1. What information can you find in this privacy policy?
The protection of your personal data is very important to us. With this privacy policy we inform you which personal data we process, how we process them and for which purpose we process them. We have interpreted the present Privacy Policy in accordance with both Swiss data protection legislation as well as the Data Protection Regulation of the European Union. In particular, you can find the following information in the Privacy Policy:
- What personal data we process;
- the purpose for which we process your personal data;
- how long we process personal data;
- what rights you have in relation to your personal data; and
- who you can contact with concerns about your personal data.
2. Who is responsible and how can you contact us?
The following person ("we" or "us") is responsible for processing your personal data in accordance with this Privacy Policy:
Christoph Neubauer, Neubauer Law, Wiesenstrasse 10A, CH-8952 Schlieren
If you have any questions regarding the processing of your personal data, please feel free to contact us at the following address:
RA Christoph M. Neubauer, LL.M.
Neubauer Law
Wiesnstrasse 10A
8852 Schlieren
+41 44 737 03 13
christoph.neubauer[at]neubauerlaw.ch
3. Who is addressee of this Privacy Policy?
This Privacy Policy applies to all persons ("you") whose personal data we process. It does not matter how you contact us. This can happen via the website, by telephone, via social media, by email, etc. The Privacy Policy applies to both future and already collected personal data. In addition to this Privacy Policy, other documents and guidelines from us may contain references to the processing of personal data (e.g. mandate agreement, Cookie Policy, etc.).
4. What types of personal data do we process?
"Personal Data" means any information relating to an identified or identifiable individual. We process the following types of personal data, among others:
"Master Data" is basic personal data about you such as title, name, contact details, date of birth, interests, registration to newsletter etc. For example, it may include information about someone's role with a company or organization, or information such as employment history, income situation, family circumstances or health status.
"Contract Data" is Personal Data that we process as part of the initiation of business and for the execution of contracts. We mainly conclude contracts with our suppliers and clients. This may also involve transaction and payment data.
"Communication Data" means Personal Data that is collected when we correspond or communicate with each other via email, chat and other means of communication.
"Behavioral Data" are Personal Data that make statements about your behavior and activities in connection with our website. This includes, for example, information about behavior on websites or the utilization of electronic messages such as newsletters.
"Preference Data" is Personal Data that contains your interests and preferences. We process such data in order to provide you with customized offers and services. In doing so, we can combine Behavioral Data with other data, evaluate it and form groups of people who have certain similarities or overlaps with regard to certain characteristics.
Personal Data that is collected when you use our Website or our Social Media presence. In addition to small files that are stored when you call up websites (e.g. cookies for recognition or improvement of the services), this also includes data that log processes running in a computer or network system (e.g. log data and IP addresses and other connection and usage data).
5. Where does this Personal Data come from?
Often you transmit personal data to us yourself. This happens when you communicate with us, use our website or enter or want to enter into a contractual relationship with us (e.g. client relationship). The Personal Data transferred includes in particular Master Data, Communication Data and Contract Data and Technical Data. If you transfer Personal Data from third parties to us, we assume that you are authorized to do so and that you inform the data subject in a general manner about the processing by us or other external service providers (e.g. in a privacy policy for employees).
It may happen that we also receive your Personal Data from third parties. This happens, among other things, when you communicate with us and an intermediary third-party provider discloses your Personal Data, or we receive your Personal Data, for example, from public registers or within the scope of a client relationship.
Furthermore, we may also collect your Personal Data or derive it from already existing Personal Data. This happens when you use our website. Therefore, the Personal Data collected is often Technical Data and Behavioral Data, and the Personal Data analyzed is often Preference Data.
6. For what purposes do we process personal data
6.1 Contract execution
We process Personal Data in connection with the initiation, conclusion and execution of contracts. The purpose generally covers everything that is appropriate and necessary to initiate, conclude, perform, terminate and, if necessary, enforce contracts. Master Data, Contract Data, Communication Data, Behavioral Data and Preference Data may be covered by this purpose.
In particular, the following processing operations are part of the contract execution:
- Provide contractual services (e.g. within the scope of a mandate);
- decide whether to enter into a contract and under what terms;
- terminate contracts;
- correspondence with clients, opposing parties, authorities and courts and their employees or other contact persons;
- invoice for services, as well as maintain a dunning system and accounting;
- enforce legal claims arising from contracts;
- archive contracts.
6.2 Communication
We process Personal Data in connection with communication activities. The purpose generally covers everything that is appropriate and necessary to communicate with you. For this purpose, Master Data, Technical Data, Communication Data, Behavioral Data and Preference Data may be used.
In particular, the following edits are part of the communication:
- Client relationship management;
- responding to inquiries;
- communication in connection with mandate relationships.
6.3 Information and marketing
We process Personal Data for marketing and information purposes. For this purpose, Master Data, Contract Data, Technical Data, Communication Data, Behavioral Data and Preference Data may be used. Subject to the attorney-client privilege, we may personalize our communications. Further information on profiling can be found in section 11.
In particular, the following processing belongs to information and marketing:
- Newsletters and promotional emails;
- printed materials such as advertising brochures, etc.;
- invitations to events.
6.4 Market research and service development
We process Personal Data described in the Cookie Policy in order to continuously improve our website and services and process such Personal Data for the purpose of market research. For this purpose we use in particular Master Data, Technical Data, Behavioral Data and Preference Data.
In particular, the following processing belongs to market research and service development:
- Improving the usability of the website;
- improving and further developing our services.
6.5 Safety and prevention
We process Personal Data described in the Cookie Policy in order to protect our websites and IT systems from misuse and to ensure security. For this purpose, we use in particular Master Data, Technical Data and Behavioral Data.
The purpose of safety and prevention includes in particular:
- Defend against and resolve malware and cyberattacks;
- control access to our websites and IT systems;
- create backup copies;
- test and analysis of our networks, IT systems and website.
6.6 Preservation of rights
We process personal data to comply with our legal obligations and to enforce our rights. This means that we use Personal Data, subject to other mandatory statutory provisions or contractual agreements, to enforce our claims in court and to comply with orders from authorities and courts. For this purpose, we use in particular Master data, Contract data, Technical data and Behavioral Data.
The purpose of preserving the law includes, in particular:
- Clarification, enforcement and defense of claims;
- receiving and processing complaints;
- disclosure to authorities if we are legally obliged to do so or have a factual reason to do so.
6.7 Administration
We process Personal Data for business operations, the performance of the mandate relationship and administration. For this purpose, we use in particular Master Data, Contract Data, Technical Data, Communication Data and Behavioral Data.
The purpose of the administration includes in particular:
- Analysis and improvement of the processes;
- administration such as accounting and IT;
- archiving data.
7. On what legal basis do we process Personal Data?
Our processing of personal data is based on different legal bases, depending on the purpose for which the processing is based.
The processing may be necessary to protect legitimate own interests or the interests of third parties. In addition to the purposes described in Section 6 and the disclosures pursuant to Section 8, legitimate own interests may also include, for example, advertising and marketing activities. Legitimate interests may also include the interests of third parties, e.g. in the context of cooperation based on division of labor.
Furthermore, processing may also be necessary to comply with applicable legal provisions and thus include, for example, archiving and information obligations.
Processing may also be based on consent. This is the case, for example, if we receive Personal Data within the scope of a mandate.
In addition, the processing of personal data may be necessary to initiate the conclusion of contracts, e.g. in connection with a possible or existing client relationship.
8. With whom do we share Personal Data?
Except as provided otherwise by mandatory statutory law (e.g., attorney-client privilege) or contractual agreements, we may use the services of third parties and disclose your Personal Data to such third parties. Such third parties usually process your personal data on our behalf. As such an "order processor", they are obliged to process the Personal Data exclusively in accordance with our instructions and to take suitable data security measures. By means of contractual regulations, we ensure that data protection is guaranteed throughout the processing of your Personal Data.
Personal Data may be disclosed to third parties for the following services, among others:
- IT services such as website hosting, use of cloud services, sending email newsletters, IT support;
- payment services;
- shipping and consulting services we fiduciary and tax consulting.
In the course of a mandate, we may also disclose Personal Data to external service providers, the client, counterparties and their legal representatives, business partners with whom we may need to coordinate the provision of legal services, as well as to courts and authorities.
Except as provided otherwise by mandatory statutory law (e.g., attorney-client privilege), we may also disclose Personal Data to third parties for their purposes if, for example, you have given us your consent or we are required or authorized by law to disclose it.
In the following cases, this can happen, for example:
- Official or court order to disclose Personal Data in the context of court proceedings;
- Assertion of legal claims or defense against legal claims;
- Execution or evaluation of corporate transactions or transfer of assets.
Further information on the independent collection of Personal Data by third party providers as part of our website can be found in our Cookie Policy.
9. Do we disclose personal data abroad?
We store and process your Personal Data mostly in Switzerland and in the European Union. However, we may also process or have your Personal Data processed outside this area.
If the respective recipient country does not have a sufficient legal level of data protection, we will transfer the Personal Data either based on consent or standard contractual clauses, or if it is necessary for the fulfillment or execution of a contract or for the enforcement of legal claims. Despite all precautions, there remains a residual risk in the case of transfer abroad that, for example, the foreign state may still gain access.
10. How do we process sensitive Personal Data?
Certain Personal Data are classified as "sensitive personal data" by data protection laws. This includes, for example, data about a person's state of health or biometric characteristics. As a rule, we only process sensitive personal data if this is necessary for our services, if the person concerned has consented to the processing or if he or she has disclosed the sensitive personal data of his or her own accord. In addition, we may process sensitive personal data if the applicable rights permit processing, processing is necessary to comply with the law or the sensitive data has obviously been disclosed by the data subject.
We may process sensitive personal data in the following cases, for example:
- In connection with a mandate or other contractual relationship;
- You apply for a job with us, providing us with information about the existence of a criminal record.
11. How do we use profiling?
The term "profiling" means the automated processing of Personal Data in order to make predictions or analyze personal aspects, e.g., about likely behavior or personal preferences and interests.
Profiling can be used, for example, in the following automated processing actions:
- Processing of communication data, e.g. analysis of the response to the receipt of newsletters;
- Processing of Master Data, Behavioral Data and Technical Ddata, e.g. to analyze search queries on our website.
We use profiling in the course of our newsletter as described in the Cookie Policy and you can object to this under Cookie Settings.
12. How is the Personal Data protected?
We protect your Personal Data with a reasonable and proportionate technical and organizational precautions and take measures to protect your Personal Data against unauthorized or unlawful processing and unauthorized disclosure, and to protect against the risk of loss, accidental alteration and unauthorized access.
Organizational security measures include, among other things, directives to our employees, training, and controls. Technical security measures include encryption and pseudonymization, access control and logging.
13. How long is Personal Data processed?
The storage and processing of your Personal Data may last for different periods of time and depends on how long we have a legitimate interest in storing and processing your Personal Data, how long the legal retention obligations last and how long it is necessary for the fulfillment of the purpose for which we received your Personal Data.
For the retention of Personal Data, we are guided in particular by the following deadlines:
- The storage of Technical Data usually takes a few days, but can last up to 2 years. Certain Technical Data is deleted after the end of the session or use of the service.
- Contract Data is generally retained by us for 10 years after the end of the contract. For reasons of evidence, for technical reasons and for reasons of contractual or legal requirements, longer retention periods may apply.
- Communication Data such as written correspondence, contact via contact forms and emails are generally retained for 10 years.
- Master Data is stored for the duration of the user account unless further services are or were obtained or longer retention periods apply due to other contractual or legal requirements.
- We generally delete personal data from job applications after 6 months following completion of the application process, unless otherwise agreed.
Your personal data will be deleted or anonymized after the expiration of the aforementioned periods.
14. What rights do you have in connection with the processing of your Personal Data?
You have the right to object to the processing of your Personal Data. Provided that no legal exceptions are applicable and the respective applicable requirements are met, you can therefore exercise the following rights in connection with your Personal Data:
- Correction of incorrect or incomplete Personal Data;
- Deletion or anonymization of your Personal Data;
- Restriction of the processing of your Personal Data;
- Information about the Personal Data we have stored about you;
- Revocation of consent to the processing of your Personal Data for the future, insofar as the processing is based on consent;
- Hand over of certain of your Personal Data in a machine-readable, common and structured format.
The above rights may be restricted or excluded in individual cases, e.g. to comply with legal obligations or safeguarding interests that merit protection. For example, we may be permitted or required to retain or otherwise continue to process Personal Data despite a request to delete or restrict processing for legal reasons.
You can unsubscribe from newsletters and feeds such as Linkedin by using the corresponding third-party function resp. by clicking on the link attached to the email. You can also contact us directly (see section 2).
Furthermore, you have the right to complain to the respective competent governmental supervisory authorities if you have concerns as to whether our processing of your Personal Data complies with the law.
15. Changes to this Privacy Policy and Language
The current version of the Privacy Policy at the time of the start of data processing applies in each case. From time to time, the Privacy Policy may be adapted, e.g. if the applicable laws or our data processing changes. If we have your contact details and it is possible to contact you without disproportionate effort and without legal risk, we will inform you of any modifications affecting you.
In the event of a discrepancy between the German and English versions of this Privacy Policy, the German language version shall prevail.
Version dated September 1, 2023