Privacy Policy

Responsible entity within the meaning of data protection laws, in particular the EU General Data Protection Regulation (GDPR), is:

General Information

Based on Article 13 of the Swiss Federal Constitution and the data protection provisions of the Federal Government (Data Protection Act, DPA), every person is entitled to the protection of their privacy as well as protection against misuse of their personal data. The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

In cooperation with our hosting providers, we strive to protect the databases as well as possible against unauthorized access, loss, misuse, or falsification.

We point out that data transmission on the Internet (e.g., when communicating by email) can have security gaps. Complete protection of data from access by third parties is not possible.

By using this website, you agree to the collection, processing, and use of data as described below. This website can generally be visited without registration. Data such as pages accessed or the name of the file accessed, date, and time are stored on the server for statistical purposes, without these data being directly related to you personally. Personal data, in particular name, address, or email address, are collected on a voluntary basis wherever possible. Without your consent, the data will not be passed on to third parties.

Processing of Personal Data

Personal data is any information relating to an identified or identifiable person. A data subject is a person whose personal data is processed. Processing includes any handling of personal data, regardless of the means and procedures used, in particular the storage, disclosure, procurement, deletion, saving, modification, destruction, and use of personal data.

We process personal data in accordance with Swiss data protection law. In addition, we process personal data - insofar and as far as the EU GDPR is applicable - according to the following legal bases in connection with Art. 6 para. 1 GDPR:

• Consent (Art. 6 para. 1 sentence 1 lit. a. GDPR) - The data subject has given their consent to the processing of their personal data for one or more specific purposes.
• Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b. GDPR) - Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
• Legal obligation (Art. 6 para. 1 sentence 1 lit. c. GDPR) - Processing is necessary for compliance with a legal obligation to which the controller is subject.
• Protection of vital interests (Art. 6 para. 1 sentence 1 lit. d. GDPR) - Processing is necessary in order to protect the vital interests of the data subject or of another natural person.
• Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR) - Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
• Application procedure as a pre-contractual or contractual relationship (Art. 9 para. 2 lit. b GDPR) - If, in the context of the application procedure, special categories of personal data within the meaning of Art. 9 para. 1 GDPR (e.g., health data, such as information about a severe disability or ethnic origin) are requested from applicants so that the controller or the data subject can exercise the rights arising from employment law and the law of social security and social protection and fulfill their respective obligations, their processing is carried out in accordance with Art. 9 para. 2 lit. b GDPR, in the case of protection of vital interests of the applicants or other persons according to Art. 9 para. 2 lit. c GDPR or for purposes of preventive or occupational medicine, for the assessment of the employee’s working capacity, for medical diagnosis, for the provision of health or social care or treatment or the management of health or social care systems and services according to Art. 9 para. 2 lit. h GDPR. In the case of voluntary disclosure of special categories of data, their processing is based on Art. 9 para. 2 lit. a GDPR.

We process personal data for as long as is necessary for the respective purpose or purposes. In the case of longer retention obligations due to legal and other obligations to which we are subject, we restrict processing accordingly.

Security Measures

We take appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art, implementation costs, the nature, scope, circumstances, and purposes of processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, to ensure a level of security appropriate to the risk.

Measures include, in particular, securing the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data as well as access, input, disclosure, securing availability, and separation of the data. Furthermore, we have established procedures to ensure the exercise of data subject rights, deletion of data, and responses to data threats. We also take the protection of personal data into account as early as the development or selection of hardware, software, and procedures, in accordance with the principle of data protection by design and by default.

Transfer of Personal Data

In the course of processing personal data, it may happen that the data is transferred to other entities, companies, legally independent organizational units, or persons, or disclosed to them. Recipients of this data may include, for example, service providers tasked with IT duties or providers of services and content that are integrated into a website. In such cases, we comply with legal requirements and, in particular, conclude appropriate contracts or agreements that serve to protect your data with the recipients of your data.

Data Processing in Third Countries

If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)), or if processing takes place in the context of using third-party services or disclosure or transfer of data to other persons, entities, or companies, this is only done in accordance with legal requirements.

Subject to express consent or contractually or legally required transfer, we process the data only in third countries with a recognized level of data protection, contractual obligation through so-called standard protection clauses of the EU Commission, in the presence of certifications, or binding internal data protection regulations (Art. 44 to 49 GDPR, EU Commission information page: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en).

Privacy Policy for Cookies

This website does not use cookies.

Privacy Policy for SSL/TLS Encryption

For security reasons and to protect the transmission of confidential content, such as inquiries you send to us as the site operator, this website uses SSL/TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Privacy Policy for Server Log Files

The provider of this website automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

• Browser type and version
• Operating system used
• Referrer URL
• Host name of the accessing computer
• Time of the server request

These data cannot be assigned to specific persons. This data is not merged with other data sources. We reserve the right to check this data retrospectively if we become aware of specific indications of unlawful use.

Rights of Data Subjects

Right to Confirmation

Every data subject has the right to request confirmation from the operator of the website as to whether personal data concerning them is being processed. If you wish to exercise this right of confirmation, you can contact the data protection officer at any time.

Right to Information

Every person affected by the processing of personal data has the right to obtain, at any time and free of charge, information from the operator of this website about the personal data stored about them and a copy of this information. Furthermore, information may be provided about the following:

• the purposes of processing
• the categories of personal data being processed
• the recipients to whom the personal data have been or will be disclosed
• if possible, the planned duration for which the personal data will be stored, or, if not possible, the criteria for determining this duration
• the existence of a right to rectification or erasure of personal data concerning them or to restriction of processing by the controller or a right to object to such processing
• the existence of a right to lodge a complaint with a supervisory authority
• if the personal data are not collected from the data subject: all available information about the origin of the data

Furthermore, the data subject has the right to know whether personal data have been transferred to a third country or to an international organization. If this is the case, the data subject also has the right to be informed of the appropriate safeguards relating to the transfer.

If you wish to exercise this right to information, you can contact our data protection officer at any time.

Right to Rectification

Every person affected by the processing of personal data has the right to request the immediate rectification of inaccurate personal data concerning them. Furthermore, the data subject has the right, taking into account the purposes of the processing, to request the completion of incomplete personal data - also by means of a supplementary statement.

If you wish to exercise this right to rectification, you can contact our data protection officer at any time.

Right to Erasure (Right to be Forgotten)

Every person affected by the processing of personal data has the right to request from the controller of this website the immediate erasure of personal data concerning them, provided that one of the following reasons applies and insofar as the processing is not necessary:

• The personal data were collected or otherwise processed for purposes for which they are no longer necessary
• The data subject withdraws their consent on which the processing was based, and there is no other legal ground for the processing
• The data subject objects to the processing for reasons arising from their particular situation, and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing in the case of direct marketing and related profiling
• The personal data have been unlawfully processed
• The erasure of personal data is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject
• The personal data have been collected in relation to information society services offered directly to a child

If one of the above reasons applies and you wish to arrange for the deletion of personal data stored by the operator of this website, you can contact our data protection officer at any time. The data protection officer of this website will ensure that the deletion request is complied with immediately.

Right to Restriction of Processing

Every person affected by the processing of personal data has the right to request from the controller of this website the restriction of processing if one of the following conditions is met:

• The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data
• The processing is unlawful, the data subject opposes the erasure of the personal data and requests instead the restriction of their use
• The controller no longer needs the personal data for the purposes of processing, but the data subject requires them for the establishment, exercise, or defense of legal claims
• The data subject has objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject

If one of the above conditions is met and you wish to request the restriction of personal data stored by the operator of this website, you can contact our data protection officer at any time. The data protection officer of this website will arrange the restriction of processing.

Right to Data Portability

Every person affected by the processing of personal data has the right to receive the personal data concerning them in a structured, commonly used, and machine-readable format. They also have the right to have this data transmitted to another controller, where technically feasible and provided that this does not adversely affect the rights and freedoms of others.

To exercise the right to data portability, you can contact the data protection officer appointed by the operator of this website at any time.

Right to Object

Every person affected by the processing of personal data has the right to object at any time, for reasons arising from their particular situation, to the processing of personal data concerning them.

The operator of this website will no longer process the personal data in the event of an objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject, or if the processing serves the establishment, exercise, or defense of legal claims.

To exercise the right to object, you can contact the data protection officer of this website directly.

Right to Withdraw Consent

Every person affected by the processing of personal data has the right to withdraw consent to the processing of personal data at any time.

If you wish to exercise your right to withdraw consent, you can contact our data protection officer at any time.

Paid Services

To provide paid services, we request additional data, such as payment details, in order to process your order or assignment. We store this data in our systems until the statutory retention periods have expired.

Notice on Data Transfer to the USA

Our website includes tools from companies based in the USA. If these tools are active, your personal data may be transferred to the US servers of the respective companies. We point out that the USA is not a safe third country in the sense of EU data protection law. US companies are obliged to hand over personal data to security authorities without you as the data subject being able to take legal action against this. It cannot therefore be ruled out that US authorities (e.g., intelligence services) process, evaluate, and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities.

Changes

We may amend this privacy policy at any time without prior notice. The current version published on our website applies. If the privacy policy is part of an agreement with you, we will inform you of the change by email or other appropriate means in the event of an update.

Questions to the Data Protection Officer

If you have any questions about data protection, please send us an email or contact the person responsible for data protection listed at the beginning of this privacy policy directly in our organization.

Source: SwissAnwalt