As a fiduciary company based in Switzerland, we are subject to the Federal Data Protection Act, it being understood that, whatever the circumstances, we remain bound by our obligations of professional secrecy. As we do not deliberately target European residents in connection with the provision of our services within the meaning of art. 3.2 RGDP, we do not consider that we are subject in the context of our activities to the RGPD. This policy may be revised as necessary. Current version: August 2023

Data protection declaration

1. Who we are

Fidinter, founded in 1918, is a Swiss fiduciary with offices in Lausanne, Zurich and Zug. Under the Fidinter brand, our Group currently operates four companies nationwide, offering a broad spectrum of services in the fields of auditing, tax consultancy, accounting, business consulting and outsourcing.

2. Basic principles of data processing

This data protection declaration describes how we handle personal data, in particular which personal data we collect and for what purposes. It also governs the transfer of data, the retention period and your rights. Personal data (hereinafter also referred to as data) is any information relating to an identified or identifiable natural person. The notion of data processing must be understood in the context of the situation in question and includes any operation relating to personal data, whatever the means and procedures used, in particular the collection, storage, use, modification, communication, archiving or destruction of data. We collect and process personal data in order to perform our professional duties, in accordance with legal and contractual provisions. The collection, processing and use of personal data are subject to the legal provisions in force in Switzerland[1] and, where applicable, in Europe[2]. We collect personal data transparently and in compliance with the principles of proportionality and purpose. Data is processed only to the extent and for the duration necessary to fulfill our duties and obligations. [ 1] Federal Data Protection Act of September 25, 2020 [2] EU General Data Protection Regulation (GDPR)

3. Purpose of collecting and processing personal data

We process personal data that is necessary to ensure the continuity, security and reliability of our offer. In particular, this includes the following purposes:

  • Management and administration of contractual relations with customers, employees, suppliers, etc;
  • Contact management and communication for service provision;
  • Website operation and authentication of registered users for certain parts of our website;
  • Ensuring safety, complying with legal obligations and asserting claims;
  • Invitations and organization of events and webinars;
  • Marketing actions and newsletters;
  • Statistical collection and analysis;

4. What personal data do we process?

4.1 General contact and basic data Depending on the purpose of the data processing, the customer segment and the service areas, we collect various types of personal data, including sensitive data under certain circumstances. We process at least the following personal data for all contacts, contact persons, contractual partners and customers:

  • surname, first name, e-mail address and, if applicable, gender, address, telephone number, title, date of birth, nationality, profession, employer details, title, AHV number;
  • electronic and written correspondence (mail).

In addition, depending on the purpose of the data processing, the customer segment and the service area, we collect and process further data in accordance with the descriptions set out in the following paragraphs. 4.2 Data relating to mandate management For the management and administration of our mandates and for communication with our customers, we process the following personal data:

  • Contact data and general basic data as per 4.1;
  • For companies:
    • Legal form, share capital and paid-up capital, year company founded, external auditors, sales in Switzerland and abroad, annual sales by business area, register number;
    • Branches: Location of branch, company name, address, telephone, Internet, e-mail, language of correspondence;
    • Staffing information: professional fields, number of employees resp. managers, percentage of positions;
  • Financial information;
  • Risk assessment data:
    • Extracts from the register of prosecutions;
    • Management and control of the company:
      • Data on individuals/partners and members of management involved in the company: surname, first name, year of birth, nationality, position, percentage of voting rights, information on company activity;
      • Data on companies and foundations with a stake in the company: company name, registered office, area of business, degree of participation;
      • Contact details: surname, first name, date of birth, e-mail and telephone number;
    • Information on the hiring of management staff from third-party companies, including surname, first name, company, sector of activity, position and level of employment;
    • Data on shareholdings
  • Payment information;
  • Données relatives aux mandats de gestion des salaires de nos clients telles que :
    • Contact data and general basic data as per 4.1;
    • Social insurance data / AVS no;
    • Information about children;
    • Information about the position within our company, such as date of hire, position, salary, employment contract;
    • Financial information and bank details;
    • For employees taxed at source: confession, residence permit, information on other professional activities, income acquired as compensation and information on partner;
    • Time and vacation recording;
    • Information on illness, accidents, maternity or paternity leave, military service or civil protection;
    • Extracts from the criminal record and/or the register of prosecutions;
  • Mandate data such as:
    • articles of association, minutes, contracts,
    • employee data (salary, social insurance),
    • accounting and tax information,
    • sensitive personal data [such as data relating to health, religion, welfare, debt collection or bankruptcy].

This data is mainly processed within the framework of services provided in our areas of activity (auditing, consulting, tax, payroll processing or accounting). It mainly concerns data relating to our customers. But it may also concern third parties, such as employees, contact persons or persons who have a (contractual) relationship with our customers. Our customers can therefore also refer to this data protection declaration, but they themselves must take steps to comply with the Data Protection Act. Data is processed for the purposes of managing and administering mandates, checking creditworthiness, preventing conflicts of interest and quality control. It also meets legal and contractual requirements. As a general rule, data is communicated and made available directly by customers. However, depending on the nature and scope of the mandate, data may also come from authorities, courts or third parties. In certain circumstances, data may also be collected directly from the employer of the persons concerned.

4.3 Data for mailings and newsletters
We process the following personal data to send you information about events, publications, etc. (for marketing purposes) and to send you newsletters:

  • Contact data and general basic data as per 4.1;

This data is necessary for the provision of the service, for communication or for the management of our customer base. Information relating to marketing, mailings and newsletters is also subject to statistical analysis in order to continuously improve our services. You may object to the use of your personal data for marketing purposes at any time, or unsubscribe from the newsletter.

4.4 Data for the organization and staging of events
The following personal data is processed for the organization and staging of events:

  • Contact data and general basic data as per 4.1;
  • Information on employer (such as company name, address, e-mail address), participants and speakers;
  • Training participation information;
  • Payment information;
  • In certain circumstances, images or videos.

For online events, the data referred to in section 4.5 is also processed. First name, surname, address, e-mail address and employer may be disclosed to other participants. You may also be photographed or filmed at events. This data is processed for event organization, networking and marketing purposes. We need the images for internal event documentation, for inclusion in a newsletter or on our website and social media networks, for reporting purposes and, where appropriate, to inform our members about the event. Participants have the opportunity to let the photographer know, before or at the time of shooting, that they do not wish to appear in the corresponding images.

4.5 Data related to direct communication (telephone, e-mail or chat, online meetings, videoconferences and/or webinars, etc.)
The online meetings, videoconferences and/or webinars we organize are carried out using Microsoft Teams / Zoom / 3CX. For direct communication by telephone, e-mail, collaboration solution or chat, we, and if necessary our corresponding service providers, may process the following personal data:

  • Contact data and general basic data as per 4.1;
  • Other personal data contained in the e-mail;
  • Communication data such as IP address, time and duration of communication;
  • Videoconference recordings, if required;

We process this personal data in order to provide and improve our services to our customers and other interested third parties.

4.6 Personnel data
The following data is processed for personnel management purposes: Contact data and general basic data as per 4.1;

  • Social insurance data / AVS no;
  • Information about children;
  • Information about the position within our company, such as date of hire, position, salary, employment contract;
  • Application information such as cover letter, CV, work certificates, diplomas, interview evaluations, assessments, references;
  • Financial information and bank details;
  • For employees taxed at source: confession, residence permit, information on other professional activities, income acquired as compensation and information on partner;
  • Information on the periodic appraisal interview;
  • Time and vacation recording;
  • Information on illness, accidents, maternity or paternity leave, military service or civil protection;
  • Extracts from criminal record and/or register of prosecutions
  • Copies of identity documents

Applications that do not lead to employment are deleted/destroyed at the end of the application procedure, unless we have obtained permission to keep them.

4.7 Suppliers and other contractual partners
We process the following personal data of business partners who perform services or deliveries for us:

  • Contact data and general basic data as per 4.1;
  • Financial information such as bank details;
  • Information available in the contract (such as data on responsible employees, advisors, information on the service provided, etc.);

We process this data for the purposes of contractual performance and in accordance with the statutory retention periods under commercial and tax law. If our contractual partners have access to our personal data in the course of performing their duties [e.g. IT companies], we conclude a corresponding subcontracting agreement with them.

4.8 Operation, improvement and control of the website and other electronic channels
4.8.1 Server log files
Our website can be used without the need to disclose extensive personal data. However, the server does collect information about the user on each visit. This information is temporarily stored in server log files. However, it is not possible to attribute this information to a specific person. The log files contain the following information:

  • date, time of access and amount of data,
  • browser and operating system,
  • the supplier’s domain name,
  • the page from which you arrived on our site (Refered-Url),
  • the search query,
  • IP address.

The collection of this data is technically necessary: it serves to ensure the stability and security of the website and is used to analyze and improve the use of the website. It also enables us to carry out precise checks in the event of suspected illegal use of our website.

4.8.2 Cookies
Our website uses cookies and similar technologies. If your device settings allow it, we use cookies and similar tools to provide you with an optimal browsing experience on our website. Cookies are text files that are stored on your computer and enable us to analyze your use of the website or fill in forms. They facilitate the presentation of our website and help you navigate through it. Cookies collect data such as:

  • IP address,
  • the website from which you visit us,
  • the type of device you’re using,
  • the way you use our search function (known as Search-Log),
  • the various actions you perform when you receive the newsletter.

Further information on the use of cookies can be found in the information on the use of web analysis tools (sections 6.1 and 6.2). You can also visit our website without cookies, by setting your browser to prevent cookies from being saved. However, this setting may restrict your ability to use the website. Under no circumstances do we use cookies to install malware or spyware on your computer.

4.9 Ensuring security, complying with legal obligations and asserting claims
We may process the above-mentioned personal data in order to ensure security and assert your rights, if this proves necessary, and, to this end, pass it on to third parties such as courts or offices.

5. Data capture, retention period, security measures

5.1. Data entry
As a general rule, we obtain the personal data mentioned in section 4 directly from you when you take advantage of one of our services. However, in the case of mandates, data may also be obtained from authorities, courts or third parties, depending on the nature and scope of the mandate. [We also use publicly available information in the media and on the Internet insofar as this is appropriate in a specific case (e.g. in connection with job applications, selection of teachers and lecturers), as well as data relating to use of the website (see section 4.8).

5.2. Storage period
We retain personal data for as long as they are required for the purposes for which they were collected, for the statutory or contractual retention periods, and for as long as we have an overriding interest in retaining them. The data is then deleted.

5.3. Data security
We take appropriate technical and organizational security measures to protect personal data against unauthorized access and misuse. These measures include IT and network security solutions, access restrictions, encryption of data carriers and their transmission, instructions, training and controls. Data is stored in the applications and software we use. Data is stored on servers located in Switzerland. If data is stored abroad (Teams, logs, etc.), the rules set out in section 6 apply. If third parties have access to our data, special measures are taken, which are governed by the outsourcing contract (see section 7).

6. Tracking technologies and third-party tools

6.1. Google Analytics
This website uses “Google Analytics”, a web analysis service provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of our website is generally transferred to a Google server in the USA and stored there. [Please note thatthis website uses Google Analytics with the “anonymizeIp();” extension to ensure that IP addresses are recorded anonymously (IP masking). If you activate the anonymization of your IP address on our website, this address will be processed in an abbreviated form by Google in Switzerland, in member states of the European Union (EU) or in other states party to the Agreement on the European Economic Area. As a result, no identification of your identity is possible. Only in exceptional cases is the full IP address transmitted to a Google server in the USA, where it is abbreviated. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. You can prevent the storage of cookies by configuring your browser accordingly. However, we would like to point out that, in this case, not all of our site’s functions may be fully available. In addition, you can prevent the transfer to Google of data generated by cookies and data relating to your use of the website (including your IP address), as well as the processing of this data by Google, by downloading and installing the available browser plug-in. You can also prevent the collection of data by Google Analytics by installing an opt-out cookie, which will prevent your data being saved the next time you visit our website: deactivate Google Analytics. Further information on this subject can be found at https://marketingplatform.google.com/about/analytics/terms/fr/ and on data protection at https://marketingplatform.google.com/about/.

6.2 Newsletter dispatch
Newsletters contain “web beacons”, i.e. single-pixel files which are extracted when the newsletter is opened. As part of this extraction, technical data such as browser and system information, as well as your IP address and the time of access, are collected. This information is used for the technical improvement of our services on the basis of technical data or target groups and of your reading behavior in relation to the place of consultation (identifiable by IP address) or access times. For statistical purposes, we also record whether the newsletter has been opened. In this case, the day, time and links consulted are recorded. For technical reasons, this information can be allocated to the corresponding recipient. However, we only use this information to identify the reading habits of our users, to adapt content and thus improve the newsletter.

7. Data transmission and transfer

We may pass on personal data to third parties if you have given your consent, if this is necessary to provide the service concerned, fulfill the purpose of the contract or preserve our legitimate interest, or if we are required to do so by law. The following categories of recipients may receive personal data from us:

  • service providers (e.g. IT service companies, hosting providers, suppliers, consultants, lawyers, insurance companies).
  • third parties within the scope of our legal or contractual obligations, authorities (in particular audit supervisory authorities or tax authorities), government institutions, courts.

The third parties we appoint are contractually bound to respect data protection and to process data only for the purposes we have indicated to them. Most of our service providers are located in Switzerland or in the EU/EEA. Some personal data may also be transferred to the USA (e.g. Google Analytics data). Should it be necessary to transfer data to a country without an adequate level of data protection, this will be done on the basis of standard contractual clauses (e.g. in the case of Google) or other appropriate guarantees.

8. Your rights

Any person may request information on the data processed concerning him or her, as well as on the origin, recipient and purpose of the data collection and processing. You also have the right to request the rectification, blocking, deletion or transfer of your data. Data retained by virtue of legal provisions or necessary for business management purposes cannot or must not be deleted. If the data is not affected by a legal archiving obligation or by our overriding interest in retention, we will delete your data at your request. If an archiving obligation applies, we will block your data. In addition, you can assert your legal rights or lodge a complaint with the relevant data protection authority.

9. Final provisions

9.1 Responsible entity and contact
We are responsible for processing data in accordance with this data protection declaration, unless otherwise stipulated. General inquiries regarding data protection can be sent to us by post or e-mail to : Fiduciaire Fidinter SA, rue des Fontenailles 16, 1007 Lausanne / Tel. +41 21 614 61 61 / lausanne@fidinter.ch For questions concerning a particular person, requests for rectification or a request for deletion, a copy of the identity card or passport identifying the user must also be enclosed.

9.2 Amendments to the data protection declaration We may amend our data protection declaration at any time by publishing it on the website. This data protection declaration was last updated on September 25, 2023.