Studio Fiam SA – Data privacy policy

We are serious about data privacy and we take all reasonable steps and technical and organizational measures in order to prevent unauthorized access. This privacy policy contains general information on what personal data we collect, how we process this information and what rights you have. 

For the purposes of the present policy

  • “Studio Fiam” means the management and employees of Studio Fiam, all subject to contractual rules of professional secrecy
  • “Data” means personal data
  • “You” means the Client, the Data Controller and/or the Data Subject

General Information

Data Controller and Data Processor

Studio Fiam SA 

via C. Frasca 3, 6901 Lugano, Switzerland

0041 91 695 10 70 –

Studio Fiam may delegate part of the data processing to external Data Processor, specifically in computing and specialized fields. Likewise, Studio Fiam may act as external Data Processor for external Data Controller on a contract basis.

Core Business of Studio Fiam

  • Business management consulting and services
  • Accounting, administration and HR services in outsourcing 
  • Advice and tax returns for individuals and corporations
  • Auditing of Swiss entities (limited examination)
Main contacts:

How do we collect data

We process data we collect directly from you or from persons authorized by you. In order to comply with regulatory and legal obligations we may collect data from freely accessible public sources (press, internet, others) or from authorized and entitled third parties.

When delivering services in outsourcing, we process data we receive directly from the Data Controller and/or from the Data Subject.

What data we process

We process the following main data categories:

  • Personal details and identification data (name, address, date of birth, family details, contact numbers, copy of national identity card or passport, national insurance number, etc.)
  • tax domicile and other tax-related documents and information
  • professional information,  such as your job title and work experience;
  • information freely accessible from public sources (press, internet, others)
  • financial information

Depending on the contract of mandate, we may process data for payroll services (salary, working and absence hours, all information needed for social security and pension fund, details in case of accident or illness for assurance purposes, information required for application of working permit, etc.) and for tax services for individuals (financial and fiscal information). We collect this data directly from the Data Controller or the Data Subject; if required, we submit data to the competent authorities and we retain a copy of it safely.

Legal framework, purpose of data processing and consent

Legal framework:

Purpose of data processing and consent

We do not process data for statistical or marketing purposes; we do not monitoring data on-line and we do not do data profiling or automated decision-making; our website uses only technical cookies essential for the correct functioning of the website. We process data in order to:

  • comply with contractual obligations and safeguard the interests of the client  
  • manage the mandate given to us  
  • fulfil the obligations envisaged in the accounting, fiscal, and labour law fields  
  • comply and fulfil our professional legal obligations 

The consent to data processing is implicit in the mandate given to us and formally granted with the signature of the same.

The sending of newsletters and other general information by email or in paper form is subject to explicit consent: if you are already our client, we consider the consent implicitly granted except if explicitly denied; the absence of consent has no influence on our business relationship.

How do we process and retain data

We process data in electronic and paper form in an accurate, adequate and transparent manner; we process them by means of technical and organizational measures adequate to ensure data privacy and security. We take all reasonable steps in order to prevent unauthorized access, illegal use and dissemination of data.

We retain and securely store the data as long as necessary for the purpose of the data processing and as required by law, which is in principle 10 years after termination of the mandate given to us or according to other specific legislation and/or custom.

Use of electronic mail and website

Use of electronic mail

With the common use of the email, you accept all risks connected to this method of data transmission; adequate and reasonable measures can prevent, reduce but not completely eliminate these risks.  

We may use nominal email addresses: please note that these are still company email addresses and can be therefore accessed by other employees of the company.


Our website uses only technical cookies essential for the correct functioning of the website; we do not monitoring data on-line and we do not do data profiling or automated decision-making.

Communication of data

For technical reasons, our external IT Manager has access to our database. Our Information System fulfils reasonably the requirements in terms of data privacy and security.  

We may communicate the data to

  • other companies and professionals working on the same mandate given to us
  • other recipients with your consent
  • banks, for the purpose of banking relationships in place
  • public bodies, administrative offices, financial institutions, supervisory bodies, legal and tax authorities and others, based on obligations imposed by law or by the issuing authority

Transfer of data to third countries or international organizations

The transfer of data to third countries or international organizations shall take place only if

  • necessary to provide the services required by the mandate given to us
  • prescribed by law
  • based on your consent

Obligation to provide data

You have an obligation to provide the data necessary to accept and execute the mandate given to us, in order to comply with all contractual and legal requirements; otherwise, the business relationship shall be terminated.

Data Protection rights

You have the right to know what data we process and the right to access them; you have the right to request us to correct, complete and update your data. Within the limits set by law, you have the right to request us to erase your data or to limit, partially or totally, the processing of the data except in case of legitimate reasons for continuing processing them. You may withdraw the consent for situations for which the consent is not implicit in the mandate given to us.  

You have the right to receive copy of your data provided to us, in a structured, commonly used and machine-readable format.

Where applicable, you have the right to file a claim before the appropriate Authority.


We will readily provide notification of any material changes to this policy.

Lugano, Switzerland, January 2020