Privacy notice

Legals

Privacy notice

Forvis Mazars SA ("Forvis Mazars", "we", "us" and "our"), whose registered office is located at Chemin de Blandonnet 10, CH-1214 Vernier – Geneva, collects and processes personal data about you and other individuals. Personal data is any information relating to an identified or identifiable natural person ("personal data" or "data"). In this privacy notice ("Notice"), we describe what we do with your data when you use our website https://www.forvismazars.com/ch/en ("Website"), enter into contracts with us, request our services or communicate with us. We also describe how you can exercise your data protection rights.

If you provide us with data about other persons (e.g. family members, colleagues), we assume that you are authorised to do so, and that the data is accurate. Please ensure that these individuals have been informed of this Notice.

This Notice is aligned with the Swiss Federal Act on Data Protection ("FADP") and the European General Data Protection Regulation ("GDPR"). However, the application of the GDPR and the extent of its application are assessed on a case-by-case basis.

1. Data Controller

Forvis Mazars SA, Chemin de Blandonnet 10, CH-1214 Vernier – Geneva, is the controller of your personal data under this Notice, unless we indicate otherwise in a particular case. 
If you have any questions about this Notice or the processing of your personal data, or if you wish to exercise your rights in accordance with Section 10, please write to us at the following email address: dataprivacy@mazars.ch or contact us through our contact form available here.

2. Personal data we process

We process different categories of personal data about you. The main categories are:

  • Basic data: basic data is the fundamental data about you, such as your name, surname and contact details. It also includes registration data (e.g. username and password), information about your subscription to our newsletter, as well as, if applicable, information about the third parties involved (e.g. contact persons, service recipients or representatives). We collect basic data, in particular when you request our services, subscribe to our newsletter or access our offices as visitors.
  • Contractual data: Contractual data is personal data collected in the context of the conclusion and performance of contracts. They include, for example, information on the relevant contracts, information on the execution and management of contracts, acquired rights and claims, and information on customer satisfaction. We mainly conclude contracts with customers, business partners and service providers. 
  • Communication data: When you communicate with us, for example when you write to us, contact our customer service or call us, we process the content of these communications, as well as the associated metadata (e.g. the type, time and place of the communication). This data may also include information about third parties. In some situations, we may also ask you for an identification document to verify your identity.
  • Technical data: When you use our Website, we collect certain technical data, such as IP address, log files that record the use of our systems (log data), information about your device and its configuration (e.g. operating system and language settings), information about the browser used and its configuration,  your approximate location and time of your visit, information about your actions on our Website, and information about your internet service provider. We may also assign your device a unique identifier (ID), for example by means of cookies, to be able to recognise it. You can find more information about this in our Cookie Information available here. Technical data generally does not allow us to infer who you are. However, it may be linked to other categories of data (and potentially to you), for example in the context of the performance of a contract.
  • Behavioral and preference data: Depending on the relationship we have with you, we try to get to know you better and tailor our products and services to your needs. We therefore also process behavioral and preference data, e.g. information about your behavior when using our Website (e.g. search terms and search results), information about your use of electronic communications (e.g. if and when you opened an email or clicked on a link) and your interactions on our social media pages. You can find more information about how we process your data on our social media pages in section 9, and how tracking works on our Website in the section in our Cookie Information available here
  • Other data: We also collect data about you in other situations. For example, we process data that may relate to you in the context of administrative or legal proceedings (e.g. for evidentiary purposes) or when you access our buildings as visitors. We may obtain or take photos, videos and sound recordings in which you can be identified (e.g. at events). We may also collect data about who enters certain buildings, who has access rights, and who uses our infrastructure and systems.
    Most of the data referred to in this Section 2 is provided to us directly by you (e.g., when you communicate with us). You are not obliged to provide us with your data, except in special cases (e.g. legal obligations). However, if you wish, for example, to conclude contracts with us or use our services, you must provide us with certain data. We may also collect data ourselves (such as technical data when you use our Website). To the extent permitted, we may also collect data from publicly available sources (e.g. the debt collection register) or obtain data from authorities or third parties. This includes, in particular, the following categories of data: basic data, contractual data and other data, but potentially all other categories of data described above, as well as data from correspondence and discussions with third parties. If you work for a company, customer or other person who has a business relationship with us or is in contact with us in some other way, they may also give us access to data about you. 

3. Purposes of the processing 

We process your data for the purposes described below:

  • Operation of our Website: You can visit our Website and learn about our offers and services without disclosing who you are. However, to ensure the security and stability of our Website, we collect technical data that at least allows us to recognise you. We also use cookies (see our Cookie Information available here). 
  • Communication: We process your data in order to communicate with you, for example to respond to your requests or to contact you if we have any questions. For this purpose, we use communication data and basic data, among other things. Our communication with you is usually carried out in connection with other processing purposes, for example to enable us to provide services or perform a contract.
  • Conclusion and performance of contracts: If you express an interest in becoming a client of  Mazars, we will use your personal data to take the necessary steps to conclude, manage and perform relevant contracts with you. For this purpose, we use basic data, contractual data, and communication data, as well as behavioral and preference data, among other things.
  • Market research, service improvement, and product development: We continually seek to improve our products and services (including our Website), and to respond quickly to changing needs. We therefore process personal data to carry out market research, improve our services and develop our products. For this purpose, we process in particular basic data, behavioral and preference data, communication data, as well as information from surveys or customer satisfaction surveys. Whenever possible, we use pseudonymised or anonymised data for this purpose.
  • Marketing and relationship management: We may process your data for marketing and relationship management purposes, to promote and develop our services and to provide you with information that we think may be of interest to you. Like most companies, we personalise interactions so that we can provide you with personalised information and offers about our products, services, and other news from us or from third parties that meet your needs and interests in the context of individual marketing (e.g., events) or free services (e.g., invitations). For this purpose, we use, among other things, basic data (e.g. your name, e-mail address and telephone number) and other contact details that we obtain in connection with the conclusion or performance of a contract or during possible registrations (e.g. registration for our newsletter), contractual data, communication data and behavioral and preference data. You may object to such communications or withdraw your consent to be contacted for advertising purposes at any time by notifying us in writing at the email address mentioned in Section 1. 
  • Compliance with legal, regulatory, or professional requirements to which we are subject: We are subject to legal, regulatory, and professional obligations.  We therefore also process personal data to comply with these legal requirements, prevent infringements and identify them in a timely manner. This includes, for example, the receipt and processing of complaints, compliance with judicial or administrative decisions and measures to detect and elucidate abuses. This may relate to all categories of personal data mentioned in section 2.
  • Other purposes: We may process your data for security and prevention purposes (e.g. to ensure IT security, prevent theft, fraud and abuse, as well as to ensure the security of our buildings by maintaining a list of our visitors), for quality assurance and training purposes, as well as for risk management purposes. We may also process your data to safeguard our rights and defend ourselves against claims made by third parties, as well as to protect our legitimate interests. This may relate to all categories of personal data mentioned in section 2.

4. Legal bases for processing 

To the extent that the GDPR applies in a particular case, and we need a lawful basis to process personal data, we will generally rely on one or more of the following lawful bases, depending on the purpose of the processing:

  • Initiation or performance of a contract: The processing is necessary for the purpose of initiating or performing a contract with you or the entity you represent.
  • Legitimate interests: The processing is necessary for our legitimate interests or those of a third party, in particular to carry out the processing for the purposes described in section 3 and to communicate the data in accordance with sections 5 and 6, as well as to carry out the purposes related thereto. Our legitimate interests also include compliance with legal regulations, insofar as this is not already recognised as a legal basis by applicable data protection legislation (e.g. laws in the European Economic Area). This also includes marketing our products and services, the desire to better understand our markets, and to manage and grow our business safely and efficiently.
  • Consent: Processing is based on your consent. In this case, we will inform you separately of the relevant processing purposes. You may withdraw your consent at any time, with effect for the future, by giving us written notice; You can find our contact details in section 1.

To withdraw your consent to online tracking, please see our Cookie Information available here. Once we receive notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you have consented, unless we have another legal basis to do so. The withdrawal of consent does not, however, affect the lawfulness of processing based on consent prior to withdrawal.

In some cases, other legal bases may apply and, where appropriate, we will notify you separately.

5. Transfer of data to third parties 

In the course of our processing activities, we may transfer your personal data to third parties, including the following categories of recipients:

  • Service providers: We work with service providers in Switzerland and abroad. These service providers generally process your personal data on our behalf as "sub-contractors". Our sub-contractors are required to process personal data in accordance with our instructions and to take appropriate measures for data security. Some service providers are also liable jointly with us or independently (e.g. debt collection companies).
  • Contractual partners: We transfer your data to our contractual partners insofar as the provision of your data stems from the relevant contracts. These recipients also include contractual partners with whom we work together or who advertise for us and to whom we may therefore transfer data about you for analysis and marketing purposes. You can find more information about this in our Cookie Information available here.
  • Forvis Mazars entities: Forvis Mazars uses subsidiaries of Forvis Mazars SA, other member firms of the Forvis Mazars Group (including subsidiaries of Forvis Mazars Group SC) or the Forvis Mazars Global network for some processing activities.
  • Authorities: We may transfer your personal data to authorities where we are legally required to do so or where it appears necessary to protect our interests.
  • Other persons: We may also share your data with other persons, for example service recipients and third-party debtors appointed by you.

6. Transfer of data abroad 

We primarily process and store personal data in Switzerland and the European Economic Area ("EEA"). In some cases, however, we may transfer personal data to service providers and other recipients (see section 5) who are located outside this area, or who process personal data outside this area, in principle in any country in the world. The countries in question may not have laws protecting your personal data to the same extent as in Switzerland or the EEA. If we transfer your personal data to such a country, we will ensure the protection of your personal data appropriately. For this purpose, we use the standard contractual clauses of the European Commission, unless the recipient is already subject to a legally accepted set of data protection rules, or we can invoke an exception. We would like to point out that these contractual measures partly compensate for less legal protection or the absence of legal protection, but do not completely exclude all risks (e.g. the risk of access to data by foreign governments). We may transfer your personal data to countries that do not have an adequate level of data protection in the event of a derogation, for example if you consent to the transfer of data, in the context of legal proceedings abroad or if this is necessary for the performance of a contract.

7. Data Retention

Your personal data is kept for as long as necessary to achieve the purposes for which it was collected, within the limits of legal retention periods or for as long as it is necessary for technical reasons or for the purposes of our legitimate interests. After the expiry of these periods, we will delete or anonymise your data insofar as there are no legal or contractual obligations to the contrary.

For example, we comply with the following retention periods, which may be waived on a case-by-case basis:

  • Basic and contractual data: We generally keep basic and contractual data for a period of ten years after the last contractual activity or the end of the business relationship. However, this period may be longer if necessary for evidentiary reasons, due to legal or contractual provisions or for technical reasons. Transaction data related to contracts (e.g. invoices) is generally retained for ten years.
  • Communication data: Emails and written correspondence are usually kept for ten years. However, this period may be longer if this is necessary for evidentiary purposes, due to legal or contractual provisions, or for technical reasons.
  • Technical data: We typically retain technical data for a period of between six months and one year. The retention period for cookies is described in our Cookie Information available here.
  • Other data: The retention period for other data depends on the purpose of the processing and is limited to what is necessary. For example, event reports that contain images are retained for several years.

8. Data Security

We take appropriate technical and organisational security measures to protect your personal data from loss, misuse, alteration, and unintentional destruction, such as the use of antivirus software, firewalls, secure servers, encryption software, password protection, physical access controls, two-factor authentication, intrusion detection, and anomaly detection. Like all companies, however, we cannot rule out any data protection violations with certainty; some residual risks being unavoidable.

Our staff who have access to your personal data have been trained to maintain the confidentiality of that data and will only have access to your personal data to the extent that they need the information to properly perform their duties. 

9. Data processing on our social media pages  

We operate our own pages on social media and other similar third-party platforms (e.g. Instagram, X, YouTube, Facebook and LinkedIn). If you communicate with us via these pages or comment, share or view our content, we collect the relevant information and process it for the purposes described in section 3, in particular for communication, marketing and market research purposes.

When you visit our social media pages, data (e.g. about your user behavior) may also be transmitted directly to or collected by the respective service provider and processed together with other data already known to the respective service provider, in particular for its own marketing and market research purposes and to personalise its platform. In some cases, some of your data will be transferred to the United States. Further information on data processing by social media providers can be found in the data protection declaration of the respective social media.

10. Your rights

Applicable data protection laws give you the right to object to the processing of your data in certain circumstances, including processing and profiling for direct marketing purposes, and other legitimate interests in the processing.

To help you control the processing of your personal data, you have the following rights in relation to our processing of your data, in accordance with applicable data protection legislation:

  • the right to request access to the data stored by us and concerning you;
  • the right to have inaccurate or incomplete personal data corrected; 
  • the right to request the deletion of your personal data;
  • the right to withdraw your consent to the processing of your data with effect for the future, insofar as our processing is based on your consent;
  • the right to request restriction of the processing of your data;
  • the right to receive the personal data you have made available to us in a structured, commonly used and machine-readable format or to request the transfer of your data to another controller;
  • the right to receive, upon request, other information useful for the exercise of these rights. 

If you wish to exercise your rights, you may contact us in writing at the email address mentioned in section 1. In order to be able to prevent misuse, we need to identify you (e.g. by means of a copy of your identity card, if identification is not otherwise possible).
Please note that these rights may, in some cases, be limited, excluded or subject to the fulfilment of certain conditions. We will inform you on a case-by-case basis.
If you are not satisfied with the way in which we have processed your personal data, you can contact the Federal Data Protection and Information Commissioner ("FDPIC"). 

11. Changes to the Declaration

This Notice does not form part of a contract with you. We may modify this Notice at any time without notice. The version published on our Website is the current version. 
 

Third party APIs

Read more

Contact us

+41 22 708 10 80 ___ +41 44 384 84 44
Meet our local team
Discover our offices
Or use our contact form