Fiduciaria Antonini SA
Privacy Policy
NOTICE ON DATA PROCESSING
WWW.ANTONINI.SWISS WEBSITE AND RELATED RESOURCES
INTRODUCTION
The purpose of this page (hereinafter, the “Notice”) is to inform users about the processing of personal data carried out within the website www.antonini.swiss and related contact resources, such as email, fax, and telephone number (hereinafter collectively, the “Website”).
WEBSITE OWNER AND COMMUNICATIONS
The owner of the Website, as the entity entitled to the content and determining the purposes and means of personal data processing, is:
Fiduciaria Antonini SA
Viale Cattaneo 1
6900 Lugano (Switzerland)
Attention: due to the use of filters to ensure the security of the Data Controller and users, an email communication shall be deemed received only upon reply or acknowledgment of receipt. Otherwise, the user must consider the communication as not delivered.
Contacts:
Email: privacy@antonini.swiss
Tel: +41 (0)91 911 14 00
Fax: +41 (0)91 911 14 40
ACKNOWLEDGEMENT OF THE NOTICE │ ACCEPTANCE │ AMENDMENTS
The applicable Notice is the version in force at the time of access to the Website. It is the user’s responsibility to carefully verify the current version of the Notice prior to using the Website. The Data Controller reserves the right to update the Notice at any time, in particular in response to developments in applicable law, as well as the functionalities, services, and products made available to the user.
PROCESSING OF PERSONAL DATA AND COOKIES
For further details on the use of cookies and tracking tools, please refer to the dedicated Cookie Policy: Cookie Policy
Legal framework and general definitions
Applicable law. The processing of personal data via the Website is governed, in the private sector, by the Swiss Federal Act on Data Protection (hereinafter, “FADP”).
Definition of “personal data” under the FADP. Any information relating to an identified or identifiable natural person, such as first name, last name, address, date of birth, email, telephone number, IP address, personal preferences and interests, purchases made, web pages visited, geolocation data and movements, etc.
Definition of “sensitive personal data” under the FADP. Particularly sensitive personal data, including:
(i) data relating to religious, philosophical, political or trade union views or activities, health, intimate sphere or racial or ethnic origin;
(ii) genetic data;
(iii) biometric data uniquely identifying a natural person;
(iv) data relating to administrative and criminal proceedings and sanctions;
(vi) data relating to social assistance measures.
Definition of “profiling”. Any automated processing of personal data consisting in the use of such data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning professional performance, economic situation, health, preferences, interests, reliability, behavior, location, and movements.
Definition of “high-risk profiling”. Profiling that entails a high risk to the personality or fundamental rights of the data subject, as it involves linking data enabling the assessment of essential aspects of a natural person’s personality.
Obligation to protect access credentials and personal devices. The use of the Internet and email is subject to security risks. The user is required to ensure the security of their devices and passwords (in particular email passwords) through appropriate technical and organizational measures.
Obligation to provide accurate data and communicate changes. The user is responsible for the accuracy of the personal data provided to the Data Controller and must promptly and proactively communicate any changes so that records can be kept up to date.
Legal basis for processing. Processing of personal data is unlawful if it constitutes an infringement of personality rights. Such infringement may be justified by the consent of the data subject, an overriding public or private interest, or the law. An overriding private interest exists, in particular, where processing is necessary for the provision of goods and/or services requested by the customer. Where required by law—e.g., in certain marketing or advertising activities involving profiling, automated decision-making, or the processing of sensitive personal data—the Data Controller shall request the user’s informed consent via electronic (online or email) or non-electronic (postal) channels.
General disclaimer │ user obligations regarding electronic communications. Given the nature of the Internet as an “open network,” the Data Controller does not guarantee that data transmitted or received by the user cannot be falsified, intercepted, or accessed by unauthorized third parties. The user undertakes to verify by telephone all electronic communications and documents received from the Data Controller (including electronic communications and invoices) that are not validly signed with a qualified electronic signature attributable to the Data Controller or its employees, where such communications involve payment requests, execution of instructions, or transmission of confidential documents, before acting upon them.
The user is solely responsible for the choice of their email service provider and for the proper and secure handling of their personal data outside the Website.
External service providers with access to personal data
The Data Controller uses external IT service providers to ensure the proper functioning of the Website. Such providers have access to data only to the extent strictly necessary for the performance of their duties and are bound by strict contractual confidentiality and non-use obligations.
They must be established in Switzerland or (where strictly necessary) in foreign countries benefiting from an adequacy decision by the Swiss Federal Council.
Technical infrastructure of the Website
The Website is developed and managed through the WordPress content management system (CMS) (self-hosted).
The Website also uses the Polylang plugin to manage language versions, which may involve the use of technical cookies to store the user’s selected language.
The technical infrastructure of the Website is managed directly by the Data Controller or through specialized providers and may involve the processing of technical data necessary for the operation, security, and maintenance of the Website.
Such processing does not have purposes independent from those already indicated in this Notice.
Relationship with European data protection law
Switzerland is not a member state of the European Union (EU), therefore EU law does not apply directly. Article 3(2) of Regulation (EU) 2016/679 (GDPR) provides that the Regulation applies to entities established outside the EU where processing activities relate to:
(i) the offering of goods or services to individuals in the EU; or
(ii) the monitoring of the behavior of individuals in the EU.
The Data Controller does not target the EU market nor monitor the behavior of individuals located in the EU; therefore, the GDPR does not apply. Swiss law provides an adequate level of data protection, as recognized by the European Commission on 26 July 2000.
In the (exceptional) case of applicability of the GDPR, this document constitutes a privacy notice pursuant to Articles 13 and 14 GDPR. In addition to all protections provided under the GDPR, the user may exercise the rights set out in Articles 15–22 GDPR by contacting the Data Controller. The user has the right, at any time and within the limits provided by the GDPR, to request access to their personal data, rectification, erasure, restriction of processing, to object to processing, and to exercise the right to data portability. Where processing is based on Article 6(1)(a) or Article 9(2)(a) GDPR, the user has the right to withdraw consent at any time. The user also has the right to lodge a complaint with the competent supervisory authority.
Without prejudice to any other administrative or judicial remedy, if the user considers that the processing of personal data relating to them infringes the GDPR, they have the right to lodge a complaint with the competent supervisory authority.
In no case shall references to the GDPR be construed as voluntary submission to such regulation or to the supervision and/or decision-making powers of any foreign authority (with respect to Switzerland).
DETAILED INFORMATION ON PERSONAL DATA PROCESSING ACTIVITIES
Browsing the Website
Identity and contact details of the Data Controller: see previous section
Purposes of processing:
(i) enabling browsing of the Website;
(ii) ensuring Website security and preventing misuse;
(iii) improving the quality and usability of content and services;
Categories of personal data processed:
- user device IP address
- browser settings and characteristics
- operating system
- approximate location
- usage and interaction data (pages visited, time spent, navigation events)
- online identifiers and cookies
Categories of recipients:
- hosting providers
- IT providers (maintenance, development)
Transfers abroad (outside Switzerland):
Certain technical data may be transferred abroad exclusively for technical requirements related to the Website infrastructure or IT providers, in compliance with applicable regulations and, where necessary, based on appropriate safeguards.
Email / fax (Website contacts)
- Identity and contact details: see previous section
- Purposes: (i) correspondence with the user; (ii) archiving where a contractual relationship is established
- Categories of data: (i) sender’s email / phone number; (ii) correspondence content; (iii) user device IP address; (iv) telecommunications data and metadata
- Recipients: IT and telecom service providers (data processors)
- Transfers abroad: none
- Data subject rights: see section below
Telephone records (Website contacts)
Identity and contact details: see previous section
Purposes: (i) communication with users interested in advisory or fiduciary services (including call-back by the Data Controller);; (ii) inclusion in client files if relevant for contractual purposes or proof of proper performance
Categories of data: (i) phone number; (ii) call duration; (iii) caller location (prefix/roaming); (iv) telecom data and metadata
Recipients: none (internal use only)
Transfers abroad: none
Data subject rights: see section below
USE OF COOKIES AND TRACKING TOOLS
What cookies are
Cookies are small text files stored on the user’s system by servers during browsing. They allow servers to recognize the user’s browser during current and future visits.
Types of cookies
Cookies are classified into different categories:
- First-party cookies: set by the visited website
- Third-party cookies: set by external entities
- Session cookies: deleted when the browser is closed
- Persistent cookies: stored until expiration
- Technical cookies: enable secure navigation and service delivery
- Analytics cookies: treated as technical if used in aggregated form
- Tracking/profiling cookies: used to analyze behavior and deliver personalized advertising
For full details, see the Cookie Policy: Cookie Policy
Cookies used by the Website
The Website uses exclusively:
- technical cookies necessary for operation
- technical cookies for language management (e.g., Polylang)
- technical cookies for consent management (CookieYes)
The Website does not use profiling cookies or tracking tools for marketing or behavioral analysis.
Privacy preference management
The Website uses a Cookie Consent Management Platform to collect and manage user preferences.
Specifically, it uses CookieYes Consent (CookieYes Limited), which stores user choices to ensure compliance in subsequent visits.
This service may involve processing of technical and identifying data (e.g., cookie preferences and anonymous identifiers), including possible transfers abroad.
Further details are available in the Cookie Policy.
Privacy policy: https://www.cookieyes.com/privacy-policy/
Third-party services
The Website does not use third-party services involving profiling or tracking.
It uses technical tools for performance monitoring (e.g., Google Search Console), which do not process personal data or install cookies on user devices.
Contact form protection
The Website uses internal technical measures (e.g., honeypot systems) to prevent automated spam submissions, without relying on third-party services.
No profiling or data sharing occurs.
Social media plug-ins / widgets
For privacy protection reasons, the Website does not use social media plug-ins or widgets.
DATA SUBJECT RIGHTS
Exercise of rights. Requests must be submitted in writing (postal or electronic) to the Data Controller, including proof of identity and entitlement.
Response time. The Data Controller will respond without undue delay and, in any case, within 30 days.
Rights. Subject to the FADP, data subjects have the right to:
- obtain rectification of inaccurate or outdated data
- receive confirmation of data processing free of charge
- withdraw consent
- prevent disclosure of sensitive data
- express views on automated decisions
- obtain data portability
- request restriction, deletion, or blocking
- prohibit specific processing or disclosures
- request annotation of disputed data
- request notification to third parties
- obtain declaration of unlawful processing
Contact for information
Email: privacy@antonini.swiss
Tel: +41 (0)91 911 14 00
Swiss Federal Data Protection and Information Commissioner:
https://www.edoeb.admin.ch
APPLICABLE LAW AND JURISDICTION
The legal relationship between the user and Fiduciaria Antonini SA is governed by Swiss substantive law, excluding private international law rules.
The competent court for the District of Lugano shall have exclusive jurisdiction, subject to mandatory provisions. The Data Controller reserves the right to bring proceedings at the user’s place of business or residence.
Effective date: 21 April 2026