Privacy policy

Last modified: November 2025

1. Identity and scope of application

bonnefouspartners (hereinafter referred to as “bf+p” or “we”) collectively refers to the group entities active in the fields of fiduciary, accounting, auditing and legal and tax advice, all of which are responsible for processing your personal data, each for the processing it carries out, or jointly if the purposes are common.

The entities included in bf+p include :

  • bonnefouspartners sa (head office in Geneva)
  • bonnefouspartners audit sa (head office in Geneva)
  • bf+p Vaud sa (Head office in Vevey)
  • bf+p Zug ag (Head office in Zug)
  • bonnefouspartners (Tunisia)

The main legal contact address for the Group is: rue du Cendrier 24, 1201 Geneva, Switzerland.

This policy is drawn up in compliance with the Federal Data Protection Act (DPA) and the General Data Protection Regulation (GDPR).

2. Contact for data protection

If you have any questions regarding the processing of your data, or wish to obtain information on international transfer guarantees, or to exercise your rights, you can contact bf+p at the following address. This address is the single point of contact for all the entities mentioned in Section 1:

 

3. Purposes, data collected and legal basis (GDPR/FADP) for processing

We process your personal data (including, if necessary for the execution of our mandates, particularly sensitive data) for the purposes specified below, each being justified by a legal basis required under art. 31 LDP :

Purpose of processing

Data categories (non-exhaustive)

Legal basis (RGPD/LPD)

Execution of mandates (fiduciary, audit, consulting)

Identification, contact data, financial data, career data, sensitive data (depending on mandate)

Contract performance (art. 6 ch. 1 lit. b RGPD and art. 6 LPD)

Legal compliance (KYC, anti-money laundering, tax obligations)

Identification, financial data

Legal obligation (art. 6 ch. 1 lit. c RGPD and art. 6 LPD)

Application management

Career data, contact

Pre-contractual measures (art. 6 ch. 1 lit. b RGPD and 6 LPD)

Website operation and security

IP address, logs, connection data

Legitimate interest (art. 6 ch. 1 lit. f RGPD)

Direct marketing (if applicable)

Contact (e-mail, postal address), financial data, career data, sensitive data (depending on mandate)

Consent (art. 6 ch. 1 lit. a RGPD) in our general terms and conditions

 

4. Collection sources (indirect collection)

When data is not collected directly from you, we obtain it from our customers (as part of our services), from authorities, courts or public registers.

5. Recipients and transfer abroad

5.1. Recipients

Your data may be transmitted to the following recipients:

  • Other bf+p entities (companies listed in Section 1).
  • Subcontractor / partner commissioned by bf+p to carry out the mandate.
  • Our IT subcontractors (hosting companies, maintenance providers, software suppliers), with whom we have signed data protection agreements.
  • Authorities, courts, auditors, or external advisors as part of our legal obligations.

 

5.2. International transfer (art. 16 LDP / art. 44 RGPD)

Your data may be transferred to countries which do not ensure a level of data protection deemed adequate. In such cases, we guarantee protection by implementing appropriate safeguards, in particular standard contractual clauses (SCC) recognized in Switzerland or the EU, or by your prior explicit consent.

6. Retention period (art. 6 al. 4 LPD)

We will delete or anonymize your personal data as soon as it is no longer required for the purposes of processing.

7. Your rights

You have the following rights, which you may exercise by contacting bf+p at the address indicated in Section 2:

  • Right of access to your data.
  • Right to rectify inaccurate or incomplete data.
  • Right to erase your data.
  • Right to object to processing or to revoke your consent.
  • Right to restrict processing.
  • Right to portability of your data (mainly GDPR).
  • Right to obtain an explanation if you are subject to an automated individual decision with legal effects.

You can lodge a complaint with the competent supervisory authority:

  • In Switzerland: The Federal Data Protection and Information Commissioner (FDPIC).

 

8. Safety and Modifications

We apply the necessary technical and organizational measures to protect your data against loss, destruction and unauthorized access.

9. Use of cookies and external links

9.1. Cookies and similar technologies

bf+p uses cookies and tracking technologies for the technical operation of our website. For other types of cookies (e.g. analytical or marketing), your consent is required. Your management preferences are available in your browser settings and/or via a consent banner on the site.

9.2. Links to third-party sites

Our site may contain links to sites not managed by bf+p. We are not responsible for the privacy practices of such external sites.

10. Changes to our privacy policy

We reserve the right to modify this privacy policy. In the event of significant modification, we will inform you via a notice visible on our site. The version published on our website is the only one in force.

This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.