to store your preferences (e.g. language) and to help us understand how you use our services and content. If you block cookies, certain elements (e.g. language selection) may no longer work. Permanent cookies are deleted when their expiration date is reached or if you delete them beforehand. Most browsers are set to accept cookies by default. Further details on the cookies used on this website are available on request from the contact address given at the beginning.

  • Social media plug-ins: You can recognize plug-ins by the corresponding logo of the relevant social network or by the "Like" or "Share" button on our website. By clicking on the plug-in, you can share content from our website on the respective social network. The plug-in informs the social network that you have visited our website with your IP address. This can happen even if you are not logged into the social network or are not a member of the social network. If you are logged in to the social network, the social network can assign your surfing behavior directly to your profile there.

The social network is responsible for the processing of your personal data that is transmitted with the plug-in and the data protection provisions of the respective social network apply. We have no precise knowledge of the content and scope of the data transmitted or its use by the social network and have no influence over it. As a rule, this is the following data Visited website, the data transmitted by your browser (IP address, browser type and version, operating system, time) and your identification number in the social network, if you are registered there as a user.

If you share content via a plug-in, you are not authorized to speak on our behalf. These are your own statements for which we are not responsible or liable.

  • Tracking of marketing communications: We use tracking technologies in our marketing communications (e.g. newsletters, invitations) that allow us to assess whether marketing emails or other communications have been opened, responded to or forwarded and whether links have been followed.
  • Website analytics: We use Google Analytics on our website. This is a service provided by Google (www.google.com) with which we can measure and evaluate the use of the website (non-personal). Permanent cookies set by Google are also used for this purpose. Google does not receive any personal data from us (and does not store any IP addresses), but can track your use of the website. You can find more information about Google Analytics and the processed data here: https://support.google.com/analytics/answer/6004245.

Cookies and similar technologies generally do not provide personal data, but only anonymous traffic data relating to your device (e.g. your IP address) and statistical data (e.g. number and type of website visits). However, where the identifiers collected are classified as personal data under applicable law, we treat them as such. In addition, we may sometimes combine non-personal data collected using these technologies with other personal data held by Cosa Mirai. When we combine data in this way, we treat the combined data as Personal Data for the purposes of this Privacy Policy.

By using our website, apps and agreeing to receive newsletters and other marketing emails, you accept the use of the above technologies. If you do not wish to do so, you can block or delete cookies and similar technologies via the privacy settings of your browser and email program, although this may affect your use of our website.

Disclosure of Personal Data to Other Persons

In particular, we may disclose personal data to the following categories of recipients:

  • Tenants, their affiliated companies, transaction parties and other persons involved in the management of our properties, such as energy and water suppliers, debt collection companies, security and cleaning services or providers of smart home applications;
  • Courts, arbitration tribunals, authorities;
  • Business partners, service providers and suppliers with whom we work (e.g. consultants, law firms, banks, insurance companies, potential direct or indirect purchasers of the rental property) who act as independent controllers or who may process personal data as processors for our purposes (e.g. providers of cloud and other IT services);
  • The public, including users of our website and social media;
  • Competitors, industry associations and other organizations.

Disclosure of Personal Data Abroad

The recipients of personal data may be located in Switzerland or abroad. We may disclose personal data to recipients in the EU/EEA, whereby the location of the recipient depends on the specific circumstances and may include, in particular, countries in which our tenants are present (EU/EEA member states) and the countries in which our service providers process your personal data (EU/EEA member states, in particular France).

In addition, if we disclose personal data to a country without adequate legal data protection, we will ensure that this is done in accordance with the applicable data protection law. In particular, we may disclose personal data to these countries in the following circumstances:

  • You give your express consent.
  • The disclosure is necessary for the performance of a contract with you or a contract in your interest.
  • The disclosure is necessary for the fulfillment of a legal obligation.
  • The disclosure is necessary to safeguard overriding public interests, to establish, exercise or enforce legal claims or to protect the life or physical integrity of you or third parties.
  • You have made the personal data generally accessible and have not expressly prohibited its processing.
  • The personal data originates from a register provided for by law, which is accessible to the public or to persons with a legitimate interest, provided that the legal requirements for inspection are met in individual cases.
  • We will ensure adequate protection, in particular through sufficient contractual safeguards such as the European Commission's Standard Contractual Clauses or by relying on another legal instrument. You can obtain a copy of the contractual guarantees from the contact point mentioned above or find out from them where you can obtain such a copy.

Duration of Storage of Personal Data

We process and store personal data for as long as is necessary for the processing purpose for which we collected it. As a rule, this is for the duration of our business relationship and thereafter for as long as we have a legitimate interest in retaining the data (e.g. due to the applicable limitation periods, for the retention of documents and the generation of know-how). In addition, there may be a contractual or statutory retention or documentation obligation (e.g. under the Swiss Code of Obligations, VAT Act, etc.). It is possible that personal data may be retained for the period in which claims can be asserted against us or insofar as we are otherwise legally obliged to do so or legitimate business interests require this (e.g. for evidence and documentation purposes). If the personal data is no longer required, it will be deleted or anonymized as far as possible. Subject to an express written agreement, we are under no obligation to you to retain personal data for a certain period of time.

Data Security

We take appropriate technical and organizational security precautions to protect your personal data from unauthorized access and misuse, such as warnings, training, IT and network security solutions, access controls and restrictions, encryption of data carriers and transmissions, pseudonymization, controls.

Rights of the Data Subject

In accordance with the applicable data protection law and to the extent provided therein, you have the right to information, correction and deletion of your personal data, the right to restrict processing or to object to our data processing as well as the right to receive certain personal data for transmission to another controller (so-called data portability). Please note, however, that we reserve the right to assert the restrictions provided for by law, e.g. if we are obliged to store or process certain data, have an overriding interest in doing so (insofar as we can invoke such interests), are obliged to maintain confidentiality or require the data to assert claims. If the exercise of certain rights is associated with costs for you, we will inform you of this in advance. We have already informed you about the possibility of withdrawing your consent in section 3 above.

The exercise of these rights generally requires that you can clearly prove your identity (e.g. by means of a copy of your identity card if your identity is not otherwise apparent or cannot be verified in any other way). To assert your rights, please contact us at the address given at the beginning.

You have the right to assert your claims in court or to lodge a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).

Obligations of the Data Subject

As part of our business relationship, you must provide the personal data required to enter into and conduct a business relationship and to fulfill the associated contractual obligations (there is generally no legal obligation to provide us with data). Without this data, we are generally unable to conclude or fulfill a contract with you (or the legal entity or natural person you represent). In addition, the website cannot be used if certain information for securing data traffic (such as the IP address) is not provided.

If you provide us with personal data of other persons (e.g. data of work colleagues), please ensure that these persons are aware of this data protection declaration and that you only pass on their personal data to us if you are authorized to do so and this personal data is correct.

Please note that the internet is generally not a secure environment, as it is an open network that can be accessed by anyone. We therefore also appeal to you to take personal responsibility when handling your personal data. To the extent permitted by law, we exclude liability for the security of data that you transmit to us via the internet (e.g. by e-mail) or other electronic channels and for any direct or indirect damage. We ask you to choose other means of communication if this appears necessary or sensible for security reasons.

Changes to the Privacy Policy

We may change this privacy policy at any time without prior notice. The latest version published on our website (www.cosamirai.ch) applies.