Privacy policy

1. About us

MESOS RIVERS SA is a fiduciary firm that aims to offer solutions and services to private and corporate clients. The range of services offered by MESOS RIVERS SA includes, among other things, bookkeeping, tax advice, human resources management and general consulting.

2. Basic principles of data processing

This data protection declaration describes how we process personal data, in particular which personal data we collect and for what purpose. Furthermore, it regulates the transmission of data, the storage period and your rights.

Personal data (hereinafter also referred to as ‘data’) is any information concerning an identified or identifiable natural person. The concept of ‘data processing’ must be interpreted according to the situation and includes any operation involving personal data, irrespective of the means and procedures used, namely the collection, storage, use, modification, communication, archiving or destruction of data.

We collect and process personal data to perform our professional duties in accordance with legal and contractual provisions. The collection, processing and use of personal data are subject to the legal provisions applicable in Switzerland and, where applicable, in Europe.

We collect personal data transparently and in accordance with the principles of proportionality and purpose. Data is only processed to the extent and for the duration necessary for our activities and obligations.

3. Purpose of collecting and processing personal data

We process the personal data required to guarantee our offer in a durable, secure and reliable manner. This includes in particular:

• Management and administration of contractual relations with customers, employees, suppliers, etc.
• Contact management and communication within the framework of the provision of services.
• Website management and authentication of registered users for specific sections of our website, where applicable.
• Ensuring security, fulfilling legal obligations and exercising claims.

4. What personal data do we process?

4.1 Contact data and general basic data

Depending on the purpose of the data processing, the customer segment, and the service areas, we collect various types of personal data, including, in certain circumstances, personal data worthy of special attention.

For all contacts, contractual partners and customers, we process at least the following personal data:

• First name, surname, e-mail address and, where necessary, gender, address, telephone number, title, date of birth, nationality, profession, employment information, social security number.
• Electronic or written correspondence (mail).

4.2 Mandate management data

For the provision and management of our mandates as well as for communication with our customers, we process the following personal data:

• Contact data and general basic data pursuant to Section 4.1.
• In the case of companies: legal form, share capital and paid-up capital, year of incorporation of the company, external auditor, turnover in Switzerland and/or abroad, annual turnover achieved by type of activity, register number; branches: location of branch office, company name, address, telephone, website, e-mail, language of correspondence; information on staffing levels: professional field, number of employees and/or managers, percentage of work.
• Financial information.
• Risk assessment data: extracts from debt enforcement registers; management and control of the company: data on natural persons holding a stake in the company / partners and members of the management: name, surname, year of birth, nationality, function, voting percentage, information on activity in the company; data on companies and foundations holding a stake in the company: company name, registered office, sector of activity, degree of participation; data on the contact person: surname, first name, date of birth, e-mail address and telephone number; information on the employment of managers at third-party companies and, if applicable, surname, first name, company name, sector of activity, function and degree of employment; data on the participation relationship.
• Payment information.
• Mandate data such as: articles of association, minutes, contracts; employee data (salaries, social insurance); accounting and tax information; personal data worthy of special attention.

4.3 Direct communication data

The online meetings, video conferences we organise are carried out with Microsoft Teams or Zoom or Skype, etc. For direct communication via telephone, e-mail, through a collaboration solution or chat, we and, if necessary, our corresponding service providers, may process the following personal data:

• Contact data and general basic data pursuant to Section 4.1.
• Other personal data contained in the e-mail.
• Communication data such as IP address, time and duration of communication.
• Recording of the video conference, if necessary.

4.4 Employment application

You may send us your application for a job in our company by letter or to the e-mail address indicated on our website. Application documents and all personal data communicated to us with your application are treated confidentially and processed by us only for the purpose of processing your application for employment with us. In the absence of your objection, at the end of the application procedure your file will be returned to you or deleted/destroyed, if there is no legal obligation to keep it. The legal bases for processing your data are your consent, the performance of the contract with you and our legitimate interests.

• Contact data and general basic data according to Section 4.1.
• Personal information such as profession, function, title, employer company.
• Application documents such as motivation letter, certificates, diplomas, curriculum vitae.
• Assessment information such as personnel consultant assessment, references, assessment.

4.5 Suppliers and other contractual partners

We process the following personal data of business partners who provide services or deliveries for us:

• Contact data and general basic data pursuant to Section 4.1.
• Financial information such as bank details.
• Information available in the contract (such as data on responsible employees, consultants, information on the service provided, etc.).

4.6 Operation, control and improvement of the website and other electronic channels

4.6.1 Server Log Files

Our website can be used without having to provide full personal data. However, on each visit the server records information about users, which is stored temporarily in the server log files. The log files contain the following information:

• Date, time of access and amount of data.
• The browser used and the operating system.
• The domain name of the provider.
• The page from which you arrived at our site (referred URL).
• The search request.
• The IP address.

4.6.2 Cookies

Our web pages use cookies and similar technologies. If your device settings allow it, we use cookies and similar tools to allow you an optimal browsing experience on our web pages.

4.7 Ensuring security, fulfilling legal obligations and asserting claims

We may process the above-mentioned personal data to the extent necessary to ensure security and to enforce your rights and, to this end, also communicate them to third parties, such as courts or public offices.

5. Data recording, retention period, and security

5.1 Data recording

In principle, we receive the personal data mentioned in Section 4 directly from you when you make use of a service. Under certain circumstances, data may also be collected directly from the employer of the persons concerned.

However, when carrying out mandates, data may also come from authorities, courts, or third parties, depending on the type and scope of the mandate.

We also use information that is publicly available in the media and on the Internet, insofar as this is appropriate in the specific case (e.g. as part of an application, etc.), as well as data on website use.

5.2 Retention period

We retain personal data for as long as it is necessary for the purpose for which it was collected or for as long as required by applicable laws and regulations or contractual agreements and as long as we have an overriding interest in retaining it. Thereafter, the data are deleted.

5.3 Data security

We take appropriate organizational and technical security measures to protect personal data against unauthorized access and misuse. These measures include IT and network security solutions, access restrictions, encryption of data carriers and transmissions, directives, training, and controls.

Data is stored in the applications and software we use. The data is stored on servers located in Switzerland.

If third parties have access to our data, special measures are taken, which are regulated in the data processing contract.

6. Social media channels

Our website uses share buttons to allow you to use third-party social plug-ins, e.g. Twitter or LinkedIn, with one click. This enables visitors to our website to also share content on the respective social media channels. By clicking on a share button, usage data is transmitted to the respective social media provider.

Plug-ins are marked with the provider’s logo. The content of the plug-in is transmitted from the provider’s page directly to your browser and integrated by the latter into the Internet page. By integrating the plug-ins or by opening the respective channel via the link, the provider is informed that you have visited our website. If you have also logged in to the provider, the provider can associate your visit with your profile. If you interact with the plug-ins, e.g. by pressing the button or posting a comment, this information is also transmitted from your browser directly to the provider, where it is stored.

In addition, we also link to our respective social media channels. This is only a static referral to the respective channel. If you link to our social media channels, we receive information that is saved in your profile (contact information) and any profile information of your friends.

The purpose and scope of the data collection and further processing of your data by the provider, as well as your rights in this respect and possible privacy protection configurations, can be found in the Privacy Policy of the various providers.

• Facebook Ireland Ltd. or Facebook Inc: https://www.facebook.com/policy.php
• LinkedIn Corporation: https://www.linkedin.com/legal/privacy-policy
• Twitter Inc.: https://twitter.com/en/privacy
• Google Ireland Limited or YouTube: https://policies.google.com/privacy

7. Monitoring technologies

7.1 Google Maps

On our website, we use Google Maps (API) from Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Google Limited Ireland, “Google”, is responsible for Europe). Google Maps is a web service for displaying interactive (geographic) maps. Through this service, we can show you where we are and make it easier for you to find your way around. Already by calling up the pages below, on which the Google Maps map is integrated, information about your use of our website (e.g. your IP address) is transmitted to Google servers in the USA and stored there. This occurs irrespective of whether Google provides a user account to which you have logged on or whether there is no such account. If you are logged into Google, your data are assigned directly to your account. If you want to avoid this allocation to your Google profile, you must log out before activating the button. Google stores your data (even if you are not logged in as a user) as user profiles and analyses them.

For the transmission of data to the USA, Google has undertaken to enter into and comply with the standard contractual clauses of the EU.

7.2 Google Web Fonts

This website uses so-called web fonts provided by Google for the uniform display of characters. When calling up a page, the browser loads the web fonts necessary to display texts and characters correctly into its cache. If the browser does not support web fonts, the computer will use the standard ones.

Further information on Google’s privacy policy and terms of use can be found at: https://policies.google.com/privacy

7.3 Using plug-ins

7.3.1 Facebook plug-ins

Our website uses so-called social plug-ins (“plug-ins”) of the social network “Facebook,” which is operated by Facebook (Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). The plug-ins are marked with a Facebook logo or the specification “Facebook Social Plug-in.”

If you open a page on our website that contains such a plug-in, your browser connects directly to the Facebook servers. The content of the plug-in is transmitted by Facebook directly to your browser and integrated into the page by your browser. By means of this integration, Facebook receives the information that your browser has opened the relevant page of our website, even if you do not have a Facebook profile or are not logged in to Facebook. This information (including your IP address) is transmitted by your browser directly to a Facebook server in the USA and stored there. If you are logged in to Facebook, Facebook can directly associate your visit to our website with your Facebook profile. If you interact with the plug-ins, e.g. by pressing the “Like” button or posting a comment, this information is also transmitted directly to a Facebook server and stored there.

7.3.2 LinkedIn plug-ins

Our website uses functions of the social network LinkedIn. The provider is LinkedIn Ireland Unlimited, Company Wilton Plaza, Wilton Place, Dublin 2, Ireland. Each time you open one of our pages that contains LinkedIn functions, a connection is created to LinkedIn’s servers. LinkedIn is informed that you have visited our web pages with your IP address. If you click on LinkedIn’s “Recommend” button and are logged in to your LinkedIn account, LinkedIn can associate your visit to our website with you and your user account. Find more information about this in LinkedIn’s Privacy Policy.

8. Forwarding and transmission of data

We may forward personal data to third parties if you have given your consent to do so, if this is necessary for the provision of the respective service or for the pursuit of the purpose of the contract or the protection of our legitimate interests, or if we are required to do so by law.

The following categories of recipients may receive personal data from us:

• service providers (e.g., IT service companies, hosting providers, suppliers, consultants, lawyers, insurance companies),
• third parties in connection with our legal or contractual obligations, authorities (including audit supervision or tax authorities), government institutions, courts.

Third parties engaged by us are contractually obligated to comply with data protection and process data only for the purpose prescribed by us.

Our service providers are mainly located in Switzerland. Specific personal data may also be transmitted to the United States (e.g., data from Google Analytics). If it is necessary to transmit data to a country that does not have an adequate level of data protection, this is done on the basis of standard contractual clauses (e.g. in the case of Google) or other appropriate safeguards.

The information you transmit to us may also be anonymized for statistical analysis purposes and forwarded to third parties.

9. Your Rights

Anyone can request information about their processed personal data as well as its origin, recipient and purpose of data collection and processing.

In addition, you have the right to request the rectification, blocking, deletion or transmission of your data. Data that are retained by virtue of legal provisions or that are necessary for the management of opera-tions cannot or should not be deleted. If data are not recorded due to a binding obligation of archiving or our overriding interest, we will delete them at your request.

If the archiving obligation applies, we block your data. In addition, you can assert your rights in court or file a complaint with the competent data protection authority.

10. Final Provisions

10.1 Responsible entity and contact

We are responsible for the processing of data in accordance with this data protection declaration, unless otherwise stated.

General data protection inquiries can be sent to our Data Protection Officer by mail (MESOS RIVERS SA, Via San Gottardo 46, 6593 Cadenazzo) or by e-mail (info@mesosrivers.ch).

In case of questions regarding a specific person, requests for rectification or deletion, it is also necessary to enclose a copy of your ID card or passport for identification purposes.

10.2 Adjustments to the data protection declaration

We may amend our data protection declaration at any time by posting it on the website. We may draft this document in different languages, and in case of doubt, the Italian version prevails. This data protection declaration was last updated on 03/10/2025.