Data Controller Privacy Notice
1. Who we are
The controller of the personal data listed hereafter in Section 2 is Mazars SA, Chemin de Blandonnet 2, 1214 Vernier-Genève, Switzerland. References in this Data Controller Privacy Notice to “Mazars”, “we” or “us” are references to Mazars SA.
We have appointed the following data protection coordinator: Stefania Badariotti, Legal Counsel, Mazars SA.
2. Personal data we process
Personal data we may process includes:
- data subject name and contact details (for example name, address, phone number or email address), information about the company the data subject works for, the data subject’s position or title and relationship to a person, and other basic information;
- financial information, for example payment-related information, tax-related information, fiscal matters;
- information provided to us by or on behalf of our clients or generated by us in the course or providing services to our clients;
- information provided to us for the purposes of attending meetings, seminars and events;
- any other information relating to the data subject which our clients may provide to us.
We collect and process this information when our clients interact with us, for example, when our clients retain our services. We also collect or generate personal data based on the personal data which our clients provide us with so that we may perform our contractual obligations, in the course of providing our services, and we may collect personal data from other sources for example by using publically available sources.
3. How we use personal data
We use personal data:
to communicate with our clients;
- to provide our clients with contractual services, such as tax and audit services, financial advice and other advisory services as may be further described from time to time in a separate letter of engagement or other agreement;
- to provide and improve our services to our clients, including personal data of others provided to us or collected by us on behalf of our clients, for example processing identification and background information as part of our services;
- to administer our relationship with our clients;
- to promote our services, including by sending alerts, updates, event invitations etc.;
- to comply with our legal, regulatory and risk management obligations, including establishing, exercising or defending legal claims.
4. Use of our websites and e-mails
We may use your name and e-mail address(es) to send you alerts, updates, event invitations and other information by e-mail, but will ask for consent first unless we have obtained your contact details from you in the context of our services. If you receive marketing communications from us and no longer wish to do so, you may unsubscribe at any time by following the link included in those e-mails. Note that we may use personal data to understand if you read our e-mails or click on links included in them.
5. On what basis we use personal data
We process personal data on the following grounds: to perform a contract, such as engaging with an individual or company to provide audit, financial, tax, payment-related or other services; for the establishment, exercise or defence of legal claims or proceedings; to comply with legal and regulatory obligations; and for legitimate interests. Please see “How we use personal data” above for additional details.
6. Who we share personal data with
We will share your personal data with trusted third parties including:
- group internal and group external service providers (such as IT services providers, marketing services providers);
- our auditors;
- other entities of the Mazars group of companies.
For the purposes set out in this Policy and where necessary, we may share personal data with courts, regulatory authorities, government agencies and law enforcement agencies. While it is unlikely, we may be required to disclose personal data to comply with legal or regulatory requirements. We will use reasonable endeavours to notify the data subjects before we do this, unless we are legally restricted from doing so.
7. Countries we transfer personal data to
We may transfer personal data to recipients abroad, including in countries that do not provide the same level of protection as in the country of our client’s (or the data subjects’) legal seat/residence. Before we do so we will implement appropriate measures to protect personal data, for example by requiring the recipient to agree to data transfer agreements (upon request, we will provide copies of these agreements. These agreements are usually based on the EU standard model clauses, available here). We may also transfer personal data with the explicit consent of the data subjects and in certain other situations as permitted by applicable law.
8. How we retain personal data
We retain personal data for as long as it is necessary for the purposes for which the data is collected, and as long as we have a legitimate interest in keeping personal data, for example to enforce or defend claims or for archiving purposes and IT security. We also retain personal data as long as it is subject to a legal retention obligation.
9. How we protect personal information
We use various technical and organisational measures to help protect personal data from unauthorised access, use, disclosure, alteration or destruction.
10. Data subject rights
The data subjects whose personal data we process are entitled to ask for details of the information we hold about them and how we process it and to receive a copy of their personal data. The data subjects may also have their personal data rectified or deleted, restrict our processing of that personal data, and object to the processing of their personal data. The data subjects may also choose to withdraw their consent. Please note that even after the data subjects have chosen to withdraw their consent, we may be able to continue to process their personal information to the extent required or permitted by law. The data subjects may also lodge a complaint in relation to our processing of their personal data with a local supervisory authority.
We must ensure that the personal data of the data subjects is accurate and up to date. Therefore, we welcome any communication from the data subjects whose personal data we process informing us of any changes to their personal data by contacting us at the address indicated above.
Mazars SA