Privacy Notice

Status: 31.08.2023

IMPORTANT NOTE: The German version of this document will govern our relationship – this translated version is provided for convenience only and will not be interpreted to modify the German version. For the German version, please see https://www.snplegal.com/datenschutz

With this Privacy Notice we inform you which personal data we collect and process in connection with our activities. It applies to all processing activities that are related to personal data. We process the data received and collected responsibly, in accordance with the applicable legal provisions and in accordance with this Privacy Notice. Our processing is generally subject to the Swiss Data Protection Act (FADP).

If we consider it useful, we will provide you with supplementary Privacy Notices and other legal documents (in particular mandate agreements) for individual or additional processing.

1 Who are we?

We are the law firm Suffert Neuenschwander & Partner (Rotfluhstrasse 91, 8702 Zollikon, Switzerland) and are responsible for the processing of your personal data that we describe here (unless otherwise stated in the individual case). References in this Privacy Notice to “SNPlegal”, “we” or “us” are references to Suffert Neuenschwander & Partner.

If you have a data protection concern, you can contact us at the following address:

Suffert Neuenschwander & Partner
Attn: Simon Oeschger
Rotfluhstrasse 91
8702 Zollikon
Switzerland

zurich@snplegal.com, subject “Privacy”

2 What personal data do we process?

In particular, we collect and process the following personal data from you:

  • Master data, such as name, address, e-mail address, telephone number, gender, date of birth, social media profiles, photos, videos, business relationship details (customer, service provider, etc.), history, official details (e.g. commercial register excerpts, permits, etc.), details of subscribed newsletters or other advertising (incl. consents);
  • Communication data, such as contact details, method of communication (telephone, e-mail, text messages, video messages, etc.) as well as location, date, time and content of the communication;
  • Registration data, such as username, password, e-mail address;
  • Case data, such as data we need to conduct our mandate (e.g. legal advice and representation of our clients before courts and authorities);
  • Financial data, such as payment details, credit rating details;
  • Contractual data, data arising in connection with the conclusion or processing of the contract, such as details on the conclusion of the contract, acquired claims and receivables, information on customer satisfaction, purchasing information (e.g. date, place, time, history of purchase as well as quantity, type and value of goods/services);
  • Technical data, such as IP address, operating system, date, time, geographical information;
  • Behavioral data, such as duration and frequency of visits to our website, date and time of a visit or opening of a message (newsletter, e-mail, etc.), location of your terminal device, interaction with our online presences on social networks or other third-party platforms;
  • Preference data, such as user preferences, data from the analysis of the collected data (esp. behavioral data);
  • Other data that you provide to us about yourself.

3 How do we collect personal data?

We collect your personal data in a variety of ways. On the one hand, we collect personal data that you have provided to us (e.g. by e-mail, telephone, letter post, video call), that we receive from third parties (e.g. from business partners, authorities, counterparties, legal protection insurers) and that we collect about you (e.g. from publicly accessible registers, websites, business partners).

3.1 Transferred data

You provide us with your personal information when you interact with us, such as in the following circumstances:

  • When you communicate with us;
  • When you visit our stores or other premises;
  • When you attend customer events and public events organized by us;
  • When you purchase our products or services;

The data provided includes, in particular, master data, communication data, case data and contract data, but also preference data as well as image and audio recordings of (video) telephone calls. In the case of audio or video recording, we will inform you separately and you are free to inform us if you do not wish to be recorded or to terminate the communication. If we need or want to establish your identity, we will collect additional data from you (e.g. a copy of an ID).

As a rule, the provision of personal data is voluntary, i.e. in most cases you are not obliged to disclose personal data to us. However, we must collect and process those personal data that are necessary for the processing of a contractual relationship and the fulfillment of the associated obligations or are required by law, e.g. mandatory master and contract data. Otherwise, we cannot conclude or continue the respective contract.

If you transmit data about other persons (e.g. family members, employees) to us, we assume that you are authorized to do so and that this data is correct. Please make sure that these other persons are informed about this Privacy Notice.

If you do not provide us with certain personal data, this may mean that it is not possible to provide the related service or conclude a contract. We will generally disclose to you where personal data requested by us is mandatory.

3.2 Received data

We may also receive personal information about you from third parties, such as the following third parties:

  • From business partners with whom we cooperate, e.g. banks, correspondence offices, (legal protection) insurance companies, and other contractual partners;
  • From people who communicate with us;
  • From counterparties;
  • From credit reporting agencies, e.g. when we obtain credit reports;
  • From address dealers or the Swiss Post, e.g. for address updates;
  • From providers of online services, e.g. Internet analysis services and communication services;
  • From authorities and courts, in connection with official and judicial proceedings.

The data received are in particular master, communication, financial, case and contract data, but also preference and communication boundary data.

3.3 Data collected

We may also collect your personal data ourselves or by automated means, such as in the following circumstances:

  • When you use our offers;
  • When you use our services;
  • When you order and/or purchase products from us;
  • When you visit our websites;
  • When we consult publicly available sources (e.g., public registries, websites, platforms, sanctions lists);
  • If we obtain information about you from your organization or from another organization or company (e.g. for reference purposes in the application process, if you consent to this)
  • When we work with business partners;
  • When you click on a link in one of our newsletters or otherwise interact with one of our electronic promotional communications.

The data collected includes, in particular, behavioral data and technical data.

We can also derive further personal data from already existing personal data, e.g. by evaluating the behavioral data. Frequently, such derived personal data is preference data.

4 For what purposes do we process personal data?

We process your personal data primarily in order to conclude and process our contracts with you, our customers and our business partners (e.g. to manage mandates). In particular, we also process your personal data for the following purposes:

  • to communicate with you;
  • to provide and improve our services (including websites) to you and our customers;
  • to manage the business relationship with you and our customers;
  • to conduct advertising, marketing, market research and product development;
  • To ensure your and our security and prevent misuse (e.g., for IT security, theft, fraud and abuse prevention, and evidentiary purposes).
  • to comply with legal and regulatory obligations;
  • to assert our claims and defend ourselves against the claims of others;
  • to prepare and execute the sale or purchase of business units, companies or parts of companies and other transactions under company law, as well as the related transfer of personal data;
  • for business management.

In processing personal data for the purposes described in this statement, we rely, among other things, on our legitimate interest in maintaining, developing and managing the business relationship and communicating with you as a business partner about our products and services.

For certain purposes, you can give us consent to process your personal data. Unless we have another legal basis, we process your personal data within the scope of and based on this consent. You can revoke your consent at any time. A revocation has no effect on processing that has already taken place.

5 Why and how do we share data?

We may share your Personal Data with trusted third parties as necessary or appropriate to provide our services or fulfill the purposes defined in this Privacy Notice. In particular, we may share your personal data with the following categories of recipients: External service providers (e.g. IT service providers, auditors, freight forwarders, payment services); clientele as well as other contractual partners (e.g. correspondence law firms and legal protection insurers); counterparties, their legal representatives and involved persons; business partners with whom we may need to coordinate the provision of services; authorities and courts. Please note that these recipients may in turn involve third parties, so that your data may also become accessible to them.

Where we share your personal data with third parties who process your personal data on our behalf, we do so on the basis of our instructions and in accordance with our Privacy Notice and other appropriate confidentiality and security measures. For example, we use service providers to help us operate our IT infrastructure, provide our products and services, improve our internal business processes, and provide additional support to our customers.

As a matter of principle, we process your personal data only in Switzerland and in the European Economic Area (EEA) (see also below para. 6). On our websites, we use services of third-party providers, please refer to our Cookie Policy (below para. 12) regarding independent data collection by third-party providers.

6 Why and how do we share data abroad?

We may transfer your personal data to recipients in the European Economic Area (EEA), as well as to recipients in the USA and other countries that do not ensure a level of data protection comparable to Swiss law (so-called third countries). We usually do this if it is necessary for the performance of a contract or the enforcement of legal claims. If we disclose data to other third countries and you are not already aware of this (e.g. from a contract or communication with us), the respective state, international body or at least the region can generally be found at the appropriate place in this Privacy Notice and in particular in the Cookie Policy. We will only transfer your personal data to a third country if the requirements under data protection law are met (e.g. following the conclusion of recognized standard data protection clauses or consent obtained) or if we can rely on an exceptional provision. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interests or if the performance of a contract that is in your interest requires such disclosure.

7 How do we use profiling?

Profiling” is the automated processing of personal data so that personal aspects can be analyzed or predictions made (e.g., analysis of personal interests and habits). As a rule, preference data is derived through profiling. We do not use profiling.

8 How do we make automated individual decisions?

“Automated individual decisions” are decisions which are made fully automatically, i.e. without human involvement, and which may entail legal consequences for the data subject or otherwise significantly affect him or her. We do not make automated individual decisions.

9 How do we protect data?

We take appropriate technical (e.g. firewall, SSL encryption, password protection) and organizational (e.g. access restriction, training of authorized persons) security measures to maintain the security of your personal data. Through these measures, we protect your personal data against unauthorized or unlawful processing, access and/or accidental loss, alteration, disclosure. Please always keep in mind that the transmission of information via the Internet and other electronic means involves certain security risks. We cannot guarantee the security of information transmitted in this way.

10 How long do we keep data?

We keep your personal data for as long as it is necessary for our processing purposes (cf. para. 4), the legal retention periods (usually five or 10 years) and our legitimate interests, in particular for documentation and evidence purposes, require it or storage is technically necessary (e.g. in the case of backups or document management systems). We delete or anonymize your personal data, provided that there are no legal or contractual obligations or technical reasons to the contrary, in principle after the storage and processing period has expired as part of our usual processes and in accordance with our retention policy.

11 Social media

On social networks and other platforms operated by third parties, we may operate pages and other online presences (e.g. fan pages, channels, profiles) and collect and process data about you there (in particular contact and profile data) that you or the social networks give us. We receive the data when you come into contact with us via our online presence (e.g. calling up and commenting on posts). We receive aggregated or otherwise sufficiently anonymized data from the platforms for evaluation, so that we can further develop our offered contributions and services. We process the data in particular for communication, marketing purposes (including advertising on these platforms) and market research. We may distribute content published by you ourselves or delete or restrict content from or about you in accordance with the usage guidelines. Personal data may also be processed outside of Switzerland and the European Economic Area (EEA), in particular in the USA.

Furthermore, the platforms evaluate your use of our online presences and link this data with other data about you known to the platforms. They also process this data for their own purposes under their own responsibility, in particular for marketing and market research purposes (e.g. to personalize advertising) and to control their platforms (e.g. which content they show you).

When using the platforms, other legal documents (e.g. GTC and terms of use) apply in addition to the corresponding Privacy Notice.

We currently use the following platform:

  • LinkedIn by LinkedIn Ireland, Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, whereby data may also be transferred to the USA. We are jointly responsible with LinkedIn and have concluded the so-called “Page Insights Joint Controller Addendum” (https://legal.linkedin.com/pages-joint-controller-addendum). For more information regarding data processing by LinkedIn, please refer to Linkedin’s Privacy Notice: https://www.linkedin.com/legal/privacy-policy.

12 Cookie Policy

In the following, we describe how and for what purpose we use cookies and similar technologies when using our websites and process personal and other data in the process.

12.1 What is log data?

Every time you connect to a web server, certain information is logged and stored for technical reasons. When you visit our website, information is automatically sent to our website server. This information includes the IP address of your computer, the date and time of access, the name and URL of the retrieved data, the website from which the access is made (referrer URL), the browser type and version, as well as other information transmitted by the browser (e.g. operating system of your computer, geographical origin, language setting). This information is temporarily stored in a so-called log file and kept in accordance with legal requirements. We process the data for the purpose of ensuring a smooth connection setup and a comfortable use of our website as well as the evaluation of system security and stability.

12.2 What are cookies and similar technologies?

We may set cookies and similar technologies on our website. Cookies are usually small text files that your browser automatically creates and stores on your device (computer, tablet, smartphone, etc.) when you visit our site. Session cookies store your input as you navigate from page to page within the website. Session cookies are deleted after a short time, at the latest when you close your browser. Persistent cookies remain stored for a certain period of time even after you close your browser. Similar technologies include, for example, pixel tags (invisible images or a program code that are loaded from a server and thereby transmit certain information to the operator of the server), fingerprints (information of the terminal device and the browser that is collected when a website is called up and in connection distinguishes the terminal device from others) and other technologies (e.g. “web storage”) for storing data in the browser.

We use both persistent and session cookies on our website. We cannot identify you with a cookie in every case. We use cookies and similar technologies so that we can statistically record the use of our website and evaluate it for the purpose of optimization and user-friendliness. Likewise, we use cookies for the purpose of providing our services (esp. technically necessary cookies). Cookies have different retention periods. We have no influence over the retention period of cookies set by third-party providers.

12.3 How can you disable cookies and similar technologies?

You can configure your browser so that it does not automatically accept cookies and similar technologies or deletes existing cookies and other data stored in the browser. You can also extend your browser with additional software (so-called “add-ons” or “plug-ins”), which then prevents tracking by certain third parties. As a rule, you will find further information in your browser’s help pages under the keyword “Privacy”. Please note that the partial or complete deactivation of cookies may mean that you cannot use all the functions of our websites.

12.4 What cookies and similar technologies do we use and how do we use them?

a) Technically necessary cookies

We use persistent cookies to store your personal user settings (especially regarding cookies and language selection on our website). In doing so, we will not process any personal data about you. The purpose of the processing is to re-identify your personal settings on our website. This cookie is necessary for the functionality of our website. After three months at the latest, the cookie will be automatically deleted from your system. You can also delete the cookie manually at any time. Please note that your user settings will be lost in the process.

b) Performance and reach measurement

We use the following services in particular to measure success and reach:

  • Google Analytics by Google Ireland Ltd., with its registered office in Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Ltd. relies on Google LLC, based in the USA, as its Processor. This involves monitoring and recording the way in which our website is used. Google Analytics uses permanent cookies for the collection of anonymous information (e.g. number of visitors to the website, origin of visitors, length of stay). As a matter of principle, we do not transmit any personal data or complete IP addresses to Google. Google provides us with the collected information in aggregated form. We do not have the possibility to identify the individual visitor. However, Google may use the additional data it collects and the knowledge gained from it for its own purposes. Google knows you if you have registered with Google. Google then processes your personal data on its own responsibility and in accordance with its privacy policy. More information regarding the data collected can be found in the Privacy Notice of Google Ireland Limited at: https://policies.google.com/privacy.

12.5 Website plugins

On our website, we use various plugins (extensions) from third parties in order to be able to use additional functions. In particular, we use plugins for the following functions:

a) Maps

We use third-party embedded map services on our website. In particular, we use the following services:

  • Google Maps including Google Maps Platform by Google Ireland Ltd., with its registered office in Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Ltd. relies on Google LLC, based in the USA, as its Processor. More information regarding the data collected can be found in the Privacy Notice of Google Inc. at: https://policies.google.com/privacy.

b) Fonts

We use third-party services to embed fonts (including logos, icons, and symbols) on our website. In particular, we use the following services:

  • Adobe Fonts (Typekit) from Adobe Systems Software Ireland Limited 4-6 Riverwalk, Citywest Business Park, Dublin 24, Ireland. Adobe’s Privacy Notice can be found at: https://www.adobe.com/privacy/policies/adobe-fonts.html.
  • Google Fonts by Google Ireland Ltd., with its registered office in Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Ltd. relies on Google LLC, based in the USA, as its Processor. The Privacy Notice of Google Ireland Limited can be found at: https://policies.google.com/privacy. Answers to frequently asked questions about data protection can be found here: https://developers.google.com/fonts/faq/privacy.
  • Font Awesome by Fonticons Inc, 307 S Main St, Ste 202 Bentonville, AR, 72712-9214, USA. The Privacy Notice of Fonticons Inc. can be found at: https://fontawesome.com/privacy.

13 What rights do you have?

As a potentially affected person, you can assert various claims against us in accordance with the applicable national and international provisions. We may process your personal data again to fulfill your claims.

You have the following rights in relation to your personal data:

  • You have the right to obtain information about what personal data we have about you and how we process it;
  • You have the right to surrender or transfer a copy of your personal data in a common electronic format, provided that the data is processed automatically and the data is processed with your consent or in direct connection with the conclusion or performance of a contract between you and us;
  • You have the right to have your personal data rectified if it is inaccurate;
  • You have the right to have your personal data erased;
  • You have the right to object to the processing of your personal data (especially in the case of data processing for the purpose of direct marketing).

Note that conditions and exceptions apply to these rights. We may limit or deny your request to exercise these rights to the extent permitted by law. We reserve the right to black out copies for data protection or confidentiality reasons or to provide only excerpts.

If you wish to exercise your rights against us or do not agree with our handling of your rights or data protection, please contact us; our contact details can be found in para. 1. In order for us to exclude misuse, we must identify you (e.g. with a copy of your ID, if necessary).

14 What applies in relation to the GDPR?

We do not assume that the EU General Data Protection Regulation (“GDPR”) is applicable in our case. However, should this exceptionally be different for certain data processing, then exclusively for the purposes of the GDPR and the data processing subject to it, this clause additionally applies 14.

We base the processing of your personal data in particular on the fact that

  • 4 and its administration and enforcement (Art. 6 para. 1 lit. b GDPR);
  • 4 namely to communicate with you or third parties, to operate our website, to improve our electronic offerings and registration for certain offers and services, for security purposes, to comply with Swiss law and internal regulations for our risk management and corporate governance and for other purposes such as training and education, administration, evidence and quality assurance, organization, execution and follow-up of events and to protect other legitimate interests (see para. 4) (Art. 6 para. 1 lit. f GDPR);

If you are in the EEA, you also have the right to restrict data processing and you can complain to the data protection supervisory authority in your country. You can find a list of authorities in the EEA here: https://edpb.europa.eu/about-edpb/board/members_en

15 How can we change this Privacy Notice?

We may change this Privacy Notice or add new processing activities at any time. We also update this Privacy Notice from time to time to reflect legal requirements. We will inform you about such adjustments and additions in an appropriate form, in particular we will publish the respective current Privacy Notice on our website (see below).

The current Privacy Notice can be accessed at any time at https://www.snplegal.com/en/privacy-notice/.

Bilanz/LeTemps: Award for SNPlegal