Privacy Policy

Data Protection Policy

Fidav SA attaches great importance to the protection of personal data. We explain what data we process, for what purposes, on what legal basis and what rights you can exercise.

Last updated: June 2026  ·  Compliant with nFADP (Switzerland) and GDPR (EU)

Fidav SA (hereinafter "Fidav", "we") attaches great importance to the protection of personal data and respect for privacy. In this policy we explain what personal data we process, for what purposes, on what legal basis, to whom they may be disclosed and what rights you can exercise.

We process personal data in accordance with the Swiss Federal Act on Data Protection (revised FADP / nFADP) and its implementing ordinance (OPDa) and, to the extent applicable, the General Data Protection Regulation of the European Union (GDPR, Reg. EU 2016/679). As we serve an internationally diverse client base, we apply the higher standard of protection between the two frameworks.

1. Data Controller

The data controller for your personal data is:

Fidav SA
Via Penate 4
6850 Mendrisio (TI), Switzerland
Phone: +41 91 640 40 25
E-mail: info@fidav.ch

For any question relating to data protection or to exercise your rights, please contact us at the details above, indicating "Data Protection" in the subject line.

2. Scope of this Policy

This policy applies to anyone who comes into contact with Fidav, in particular:

  • visitors to the website fidav.ch;
  • individuals who contact us via the contact form, e-mail, telephone or other channels;
  • clients, prospective clients and their representatives, employees and beneficial owners;
  • suppliers, partners and other business contacts.

When you provide us with personal data of third parties (for example employees, shareholders, family members or clients of your business), you must ensure that those individuals are informed of this policy and that their data processing is lawful.

3. Categories of Personal Data Processed

Depending on your relationship with us, we process the following categories of data:

  • Identification and contact data: first name, last name, address, e-mail, telephone number, language, company, role.
  • Engagement-related data: tax, accounting, payroll, corporate and financial information necessary for the performance of our services, as well as related documents and correspondence.
  • Payment and billing data: bank details, amounts, due dates, payment history.
  • Communication data: content of messages you send us (for example via the contact form or by e-mail) and any resulting correspondence.
  • Technical and statistical website usage data: aggregated and anonymous data about use of the website (see section 8 and our Cookie Policy).

In the context of tax, accounting or corporate engagements, we may also process sensitive personal data (for example data relating to social assistance measures, legal proceedings, or health in connection with social contributions). In such cases we apply enhanced safeguards and, where required, obtain your explicit consent.

4. Purposes of Processing

We process your personal data for the following purposes:

  • provision of our fiduciary services (tax advice, accounting, payroll administration, corporate advisory and related services) and performance of engagements;
  • management of relationships with clients, prospective clients, suppliers and partners;
  • responding to enquiries submitted via the contact form or other channels;
  • compliance with legal, accounting, tax and supervisory obligations to which we are subject;
  • invoicing, payment management and protection of our receivables;
  • security of our IT systems and website, prevention of abuse and fraud;
  • aggregated and anonymous measurement of website usage in order to improve content and user experience;
  • sending informational communications, where you have consented or within the limits permitted by law.

5. Legal Basis for Processing

The revised Swiss FADP (nFADP) does not, as a rule, require a specific legal basis for processing personal data that are not sensitive: it is sufficient that processing is lawful, conducted in good faith, proportionate and carried out for recognisable purposes.

To the extent that the GDPR applies, we rely on the following legal bases:

  • performance of a contract or pre-contractual measures (Art. 6(1)(b) GDPR), for example to follow up on your request or to carry out an engagement;
  • compliance with a legal obligation (Art. 6(1)(c) GDPR), for example in accounting, tax and document-retention matters;
  • legitimate interests (Art. 6(1)(f) GDPR), for example for the security of our systems, aggregated measurement of website usage and ordinary management of business relationships;
  • consent (Art. 6(1)(a) GDPR and Art. 6 nFADP for sensitive data), where required; consent may be withdrawn at any time with effect for the future.

6. Contact Form

When you use the contact form on the website, we process the data you provide: first and last name, e-mail address and, if entered, telephone number, company and service of interest, together with the content of your message.

The technical submission of the form is handled on our behalf by Web3Forms, a service provider acting as data processor whose sole function is to deliver the form content to our mailbox (info@fidav.ch). Web3Forms servers are located in the European Union. A data processing agreement compliant with Art. 28 GDPR and Art. 9 nFADP is in place with the provider.

Purpose: responding to your request and managing any resulting correspondence.

Legal basis (where the GDPR applies): performance of pre-contractual measures and response to your request (Art. 6(1)(b) GDPR) and, subsidiarily, our legitimate interest in responding to contacts received (Art. 6(1)(f) GDPR). Under Swiss law, processing is necessary and proportionate to the purpose for which you contacted us.

Retention: data submitted via the form is retained for the time necessary to handle your request. If no engagement results, data is deleted within 12 months. If an engagement begins, the retention periods set out in section 11 apply.

7. Disclosure of Data to Third Parties and Data Processors

We do not sell your personal data. We may disclose them to third parties only in the following cases:

  • data processors (service providers) acting on our behalf and under our instructions, such as IT, hosting, e-mail and website management providers, who are contractually bound to confidentiality and data protection;
  • authorities, courts and other bodies where we are required by law to do so or to protect legitimate rights;
  • professionals and partners (for example lawyers, auditors, banks) to the extent necessary for performing the engagement and with your agreement where required.

The main providers that process data on our behalf in connection with the website are:

  • Cloudflare (website hosting via Cloudflare Pages and infrastructure security);
  • Web3Forms (technical management of the contact form, servers in the European Union);
  • the technical provider operating on our behalf the website statistics tool (Umami) on infrastructure located in Switzerland/the European Union.

8. Website Usage Statistics (Umami)

To understand in aggregate form how our website is used (for example the most visited pages, geographic origin at country level, device type), we use Umami, a privacy-respecting web analytics tool installed on a self-hosted infrastructure managed on our behalf in Switzerland/the European Union. Umami:

  • does not install cookies on your device;
  • does not store your IP address in identifiable form and does not create individual profiles;
  • does not track your browsing across other websites (no cross-site or advertising tracking);
  • honours the "Do Not Track" signal from your browser;
  • collects exclusively aggregated and anonymous statistical data.

For this reason our website does not display a cookie consent banner. The legal basis for processing, where the GDPR applies, is our legitimate interest (Art. 6(1)(f) GDPR) in measuring and improving the digital service, balanced by the absence of individual identification. Statistical data are retained in aggregated form for a maximum of 24 months.

For further details on the absence of tracking cookies, please see our Cookie Policy.

9. Social Network Links

Our website contains a simple hyperlink to our LinkedIn company profile. We do not use embedded plug-ins, widgets, pixels or social buttons: no data is transferred to LinkedIn until you voluntarily click the link. Only after clicking will you be directed to the LinkedIn website, where LinkedIn Ireland Unlimited Company's own privacy policy and terms apply, over which we have no control.

10. Automated Decision-Making and Profiling

We do not make decisions based solely on automated processing that produce legal effects concerning you or similarly significantly affect you, and we do not carry out high-risk profiling within the meaning of the nFADP.

11. How Long We Retain Data

We retain personal data only for as long as necessary for the purposes for which they were collected and in accordance with statutory retention periods, in particular:

  • data relating to engagements, accounting and tax records: 10 years from the close of the financial year, in accordance with the retention obligation under Art. 958f of the Swiss Code of Obligations; certain documents may be retained for longer if required by specific regulations;
  • correspondence and business relationship data: for the duration of the relationship and thereafter for the period necessary to protect our rights, generally up to 10 years;
  • contact form data that does not lead to an engagement: up to 12 months;
  • aggregated statistical website usage data: up to 24 months.

Upon expiry of these periods, data are deleted or anonymised, unless a legal obligation or legitimate interest requires further retention.

12. International Data Transfers

Your data are processed, as a rule, in Switzerland and the European Union, countries that ensure an adequate level of data protection. If, for the performance of a service, it should be necessary to transfer data to a country that does not ensure an adequate level of protection, we do so only with appropriate safeguards in place, in particular the standard contractual clauses recognised by the European Commission and the Swiss Federal Data Protection and Information Commissioner (FDPIC), or on the basis of another statutory exception (for example your explicit consent or the necessity to perform a contract).

13. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, misuse or alteration, taking into account the state of the art, implementation costs and the nature of the data. The website is served over an encrypted connection (HTTPS). Our staff and our service providers are bound by confidentiality obligations.

14. Your Rights

As a data subject, you have — within the limits set by the nFADP and, where applicable, the GDPR — the following rights:

  • right of access to information about the data relating to you;
  • right to rectification of inaccurate or incomplete data;
  • right to erasure of data that are no longer necessary, subject to statutory retention obligations;
  • right to restriction of processing;
  • right to object to processing based on legitimate interests;
  • right to data portability of data you have provided to us, in the cases provided for by the GDPR;
  • right to withdraw consent at any time, with effect for the future;
  • right not to be subject to automated decisions with significant effects.

To exercise your rights, please write to us at info@fidav.ch. We may ask you to verify your identity to prevent disclosures to unauthorised parties. We will respond to your request within the statutory time limits (generally within 30 days, extendable in justified cases).

If you believe that the processing of your data infringes applicable law, you also have the right to lodge a complaint with a supervisory authority: in Switzerland, the Federal Data Protection and Information Commissioner (FDPIC) and, for data subjects in the European Union, the competent supervisory authority of their Member State.

15. Changes to this Policy

We may update this policy to reflect regulatory, organisational or technical changes. The version published on fidav.ch is the current version; we invite you to consult it periodically. The date of the last update is indicated at the top of this page.

Fidav SA — Via Penate 4, 6850 Mendrisio (TI), Switzerland — info@fidav.ch+41 91 640 40 25

Scrivici su WhatsApp