Legal information, terms of use, personal data protection and cookies
Last updated: 7 April 2026
This website MERCOSUR Trade Hub (hereinafter "the Website") is published by:
Alessandro Brenci
Independent International Trade Consultant
Lausanne, Switzerland
Contact: [email protected]
Business ID: available upon request
The Website is hosted by Manus (manus.im). Data is stored on secure servers.
Independence Statement: MERCOSUR Trade Hub is an independent advisory platform. It is not affiliated with, endorsed by, or officially connected to the MERCOSUR (Mercado Común del Sur) or any of its member states. The use of the term "MERCOSUR" in the Website name is purely descriptive and refers to the subject matter covered (trade agreements involving the MERCOSUR bloc), not to any institutional relationship.
All content on the Website (texts, analyses, graphics, logos, icons, images, data, software, databases, structure) is protected by Swiss copyright law (Federal Act on Copyright, CopA, SR 231.1) and applicable international conventions.
Any reproduction, representation, modification, publication, transmission, distortion, in whole or in part, of the Website or its content, by any means and on any medium, is prohibited without the prior written authorization of the publisher.
Trademarks, logos and distinctive signs on the Website are protected. Any unauthorized use constitutes infringement.
Data and analyses relating to the EU-MERCOSUR and EFTA-MERCOSUR trade agreements are compiled from official public sources and do not constitute original works of those institutions.
By accessing the Website, the user accepts these Terms of Use without reservation.
Access: The Website is freely accessible to any user with Internet access. Access and communication costs are borne by the user. The publisher reserves the right to suspend, modify or discontinue access to the Website at any time, without notice or compensation.
User Account: Certain features require account creation. The user undertakes to provide accurate information and to maintain the confidentiality of their credentials. Any fraudulent use will result in immediate account suspension.
User Content: The user shall not publish any unlawful, defamatory, discriminatory content or content infringing third-party rights.
Paid Products and Services: Purchases made on the Website (guides, training, certifications) are subject to the specific conditions displayed at the time of order. Payments are processed securely by Stripe, Inc. The right of withdrawal applies in accordance with Swiss law for digital content not yet downloaded.
Amendment: The publisher reserves the right to amend these Terms at any time. Amendments take effect upon publication on the Website.
This privacy policy is established in accordance with the following legal frameworks:
• Swiss Federal Act on Data Protection (nFADP, SR 235.1, effective 1 September 2023) and its Ordinance (DPO, SR 235.11)
• European Union General Data Protection Regulation (GDPR, Regulation (EU) 2016/679 of 27 April 2016)
• Council of Europe Convention 108+ for the Protection of Individuals with regard to Automatic Processing of Personal Data (ETS No. 108, modernised in 2018)
• OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (revised 2013)
Data Controller (Art. 5(j) nFADP / Art. 4(7) GDPR):
Alessandro Brenci, Lausanne, Switzerland
Contact: [email protected]
Data Protection Officer (Art. 10 nFADP / Art. 37-39 GDPR):
Given the size of the organisation, no Data Protection Officer (DPO) has been formally appointed. For any data protection queries, contact directly: [email protected]
Data Collected:
• Identification data (Art. 4(1) GDPR): name, surname, email address (during account creation or newsletter subscription)
• Browsing data: IP address, browser type, pages visited, visit duration (collected anonymously for statistical purposes)
• Transaction data: payment information processed exclusively by Stripe, Inc. (we never store credit card data, in compliance with PCI DSS standards)
• Form data: messages sent via the contact form, quote requests, training registrations
Special Categories of Data (Art. 5(c) nFADP / Art. 9 GDPR):
The Website does not collect any sensitive data (political opinions, health data, ethnic origin, sexual orientation, biometric or genetic data).
Purposes and Legal Bases for Processing:
Pursuant to Art. 31 nFADP and Art. 6(1) GDPR, each processing activity relies on a specific legal basis:
• Provision and improvement of Website services → Performance of a contract (Art. 6(1)(b) GDPR)
• User account management and authentication → Performance of a contract (Art. 6(1)(b) GDPR)
• Order processing and delivery of digital products → Performance of a contract (Art. 6(1)(b) GDPR)
• Newsletter distribution → Explicit consent (Art. 6(1)(a) GDPR)
• Responding to contact and quote requests → Legitimate interest (Art. 6(1)(f) GDPR)
• Anonymised statistical analyses → Legitimate interest (Art. 6(1)(f) GDPR)
• Accounting and tax obligations → Legal obligation (Art. 6(1)(c) GDPR)
Retention Period:
Personal data is retained in accordance with the principle of data minimisation (Art. 5(1)(e) GDPR / Art. 6(4) nFADP):
• Account data: duration of the contractual relationship + 1 year
• Transaction data: 10 years (Swiss accounting obligations, Art. 958f CO)
• Newsletter data: until consent is withdrawn
• Browsing data: 26 months maximum
• Contact data: 3 years after the last exchange
International Data Transfers (Art. 16-17 nFADP / Art. 44-49 GDPR):
Data may be transferred to processors located outside Switzerland and the EEA:
• Stripe, Inc. (USA) — Payments — EU-US Data Privacy Framework (European Commission adequacy decision of 10 July 2023)
• Manus (hosting provider) — Hosting — European Commission Standard Contractual Clauses (SCCs) (Implementing Decision (EU) 2021/914)
The Swiss Federal Council maintains a list of states providing an adequate level of protection (Annex 1 DPO). For transfers to countries not on this list, appropriate safeguards are implemented pursuant to Art. 16(2) nFADP.
Automated Individual Decision-Making and Profiling (Art. 21 nFADP / Art. 22 GDPR):
The Website does not carry out any automated individual decision-making or profiling within the meaning of Art. 22 GDPR. No decision producing legal effects or significantly affecting the user is made solely on the basis of automated processing.
Data Protection Impact Assessment (Art. 22 nFADP / Art. 35 GDPR):
Given the nature of the processing activities (no sensitive data, no large-scale profiling, no systematic monitoring), no Data Protection Impact Assessment (DPIA) is required at this stage.
Processors (Art. 9 nFADP / Art. 28 GDPR):
Processors are bound by contracts compliant with Art. 28 GDPR and Art. 9 nFADP, ensuring an equivalent level of protection.
Data Subject Rights:
In accordance with the nFADP (Art. 25-29) and the GDPR (Art. 15-22), you have the following rights:
• Right of access (Art. 25 nFADP / Art. 15 GDPR)
• Right to rectification (Art. 6(5) nFADP / Art. 16 GDPR)
• Right to erasure — "right to be forgotten" (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 28 nFADP / Art. 20 GDPR)
• Right to object (Art. 21 GDPR)
• Right to withdraw consent at any time (Art. 7(3) GDPR)
• Right not to be subject to automated decision-making (Art. 21 nFADP / Art. 22 GDPR)
Response time: 30 days (Art. 25(6) nFADP / Art. 12(3) GDPR).
To exercise these rights, contact: [email protected]
Data Breach Notification (Art. 24 nFADP / Art. 33-34 GDPR):
In the event of a data security breach, the FDPIC (Switzerland) and, where applicable, the competent EU supervisory authority will be notified within 72 hours pursuant to Art. 33 GDPR. Data subjects will be informed if the breach is likely to result in a high risk to their rights and freedoms (Art. 34 GDPR / Art. 24(3) nFADP).
Supervisory Authorities:
• Switzerland: Federal Data Protection and Information Commissioner (FDPIC), Feldeggweg 1, CH-3003 Bern — https://www.edoeb.admin.ch
• EU: You have the right to lodge a complaint with the supervisory authority of your Member State of residence (Art. 77 GDPR). List of authorities: https://edpb.europa.eu/about-edpb/about-edpb/members_en
Information published on the Website is provided for informational purposes only and does not constitute personalized legal, tax, financial or investment advice.
The publisher endeavors to provide accurate and up-to-date information but does not guarantee the completeness, accuracy or timeliness of the content. Figures, statistics and projections presented are estimates from official sources (European Commission, ECIPE, economiesuisse, EFTA, WTO) and do not constitute a guarantee of future results.
The publisher disclaims all liability:
• For direct or indirect damages resulting from the use of the Website or the inability to use it
• For decisions made based on information published on the Website
• For the content of third-party websites to which the Website links
• For temporary service interruptions
The user is solely responsible for the use they make of information available on the Website and must consult a qualified professional before making any business or investment decision.
The Website deals with data and information relating to trade between the European Union, Switzerland/EFTA and MERCOSUR countries. The following regulatory frameworks are therefore relevant:
Data protection in MERCOSUR countries:
• Brazil: Lei Geral de Proteção de Dados (LGPD, Law No. 13,709/2018) — Inspired by the GDPR, it governs the processing of personal data in Brazil. Competent authority: ANPD (Autoridade Nacional de Proteção de Dados).
• Argentina: Ley de Protección de Datos Personales (Law 25,326/2000) and its regulatory decree 1558/2001 — Argentina benefits from a European Commission adequacy decision (Decision 2003/490/EC). Competent authority: AAIP (Agencia de Acceso a la Información Pública).
• Uruguay: Ley de Protección de Datos Personales (Law 18,331/2008) — Uruguay also benefits from a European Commission adequacy decision (Decision 2012/484/EU). Competent authority: URCDP.
• Paraguay: Ley de Protección de Datos Personales Crediticios (Law 1682/2001) — More limited framework focused on credit data.
Applicable international standards:
• Council of Europe Convention 108+ (ETS No. 108, modernised 2018) — Binding international treaty on data protection, open to non-European states (Argentina and Uruguay have acceded).
• OECD Privacy Guidelines (revised 2013) — Core principles: collection limitation, data quality, purpose specification, use limitation, security safeguards, openness, individual participation, accountability.
• UN General Assembly Resolution 45/95 (1990) — Guidelines for the regulation of computerised personal data files.
• APEC Privacy Framework (2015) and CBPR system (Cross-Border Privacy Rules) — Relevant for transpacific data flows.
EU-MERCOSUR framework:
• The EU-MERCOSUR Association Agreement includes provisions on e-commerce and cross-border data flows, while preserving each party's right to regulate personal data protection.
• European Commission Standard Contractual Clauses (SCCs) (Implementing Decision (EU) 2021/914) are the preferred mechanism for data transfers to MERCOSUR countries without an adequacy decision.
This Website is committed to upholding the highest standards of data protection, applying the common principles across all these regulatory frameworks.
These legal notices and terms of use are governed by Swiss law.
Any dispute relating to the use of the Website shall be subject to the exclusive jurisdiction of the courts of Lausanne, Canton of Vaud, Switzerland, subject to mandatory consumer protection provisions applicable at the user's domicile.
The provisions of the United Nations Convention on Contracts for the International Sale of Goods (CISG) are expressly excluded.
Last updated: 7 April 2026
This website uses cookies strictly necessary for the operation of the service (session, language preferences, secure payment). No advertising or profiling cookies are used. In accordance with the nFADP (SR 235.1) and the GDPR (EU 2016/679), you may accept or decline optional cookies. Learn more