Imprint and data protection

Imprint

We would like to point out that by accessing www.meng-partner.ch you agree to the conditions mentioned below.

Concept, design and implementation
visàvis Kommunikation AG
Rütistrasse 3
5401 Baden
www.visavis.ag

Legal information

The Meng und Partner Group companies accept no liability for Internet errors, damage caused by third parties or for imported data of any kind (such as viruses, worms or Trojan horses). This legal information website is for general information purposes only.

Please note that the Meng und Partner Group has no control over the content and design of websites that are not associated with Meng und Partner. We therefore accept no responsibility for external links or their content.

In no event shall the group companies of the Meng und Partner Group be liable to third parties for any direct, indirect, special or other consequential damages arising out of the use of this website or any website linked to it. Any liability for loss of profit, business interruption and loss of programs or other data in information systems is also excluded. This also applies if we are expressly advised of the possibility of such damages.

Privacy policy of the Meng & Partner Group

1. introduction

The protection of your personal data is a key concern for the Meng & Partner Group. We always process personal data in accordance with the applicable legal requirements and in compliance with the principles of proportionality, transparency and data security.

This privacy policy explains in detail how we handle personal data, which systems and platforms we use, for what purposes we process data and what rights you are entitled to.

The declaration applies to all companies within the Meng & Partner Group and to all processing activities, regardless of whether these are carried out electronically, on in-house servers or via external platforms.

2. responsible body

Meng & Partner Group
Bruggerstrasse 21
5400 Baden
E-mail: office@meng-partner.ch
Phone: +41 56 200 17 30

3 Scope of application and legal basis

• We comply with the Swiss Data Protection Act (DPA, as of 2023).
• Insofar as data of persons in the European Union is processed or data is stored in the EU, we also comply with the General Data Protection Regulation (GDPR).
• In the event of contradictions, the stricter provisions shall always apply.

4. purposes of data processing

We process personal data exclusively for legitimate purposes:

1. Mandate management: fiduciary services, accounting, payroll, taxes, auditing, consulting.
2. Contract processing: initiation, conclusion, execution, invoicing.
3. Communication & support: Enquiries by e-mail, telephone, form, support tickets.
4. Customer portals: Upload and exchange of documents (e.g. Heyflow, Tresorit).
5. Compliance & legal obligations: Safekeeping, Money Laundering Act, credit checks, sanctions lists.
6. Security & IT operations: access controls, protection against cyber attacks, backups.
7. Internal purposes: risk management, training, internal audit, statistics.
8. Marketing: Informing our existing customers about our services.
9. Corporate transactions: Mergers, cooperations, sales of business units.

5. categories of personal data

Among other things, we process

• Master data: Name, address, telephone number, e-mail, date of birth.
• Mandate and contract data: Accounting documents, tax data, bank details, salary and pension data.
• Professional data: Employer, function, contract details.
• Technical data: IP addresses, logs, device information, usage data from online portals.
• Particularly sensitive data: e.g. tax or health data, only if necessary.

If you provide us with data of third parties (e.g. employees, family members), you are obliged to inform these persons of this.

6. data processing systems and platforms

We operate the majority of our infrastructure on secure in-house servers in Switzerland.

We also use:

• Microsoft 365 (Exchange Online, Teams, SharePoint, OneDrive) – Communication and collaboration (data centers in CH/DE).
• Customer portal – for secure document transmission.
• Heyflow – Upload of tax and audit documents (processing in the EU).
• Tresorit – end-to-end encrypted file transfer for confidential documents.
• WordPress forms – encrypted contact requests via our website.
• Support ticket system – for processing inquiries.
• External platforms – forwarding in individual cases; their data protection guidelines apply.

7. disclosure of data

We only pass on personal data if this is necessary and legally permissible:

• Within the Group: Meng & Partner companies.
• External partners/service providers: IT support, cybersecurity, hosting, banks, delivery services.
• Authorities, supervisory bodies, courts: to the extent required by law.
• Clients and business partners: to the extent required for mandates.

Personal data is not sold.

8. data transmission abroad

• Priority storage and processing in Switzerland and in the EU/EEA area.
• Transfers to third countries only if necessary and if there is an adequate level of protection or if legal exceptions apply.

9. security of your data

We implement extensive technical and organizational measures (TOMs):

• Two-factor authentication (2FA)
• Single Sign-On (SSO)
• Encryption during transmission and storage
• Access controls (need-to-know principle)
• Network protection, firewalls, monitoring
• Backups and recovery tests
• Employee training
• Operation of critical systems on in-house servers

10. electronic communication

Electronic communication is associated with risks. We use encryption, but point out residual risks.

• Email & collaboration: via Microsoft 365, with additional password protection if required.
• File transfer: confidential documents preferably via Tresorit (E2E) or Heyflow.
• Video conferencing: via Microsoft Teams.
• Web forms: Transmission via HTTPS.

By using these communication channels, you agree to these conditions.

11. storage and deletion

• Data is stored for as long as is necessary for the respective purpose or as long as we are legally obliged to do so.
• As a rule, business-related documents must be kept for 10 years (OR/tax law).
• After expiry, data is deleted or anonymized.

12. rights of the data subjects

Data subjects have the following rights under the FADP (and, where applicable, the GDPR):

• Information
• Correction
• Deletion (if there is no obligation to retain the data)
• Restriction of processing
• Data portability
• Objection to certain processing operations

We will respond to requests within 30 days. Complaints can also be addressed to the FDPIC (Federal Data Protection and Information Commissioner).

13. cookies and newsletter

Our website uses cookies:

• Necessary cookies: for operation.
• Analysis/marketing cookies: can be used, but can be deactivated.

Newsletter (MailPoet):

• Customers: We reserve the right to regularly send our existing customers information about services, innovations or events by e-mail. This is done without separate consent, as it is an existing customer relationship.
• Non-customers: do not receive a newsletter.
• You can unsubscribe at any time via the unsubscribe link or by sending us a message.

14. social media

Among other things, we have a presence on LinkedIn. When visiting our social media pages, the data protection guidelines of the respective providers also apply. We have no influence on their data processing.

15. corporate transactions

Data may be transferred in the context of mergers, cooperations or sales of parts of the company. This is done exclusively in compliance with the statutory provisions.

16. data protection incidents

We have processes in place to detect, report and rectify data breaches. Affected persons and authorities are informed in accordance with legal requirements.

17. minors

We do not process any personal data of children under the age of 16 without the consent of their legal guardians.

18. changes

We reserve the right to amend this privacy policy at any time. The version published on our website is authoritative.

Copyright

All texts and graphics contained in this website are the property of the Meng and Partner Group companies. Reproduction, copying or reuse of these elements in whole or in part is not permitted without the written permission of the Meng and Partner Group companies.