Data Protection Declaration Legal Experts Switzerland AG

1. What is this Data Protection Declaration about?

Legal Experts Switzerland AG (the “Firm”, hereafter also “we”, “us”) is a law firm with its registered office in Meilen, Switzerland. In the course of our business activities, we obtain and process personal data, in particular personal data about our clients, associated persons, counterparties, courts and authorities, correspondent law firms, professional and other associations, participants in events, recipients of newsletters and other entities and their contact persons and employees, respectively (hereafter also “you”). In this Data Protection Declaration, we inform you about such data processing.

If you disclose data to us about other persons (e.g. family members, representatives, counterparties, employees, service providers, contracting parties or other associated persons), we will assume that you are authorized to do so, that such data is accurate and that you have ensured that such persons are aware of such disclosure to the extent that a legal information obligation applies (e.g. by bringing this Data Protection Declaration to their attention in advance).

2. Who is responsible for the processing of your data?

For the processing of data as described in this Data Protection Declaration, the responsible firm from the viewpoint of data protection law is:

Legal Experts Switzerland AG
Bünishoferstrasse 107
CH – 8706 Meilen
b.spagno@legalexperts.ch

3. Which of your data do we process for what purposes?

If you use our services or deal with us in any other way, we will obtain and process different categories of your personal data. As a rule, we may obtain and process such data in particular for the following purposes:

Communication: We process personal data, so we can communicate with you as well as with third parties, such as parties to proceedings, courts or authorities, by e-mail, telephone, letter or other means (e.g. to answer inquiries, in the framework of legal advice and representation as well as the initiation and execution of contracts). This also includes providing information about events, legal changes, news about our law firm or similar information to our clients, contractual partners and other interested persons. This may, e.g., take the form of newsletters and other contacts (electronic, via mail, via telephone). You may reject such communication or refuse or withdraw your consent to such communication at any time. In the context of communication, we process in particular the content of the communication, your contact details as well as the meta data of the communication, but also image and audio recordings of (video)calls. In the event of an audio or video recording, we will inform you separately, and you are free to inform us if you do not wish such recording or to terminate the communication. If we need or wish to confirm your identity, we will collect additional data (e.g. copy of an ID).

Initiation and conclusion of contracts: In view of the conclusion of a contract, such as, in particular, a contract for the establishment of an attorney-client relationship, with you or your mandator or employer, which also includes checks for any conflicts of interest, we may in particular obtain and process your name, contact details, powers of attorney, declarations of consent, information about third parties (e.g. contact persons, family details as well as counterparties), contract contents, closing date, creditworthiness data as well as all other data that you provide to us or that we collect form public sources or third parties (e.g. commercial register, credit agencies, sanctions lists, media, legal protection insurance companies or the Internet).

Administration and execution of contracts: We obtain and process personal data in order to comply with our contractual obligations to our clients and other contractual partners (e.g. suppliers, service providers, correspondent law firms, project partners) and, in particular, to provide and claim the contractual services. This also includes data processing for the management of mandates (e.g. legal advice to our clients, representation of our clients before courts and authorities as well as correspondence) as well as data processing for the enforcement of contracts (debt collection, court proceedings, etc.), accounting and public communication (as far as permitted). For this purpose, we process in particular the data that we have received or collected in connection with the initiation, conclusion and execution of the contract as well as data that we create in the framework of our contractual services or collect from public sources or other third parties (e.g. courts, authorities, counterparties, information services, media, detective agencies or the Internet). Such data may, in particular, include minutes of conversations and consultations, notes, internal and external correspondence, contractual documents, documents we create and receive in the framework of proceedings before courts and authorities (e.g. statements of claims, appeals and complaints, judgements and decisions), background information about you, counterparties or other persons as well as other mandate-related information, performance records, invoices and financial and payment information.

Operation of our website: In order to operate our website in a secure and stable manner, we reserve the right to collect technical data, such as IP address, information about the operating system and settings of your end device, the region, time and type of use. Additionally we reserve the right to use cookies and similar technologies. Please also see section 8.

Security purposes and access controls: We collect and process personal data to ensure appropriate security of our infrastructure (e.g. building). This includes e.g. the monitoring of physical access to our premises. For documentation and security purposes (preventive measures and investigation of incidents), we also use a security camera for our premises. Signs indicating the presence of surveillance systems are posted at the respective locations.

Compliance with laws, directives and recommendations of authorities as well as internal regulations (“Compliance”): We obtain and process personal data to comply with the applicable laws (e.g. to combat money laundering, to comply with tax or professional obligations), self-regulations, certifications, industry standards, our corporate governance and for internal and external investigations in which we are a party (to the proceeding) (e.g. by a law enforcement or supervisory authority or an appointed private body).

Risk management und corporate governance: We obtain and process personal data as part of risk management (e.g. for protection against criminal activities) and corporate governance. This includes, among other things, our operational organization (e.g. planning of resources) and corporate development (e.g. acquisition and sale of parts of businesses or companies).

Job application: If you apply for a job with us, we obtain and process the relevant data for the purpose of assessing the application, carrying out the application process and, in case of successful applications, preparing and concluding a corresponding contract. For this purpose, we process, in addition to your contact details and the information from the corresponding communication, in particular also the data contained in your application documents and the data that we can additionally obtain about you, e.g. from job-related social networks, the Internet, media and references if you consent to our obtaining of references.

Other purposes: Other purposes include e.g. training and educational purposes as well as administrative purposes (e.g. accounting). In addition, we may process personal data for the organization, the carrying out and follow-up of events, such as, in particular, lists of participants and contents of presentations and discussions, but also image and audio recordings made during such events. The protection of legitimate interests is a also one of the further purposes that cannot be listed exhaustively.

4. Where does the data come from?

From you: The major part of the data we process is provided by you (or your end device) (e.g. in connection with our services or the communication with us). You are not obliged to disclose your data, with exceptions in individual cases (e.g. legal obligations). However, if, e.g., you wish to conclude contracts with us or use our services, you will have to disclose certain data to us.

From third parties: We may also collect data from publicly accessible sources (e.g. debt collection registers, commercial registers, media or the Internet, including social media) or receive such data from (i) authorities, (ii) your employer or principal that either has a business relationship with us or otherwise deals with us, and (iii) other third parties (e.g. clients, counterparties, legal protection insurance companies, credit agencies, associations, contractual partners). This includes, in particular, the data we process in the initiation, conclusion and execution of contracts as well as data from correspondence or discussions with third parties, but also all other categories of data pursuant to section 3.

5. To whom do we disclose your data?

In connection with the purposes set forth in section 3, we transfer your personal data in particular to the categories of recipients listed below. If necessary, we obtain your consent for such transfer or have the competent supervisory authority release us from our professional obligation of confidentiality.

Service providers: We work with service providers in Switzerland and abroad that process (i) data on our behalf (e.g. IT providers), (ii) data in joint responsibility with us or (iii) data on their own responsibility that hey have received from us or have collected on our behalf. Such service providers include e.g. IT providers, banks, insurance companies, fiduciaries, other law firms or consulting companies.

Clients and other contractual partners: This mainly includes our clients and our other contractual partners for whom a transfer of your data results from the contract (e.g. because you work for a contractual partner or the latter provides services to you). This category of recipients also includes entities with which we cooperate, such as other law firms in Switzerland and abroad or legal protection insurance companies. As a rule, the recipients process the data on their own responsibility.

Authorities and courts: We may pass on personal data to administrative offices, courts and other authorities in Switzerland and abroad if this is necessary for the fulfillment of our contractual obligations and, in particular, to conduct our mandate or if we are legally obliged or entitled to do so or if this appears necessary to protect our interests. The recipients process the data on their own responsibility.

Counterparties and persons involved: To the extent necessary for the fulfillment of our contractual obligations, in particular to conduct our mandate, we will also pass on your personal data to counterparties and other persons involved (e.g. guarantors, financiers, affiliated companies, other law firms, respondents or experts, etc.).

Other persons: This refers to other cases in which the inclusion of third parties results from the purposes according to section 3. This includes e.g. delivery addressees or payment recipients specified by you, third parties in the context of proxy relationships (e.g. your lawyer or your bank) or persons involved in official or legal proceedings. We may also pass on your personal data to our supervisory authority, in particular if this is, in the individual case, necessary to release us from our professional obligation of confidentiality. You may also be affected if we cooperate with the media and transmit content to them (e.g. photos). In the framework of business development, we may sell or acquire businesses, parts of businesses, assets or companies or enter into partnerships, which may also result in the disclosure of data (including your data, e.g. as a client or supplier or as their representative) to the parties involved in these transactions.

All these categories of recipients may involve third parties, so your data may also become accessible to the latter. We can restrict the processing by certain third parties (e.g. IT providers), but not by others (e.g. authorities, banks, etc.).

We reserve the right to allow certain third parties to collect personal data from you on our website and at events organized by us (e.g. media photographers, providers of tools we have embedded on our website, etc.). Unless we are decisively involved in such data collections, these third parties are solely responsible for the data processing. If you have any concerns or wish to assert your data protection rights, please contact these third parties directly. We have outlined your rights in section 7. Information about the activities on our website can be found in section 8.

6. Will your personal data also be transferred cross-border?

We process and store personal data mainly in Switzerland and the European Economic Area (EEA). However, depending on the circumstances, personal data may potentially be processed in any country in the world, for instance through subcontractors of our service providers or in proceedings before foreign courts or authorities. In the framework of our activities for clients, your personal data may also end up in any country in the world.

If a recipient is located in a country without adequate data protection, we contractually obligate the recipient to comply with an adequate level of data protection (for this purpose, we use the revised standard contractual clauses of the European Commission, which can be accessed via https://eur-lex.europa.eu/eli/dec_impl/2021/914/ , including the required adaptations for Switzerland), insofar as the recipient is not already subject to a legally recognized set of rules to ensure data protection. We may also disclose personal data to a country without adequate data protection without entering into a separate contract for this purpose if we can rely on an exception clause. An exception may in particular apply in case of legal proceedings abroad, but also in cases of overriding public interests or if the execution of a contract that is in your interest requires such disclosure (e.g. if we disclose data to our correspondent law firms) if you have consented or if it is not possible to obtain your consent within a reasonable period of time and the disclosure is necessary to protect your life or physical integrity or that of a third party or if data is concerned that you made publicly available, the processing of which you have not objected to. We may also rely on the exception for data from a register provided for by law (e.g. commercial register) to which we have been legitimately granted access.

7. What rights do you have?

You have certain rights in connection with our data processing. In accordance with applicable law, you may, in particular, request information about the processing of your personal data, have inaccurate personal data rectified, request the deletion of personal data, object to data processing, request the release of certain personal data in a standard electronic format or its transfer to other data controllers.

If you wish to exercise your rights vis-à-vis us, please contact us; you will find our contact details in section 2. In order to prevent misuse, we must verify your identity (e.g. with a copy of your ID, if necessary).

Please note that conditions, exceptions or limitations apply to these rights (e.g. to protect third parties or trade secrets or due to our professional obligation of confidentiality or mandatory statutory provisions). We reserve the right, for reasons of data protection law or confidentiality, to blacken copies or disclose them only in part.

8. Our website uses Google Maps

Our website uses Google Maps in order to visually present geographic information. Diese Website verwendet Google Maps, um geographische Informationen visuell darzustellen. Further information about the use of Google Maps and data processing by Google can be found in the terms of use and data protection declaration of Google, which can be accessed via the link at the bottom of the Google map published on our website. We assume no liability for the compliance of Google with data protection law and data protection guidelines.

Some of the third party providers we use may be located outside of Switzerland. Information about cross-border data transfers can be found in section 6. In terms of data protection law, they may be either “only” data processors of us or data controllers themselves. Their data protection declarations will provide further information.

9. How do we process personal data on our social media pages?

We maintain pages and other online presences on social networks and other platforms operated by third parties. In this context, we process data about you. We receive data from you (e.g. when you communicate with us or comment on our content) and from the platforms (e.g. statistics). The platform providers may analyze your usage and process this data together with other data they have about you. They also process this data for their own purposes (e.g. marketing and market research purposes and to manage their platforms) and, for this purpose, act as individual data controllers. For more information about the processing by the platform operations, please refer to the data protection declaration of the respective platforms.

We currently maintain a presence on the following platform, with the identity and contact details of the platform operator available in the respective data protection declaration:

LinkedIn
www.linkedin.com
Data protection declaration: https://de.linkedin.com/legal/privacy-policy

We are entitled, but not obliged, to check external contents before or after its publication on our online presences, to delete content without notice and, if necessary, to report it to the provider of the relevant platform.

The platform operator may be located outside of Switzerland. Information about cross-border data transfers can be found in section 6.

10. What else needs to be considered?

We do not presume that the EU General Data Protection Regulation (“GDPR”) is applicable to our data processing. However, should this exceptionally be the case for certain data processing, this section 10 shall additionally apply exclusively for the purposes of the GDPR and the data processing subject to it.

We base the processing of your personal data in particular on the fact that

it is, as described in section 3, necessary for the initiation and conclusion of contracts and their administration and enforcement (art. 6 para. 1 lit. b GDPR);

it is, as described in section 3, necessary for the protection of legitimate interests of us or of third parties, namely for the communication with you or third parties, to operate our website, to improve our electronic offers and registration for certain offers and services, for security purposes, for compliance with Swiss law and internal regulations, for our risk management and corporate governance and for other purposes, such as training and education, administration, evidence and quality assurance, organization, implementation and follow-up of events and protection of other legitimate interests (see section 3) (art. 6 para. 1 lit. f GDPR);

it is, due to our mandate or position, legally required or permitted under the law of the EEA or a member state (art. 6 para. 1 lit. c GDPR) or is necessary to protect your vital interests or those of other natural persons (art. Para. 1 lit. d GDPR);

you have separately consented to the processing (art. 6 para. 1 lit. a and art. 9 para. 2 lit. a GDPR).

We would like to point out that, as a rule, we process your data for as long as is required for our processing purposes (see section 3), the legal retention periods and our legitimate interests, in particular for documentation and evidence purposes, or for as long as storage is technically required (e.g. in case of backups or document management systems).

If you do not disclose certain personal data to us, this may mean that it is not possible to provide the related services or conclude a contract. In principle, we indicate which personal data requested by us are mandatory.

The right to object to the processing of your data described in section 7 applies in particular to data processing for the purpose of direct marketing.

If you do not agree with our handling of your rights or data protection, please let us know (see contact details in section 2). If you are in the EEA, you also have the right to complain to the data protection supervisory authority of your country. You will find a list of such authorities in the EEA here: https://edpb.europa.eu/about-edpb/about-edpb/members_en.

11. Can this Data Protection Declaration be changed?

This Data Protection Declaration is not part of any contract with you. We may amend this Data Protection Declaration at any time. The version published on this website is the current version.