Privacy Policy

Last updated: July 9, 2025 – Effective from August 1, 2025

This Data Protection Statement (“Statement” or “Privacy Policy”) describes how Gruppo Multi SA (and its affiliated companies Multifiduciaria SA, Multirevisioni SA, Multiresidenza SA, and MultiRE SA) and Mspace Sagl (collectively “Gruppo Multi | Mspace”, “we” or “the Companies”) collect and process personal data. This Statement replaces and supplements any previous privacy notices published individually by each company; in case of discrepancies, this text prevails. We process data in accordance with the requirements of the Swiss Federal Act on Data Protection of September 25, 2020 (“FADP”), the EU Regulation 2016/679 (“GDPR”) where applicable, and local privacy laws.

1. Responsible entities and contacts

The data controller may vary depending on the contractual relationship or the context in which your personal data is processed. The relevant companies are:

Gruppo Multi SA – Crocicchio Cortogna 6, 6900 Lugano, Switzerland
Multifiduciaria SA – Crocicchio Cortogna 6, 6900 Lugano, Switzerland
Multirevisioni SA – Crocicchio Cortogna 6, 6900 Lugano, Switzerland
Multiresidenza SA – Crocicchio Cortogna 6, 6900 Lugano, Switzerland
E-mail: privacy@gruppomulti.ch – Tel. +41 91 923 32 65

Mspace Sagl – Viale Stazione 34, 6500 Bellinzona, Switzerland
E-mail: info@m-space.ch – Tel. +41 91 751 96 41

Depending on the processing, the Companies may act as individual data controllers, joint controllers, or data processors under the FADP and, where applicable, the GDPR. Any data protection request must be submitted in writing to the addresses above, attaching a copy of your identity document for verification.

2. Collection and processing of personal data

“Processing” means any operation relating to personal data, regardless of the means and procedures used: collection, recording, storage, use, modification, disclosure, archiving, deletion, or destruction.

We process personal data particularly when:

  • we provide or have provided professional services (consulting, fiduciary, auditing, real estate administration, coworking space management);
  • we receive data from clients or third parties appointed by them in the context of such services;
  • you browse or interact with the websites gruppomulti.ch, multiresidenza.ch, m-space.ch or related subdomains;
  • you subscribe to or receive our newsletter;
  • you participate in events, webinars, or meetings organized by the Companies;
  • you communicate with us by phone, email, via videoconferencing platforms (e.g., Zoom, Microsoft Teams) or in person;
  • other contractual relationships exist (suppliers, consultants, business partners);
  • you submit a job application;
  • we need to comply with legal or regulatory obligations;
  • we need to protect our duties of care or other legitimate interests (e.g., prevent conflicts of interest, money laundering, reputational risks, or ensure data and system security).

We aim to limit the collection of personal data to what is strictly necessary for legitimate purposes.

3. Categories of personal data processed

The categories of personal data we may process include, by way of example but not limited to:

  • Contact information – first name, last name, postal address, email address, phone number;
  • Personal and professional information – date of birth, nationality, marital status, profession, title, position, social security number, identity document details;
  • Financial information – bank details, payment information, billing data, investments or holdings;
  • Contractual and tax data – statutes, minutes, projects, financial statements, payrolls, tax/social security information, accounting records, property deeds;
  • Risk assessment data – creditworthiness information, commercial register data, sanctions lists, anti-money laundering checks, media searches;
  • Application data – CVs, cover letters, certificates, diplomas, references, interview assessments;
  • Technical and website usage data – IP address, device identifiers (UID/MAC), browser type, settings, cookies, server logs, click-path tracking, newsletter openings;
  • Images, audio, and video – photos or recordings taken during physical or virtual events;
  • Special categories of personal data – only if strictly necessary: health data, religious beliefs, or social assistance measures, e.g., within payroll mandates.

Where permitted, we may collect data from public sources or receive it from clients, employers, consultants, authorities, courts, banks, insurers, and other legitimately authorized third parties.

4. Purposes of processing and legal bases

4.1 Provision of services

We process data to conclude, perform, and manage contracts for consulting, auditing, fiduciary, real estate management, coworking space management, or other services offered by the Companies. Legal bases: performance of a contract or pre-contractual measures; compliance with legal obligations; legitimate interests.

4.2 Indirect processing

When providing services to clients, we may process third-party data (e.g., employees, family members, counterparties) transferred to us by clients. Legal basis: performance of a contract in favor of the data subject; legal obligation; legitimate interest in providing the service.

4.3 Website usage

We collect technical data to display websites, ensure security, analyze usage, and improve quality. Legal bases: legitimate interest; consent (for non-essential cookies).

4.4 Newsletter and marketing communications

We use contact data to send newsletters or other commercial communications, subject to your consent which can be revoked at any time.

4.5 Events and webinars

We collect data to organize and manage events (physical or virtual), provide informational material, and, with your consent, use photos or videos for promotional purposes. Legal bases: contract execution; legitimate interest; consent.

4.6 Direct communications and visits

We process data necessary to respond to inquiries, arrange meetings at our offices, and protect our infrastructure. Legal bases: provision of a requested service; legitimate interest in security.

4.7 Personnel selection

We process data contained in applications exclusively to manage the recruitment process and, if necessary, retain suitable profiles for future positions, subject to explicit consent. Legal bases: pre-contractual measures; consent; legitimate interest.

4.8 Suppliers and partners

We process data of suppliers and business partners to order goods or services, verify conflicts of interest, and fulfill due diligence obligations (including anti-money laundering). Legal bases: contract performance; legal obligation; legitimate interest.

5. Tracking technologies (cookies)

Our websites use essential technical cookies and optional cookies (analytics or marketing) installed only with your consent via the preferences banner. Optional cookies help us:

  • analyze site traffic and performance with Google Analytics (IP addresses anonymized);
  • display interactive maps provided by Google Maps;
  • integrate social plugins from Facebook, X/Twitter, LinkedIn, YouTube.

Most browsers automatically accept essential cookies; you can disable or delete non-essential cookies at any time via browser settings or our banner. Disabling essential cookies may limit certain site functions. Further details are available in the Cookie Policies published on the respective websites.

6. Web analytics, retargeting, and third parties

To improve our websites and communications, we use analytics tools and retargeting technologies (e.g., Google Analytics). Providers of such services may receive anonymized or pseudonymized data; servers may be located abroad (especially in the USA). Transfers are based on standard EU contractual clauses or other adequate safeguards.

7. External links

Our service may contain links to third-party sites or services not managed by the Companies. This Statement does not apply to such third parties; we recommend consulting their privacy policies. We are not responsible for the content, practices, or privacy policies of external sites.

8. Data sharing and transfer

We transmit personal data to third parties only if:

  • necessary for the provision of services (IT providers, hosting providers, banks, insurers, law firms, consultants, facility managers);
  • required by legal obligations or authorities’ orders;
  • you have given your consent or requested us to do so;
  • there is an overriding legitimate interest (e.g., legal defense, internal audit, fraud prevention).

Our service providers are mainly based in Switzerland or the EEA; if data is transferred to countries without an adequate level of protection (e.g., USA), we adopt EU Standard Contractual Clauses or equivalent safeguards.

9. Data retention

We retain personal data as long as necessary to fulfill contractual or legal obligations, pursue the stated purposes, or protect our legitimate interests (e.g., proof and documentation). After this period, data is deleted or irreversibly anonymized. System technical logs are generally retained for up to twelve months.

10. Data security

We implement appropriate technical and organizational security measures (staff training, access controls, firewalls, encryption, pseudonymization, backups, audits) to protect data from loss, misuse, or unauthorized access.

11. Obligation to provide data

In general, there is no legal obligation to provide us with personal data; however, some data is essential to conclude or perform a contract, comply with legal obligations, access our websites, or participate in our services. Without such data, we may be unable to provide the requested service.

12. Data subject rights

You have the right, within the limits provided by the FADP and GDPR, to:

  • obtain confirmation of the existence of data concerning you and receive a copy;
  • rectify inaccurate data or complete it;
  • have data deleted or restrict its processing;
  • object to processing or withdraw consent at any time;
  • receive data in a structured format (portability);
  • file a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) or the competent EU supervisory authority.

To exercise these rights, contact us at the addresses in Section 1. We may request an identity document and, where permitted by law, may charge a fee for manifestly unfounded or excessive requests.

13. Changes to the Statement

We reserve the right to modify this Privacy Policy at any time. In case of substantial changes, we will publish the new version on our websites indicating the effective date; if the changes significantly affect your rights, we will inform you via appropriate channels (e.g., email, banner). Continued use of our services after the changes take effect constitutes acceptance of them.

Thank you for your attention. For any clarifications or questions, feel free to contact us: we will be happy to assist you.