Data Protection declaration
1. Data protection declaration: what is it?
In this Data Protection Declaration, we inform you of how and why we collect, process and use your personal data (hereinafter also referred to as “data”).
Here you will receive information, among other things, on the following aspects:
- what personal data we collect and process;
- for what purposes we use your personal data;
- who has access to your personal data;
- what benefits our data processing has for you;
- how long we process your personal data;
- what are your rights with regard to your personal data; and
- how you can contact us.
2. Who is responsible for data processing?
Under data protection law, the controller of a particular data processing is the one who defines whether this processing is to take place, for what purpose and how. The data processor is instead the one who processes personal data on behalf of the data controller.
The owners or managers of the processing of personal data in the context of their activities are respectively the following companies, belonging to Fiduciaria Mega SA Group (point 14):
- Fiduciaria Mega SA, Corso San Gottardo 32, 6830 Chiasso;
- Fiduciaria Mega SA, branch of Lugano, Vicolo Nassetta 2, 6901 Lugano;
- Fiduciaria Mega SA, branch of Mendrisio, Via Stefano Franscini 9, 6850 Mendrisio;
- Fideconsul Società di Revisione SA, Corso San Gottardo 32, 6830 Chiasso
- T&P Trustee and Protector Sagl, Vicolo Nassetta 2, 6900 Lugano;
- Steimle & Partners Consulting Sagl, Via Dogana Vecchia 2, 6900 Lugano
3. For whom and for what use is this Data Protection Declaration intended?
This Data Protection Declaration applies to all persons whose data is processed, regardless of whether the companies of Fiduciaria Mega SA Group are data controllers or processors as well as regardless of the channel through which individuals come into contact with us (e.g. by telephone or via a website). It applies to the processing of personal data already collected and personal data collected in the future. It is valid for the processing of all personal data that we manage in the context of the execution of our consulting and management activities of our companies, as well as our consequent and further activities.
Our data processing may concern in particular the following categories of persons, insofar as we process personal data in this context:
- individuals who request and/or receive our consulting services;
- employees of employers who use our personnel management services (payroll management, announcements to social and private insurance, …),
- contact persons of customers, suppliers, other service providers, as well as authorities and offices;
- people who use our other services;
- people who visit our websites or who contact us through the appropriate forms on our websites;
- people who register at our offices;
- people who write to us or otherwise contact us.
We operate in the field of tax, business, accounting, real estate, legal, as well as in the management of salaries and related social charges. With our auditing firm we operate in the field of auditing.
As part of our activities, we process your personal data on the basis of the applicable legal provisions (you can find further information on point 7). In this Data Protection Declaration we inform you about our entire scope of activity, and the references in this Data Protection Declaration apply in any case, unless we inform you otherwise.
4.What personal data do we process?
“Personal data” is information that can be associated with a specific person, making him identifiable. In point 5 you will find more information on the origin of this data, while in point 6 you will find information on the purposes of data processing.
4.1 Basic data
Basic data is fundamental data about you, which we need for the management of our contractual and other business relationships. For example, we manage your basic data if you are one of our customers, if you are a contact person for one of our customers, suppliers or tenants or if you work for such parties, or if you are a member of one of our bodies. We also collect basic data for access control to our events or offices. We also collect basic data on contact persons and representatives of contractual partners, organisations and authorities.
Basic data includes, for example, depending on your relationship with us:
- title, name, surname, date of birth;
- address, e-mail address, telephone number and other contact details;
- in the case of specific advice in certain areas: marital status and possibly date of marriage or divorce, age, sex, nationality and place of origin, information taken from identification data (e.g. from your passport, identity card or other identification document), within the limits of the legal provisions the AHV number, your contract number, of the policy and the insured, where appropriate, information on the previous pension or vested benefits institution, the date of entry into service with the employer and, where applicable, the date of departure, where appropriate, the category of staff, the degree of working capacity, the level of employment, possibly the fixed duration of the employment relationship, the annual salary reported and the insured salary and the BVG annual salary. This data also includes information on relationships with third parties who are affected by the processing of data, e.g. concerning relatives and beneficiaries;
- in the case of employees of employers, the data necessary for the correct processing of the salary, and affiliation to social and private insurance;
- in the case of tenants, also the data relating to the conclusion of the rental contract;
- In the case of other contractual partners who are companies, we process the data of contact persons, p.es. name and address, information on title, function in the company, qualifications and possibly data on superiors and employees.
4.2 Contract data, case data and service data
These are personal data that arise in connection with the conclusion or execution or termination of contracts. For example, this data includes:
- data in connection with the conclusion and management of contracts of any kind that are submitted to us, such as rental contracts for homes or business premises (especially personal data and information on the financial situation);
- data in connection with the conclusion of commercial, financial, successor and other agreements.
4.3 Financial data
Financial data is personal data that relates to the financial, tax, payments and execution of claims. In some cases, salary information is included.
4.4 Communication data
If you contact us or if we contact you, e.g. if you write to us or call us, we process the contents of the communication exchanged and the data on the type, time and place of the communication. In certain situations we may also ask you for identification for identification. For example, communication data means name and contact details such as postal address, e-mail address and telephone number, the content of e-mails, other written correspondence, telephone conversations, videoconferences, etc., data on the type, time and, where applicable, place of communication, identity documents, such as copies of official documents and marginal data of the communication.
4.5 Technical data
When you use our websites, apps, WiFi networks or other electronic offerings, we collect certain technical data, such as your IP address or device ID. Technical data also includes protocols in which we record the use of our systems (log data). Sometimes we can also assign a unique identification number (ID) to your terminal device (tablet, PC, smartphone, etc.), e.g. by means of cookies or similar technologies, in order to be able to recognize it. You can find more information about this in our cookie information.
The technical data includes, among other things:
- the IP address of your device and additional device IDs (e.g. MAC address);
- customer numbers assigned to your device by cookies and similar technologies (e.g. pixel tags);
- data about your device and configuration, e.g. operating system or language settings;
- data on the browser with which you access the offer and its configuration;
- information about your movements and actions on our websites and apps;
- data about your Internet service provider;
- its approximate location and time of use;
- system logs of accesses and other processes (log data).
These technical data alone do not allow us in most cases to trace your identity. In the context of user accounts or registrations, however, they can be linked with other categories of data and in this way possibly with your person.
For the processing of technical data, please also observe our cookie information.
4.6 Video shooting
For security and testing purposes we can also make video footage in the spaces outside our offices / premises / buildings. We can then obtain information about your behaviour in the filming areas. The use of surveillance cameras is restricted to limited areas and is reported.
4.7 Other data
We also collect your data in other situations. In the course of official procedures of authorities or courts there are also data (such as documents, evidence, etc.) that may refer to you. We may also collect data on who and when accesses a particular building or has corresponding access rights (e.g. for access control, based on registration data or visitor lists, etc.), or who and when attends events or who and when uses our infrastructure and systems.
5. Where does the personal data come from?
5.1 Data provided
You often provide us with your personal data directly, e.g. when you transmit data to us or communicate with us. This can be done via email, telephone, a portal or other channels. We also receive data primarily from you in connection with the rental of homes or business premises.
5.2 Data received
We may also receive data about you from other third parties, e.g. employers, companies with whom we cooperate, people who communicate with us or from public sources.
We may receive data about you from the following third parties:
- persons in your background (relatives, legal representatives, consultants, etc.);
- employers in relation to employee data;
- companies that provide credit data or companies that provide publicly accessible information about individuals;
- banks and other providers of financial services, private and social insurance, pension and vested benefits institutions;
- service providers;
- authorities, courts, parties and other third parties in connection with proceedings before courts and authorities;
- public registers, e.g. the debt collection register or commercial register, and public services such as the media or the Internet;
- Swiss Post and address providers, e.g. for address updates;
The data we process in accordance with this Data Protection Declaration refers not only to your data, but often also to third parties (e.g. employees, tenants, and other third parties).
If you transmit data about third parties to us, we assume that you are entitled to do so and that this data is correct. The transmission of this data to third parties itself serves as confirmation. We therefore invite you to inform these third parties about the processing we do of their data and to provide them with a copy of this Privacy Notice regarding data protection.
6. For what purposes do we process personal data?
We first process personal data for the performance of our consulting activities and for the rental of homes and business premises. These include, for example:
- advice and customer service, assertion of legal claims arising from contracts, accounting and conclusion of contracts. For this purpose, we process in particular basic data, contract data, financial data and communication data;
- the preparation of tax returns and payroll, bookkeeping;
- the conclusion and processing of rental contracts.
We also process personal data for related purposes, in particular for the following purposes:
- Communication: We process personal data for communication with you, e.g. in responding to requests and in the care of customer relations. For this purpose, we use in particular communication data and basic data and, depending on the subject of the communication, also contract data;
- Execution of the contract: we process personal data in connection with the initiation, management and execution of contractual relationships. For this purpose, we mainly use basic data, contract data and communication data;
- Security and prevention: we also process personal data for security purposes, to ensure IT security, for the prevention of fraud and abuse and for testing purposes. This may concern all categories of personal data listed in point 4;
- Compliance with legal provisions: We need to create the conditions for compliance with legal provisions. Therefore, we also process personal data in order to comply with legal obligations and to prevent and detect violations. These include the fulfilment of information, reporting or notification obligations, e.g. in connection with monitoring obligations, the fulfilment of archiving obligations and support to prevent, detect and clarify offences and other violations, but also the acceptance and handling of complaints and other communications, communication surveillance, internal or external investigations or the disclosure of documentation to an authority, if we have an objective reason or are legally obliged to do so;
- Safeguarding rights: to assert our claims and defend ourselves against the claims of others. We therefore also process personal data to safeguard rights, e.g. to enforce them in court, preliminary and extrajudicial proceedings as well as before the authorities in Switzerland and possibly abroad, or to defend ourselves against the claims of others. In this case, depending on the situation, we process various personal data, e.g. contact details and data on processes that have given rise to or may give rise to a dispute.
- Additional purposes: We may process personal data for other purposes, e.g. as part of our internal procedures and administration. This includes IT and real estate administration, accounting, data storage and management of our records; education and training; the transmission of requests to the competent services; the assignment of claims for which we transmit information to the purchaser such as, for example, the cause and amount of the claim and, if applicable, the creditworthiness and behaviour of the debtor; in general the verification and improvement of our internal processes.
7. On what legal basis is our processing of personal data based?
As part of our consulting activities, our data processing is subject to the Swiss data protection provisions of the Data Protection Act (FADP). We process personal data for the fulfillment of a contract with the data subject or with the data subject, for the execution of pre-contractual measures (e.g. checking a contract request), for the protection of our legitimate interests, on the basis of separate consent or to comply with legal provisions. The same also applies to our processing of personal data in connection with the rental of homes or business premises.
8. To whom do we forward personal data?
In addition to us, other subjects can also participate in the consulting activities. Your data is therefore processed not only by us, but also by third parties. Below you will find an overview of the categories of recipients to whom your personal data may be disclosed.
Further information can be found in points 3 and 4.
- Address verification, credit check and collection: We may commission third parties for credit checks and debt collection and provide them with data, e.g. on outstanding claims and payment behaviour.
- Authorities and offices: We may forward personal data to authorities, offices, courts and other public services, if we are legally obliged or authorized to forward it or if it is necessary for the protection of our interests, e.g. in the context of procedures of authorities, courts and in pre-litigation and out of court as well as within the framework of legal obligations to inform and cooperate. The recipients are, for example, enforcement offices, criminal courts and investigating authorities, tax offices or social security authorities. A communication of personal data can also take place when we use public services (registers, authorities) to acquire information about a data subject.
- Other natural and legal persons: where it appears that third parties are involved for the purposes in accordance with point 4, the data may also be disclosed to other recipients, e.g. to other professionals or specialists from whom we seek professional advice, to other persons who are involved in court or authority proceedings (e.g. in the event of recourse against responsible third parties or their liability insurers), but, if necessary, also to potential purchasers of companies, receivables and other assets and to financial companies in the case of securitisations and to other third parties, about which we, if possible, inform you separately. Other persons also include recipients of a payment, attorneys, correspondent banks, other financial institutions and other services involved in a legal transaction.
- Service providers: We may also forward your data to companies if we use their services. These service providers process personal data on our behalf as so-called “processors”. Our processors are obliged to process personal data exclusively according to our instructions and to implement appropriate measures to ensure data security. Certain service providers are also joint controllers with us or controllers on an individual basis (e.g. collection agencies). Through careful selection of service providers and appropriate contractual arrangements, we ensure that data protection is guaranteed during the entire processing of your personal data. These are, for example, IT services or consultancy services (e.g. by lawyers).
The above disclosures are for legal or operational reasons. Therefore, legal and contractual obligations of secrecy do not exclude these communications. The data of the recipients in connection with the advice are communicated only within the limits of the law.
Please also note our cookie information for individual data collection by third-party providers whose tools are integrated into our websites.
9. How do we communicate personal data abroad?
We process personal data almost exclusively in Switzerland. We also use common IT services where certain data flows outside Switzerland are unavoidable. If we transmit your personal data to one of these countries, we ensure the protection of your personal data in an appropriate manner.
One means of ensuring adequate data protection is, for example, the conclusion of contracts concerning the transmission of data with the recipients of your personal data located in third countries that ensure the necessary protection of the data. These include contracts that have been approved, drafted or recognised by the European Commission and the Federal Data Protection and Information Commissioner, known as standard contractual clauses. It should also be noted that contractual measures of this kind partly compensate for weaker or missing protection, but cannot completely exclude all risks (e.g. from state access abroad). Transmission to countries without adequate protection may exceptionally also be permitted in other cases, e.g. on the basis of consent, in connection with criminal proceedings abroad or when the transmission is necessary for the performance of a contract.
10. How do we process sensitive personal data?
Certain types of personal data, e.g. data on religious, philosophical, political or trade union opinions or activities, health, intimacy, genetic data, to others are considered “personal data worthy of special protection” within the meaning of data protection law.
In the course of our ordinary activities, we do not process data of this particular category. We will only do this if necessary with the consent of the person concerned. More information can be found in point 4.
11. How do we protect personal data?
We take technical and organizational security measures to preserve the security of your personal data, to protect it from unauthorized or unlawful processing and to counter the danger of loss, accidental alteration, inadvertent disclosure or unauthorized access. However, like all companies, we cannot rule out data security breaches with absolute certainty; Certain residual risks are unavoidable.
Technical security measures include, e.g. encryption and pseudonymisation of data, data recording, access restrictions and the storage of backups. Security measures of an organisational nature include, for example, instructions to our employees, confidentiality agreements and controls. We also oblige our processors to take appropriate technical and organizational security measures.
12. How long do we process personal data?
We process and store your personal data:
- as long as it is necessary for the purposes of the processing;
- as long as we have a legitimate interest in storage. In particular, this occurs when personal data serves us to assert our claims or to defend ourselves against the claims of others, for archiving purposes and to ensure IT security;
- as long as they are subject to a legal retention obligation.
13. What are your rights in the processing of your personal data?
You have the right to:
- request information about personal data stored with us;
- have incorrect or incomplete personal data rectified or completed;
- request the deletion or anonymization of your personal data, if they are not (any longer) necessary for the performance of our consulting activities or the rental of homes or business premises;
- request the limitation of the processing of your personal data, if the processing for the execution of consultancy activities is not (any longer) necessary;
- receive the personal data you provide in a structured, commonly used and machine-readable format;
- Withdraw consent with effect for the future, if we process your personal data on the basis of consent.
Please note that these rights may be limited or excluded in individual cases, e.g. if there are doubts about identity or if this is necessary to protect other persons, to safeguard interests worthy of protection or to comply with legal obligations.
You can exercise the rights mentioned above by writing to us (point 14).
You are also free to lodge a complaint with the competent supervisory authority if you have doubts as to whether the processing of your personal data complies with the law.
The competent supervisory authority in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
14. How can you contact us?
If you have any questions regarding this Data Protection Declaration or the processing of your personal data, please write to us at
15. Changes to this Data Protection Declaration
This Data Protection Declaration may be unilaterally adapted by the Fiduciaria Mega SA Group at any time, in particular if our data processing changes or new legal provisions come into force. In general, the updated version of the Data Protection Declaration in force at the beginning of the processing in question applies to data processing. The latest updated version will be available on the corporate websites of Gruppo Fiduciaria Mega SA.
Version 1 – September 1st, 2023
This document has been drawn up in several languages. In case of doubt, the Italian version of the document shall prevail.