This is not an exhaustive description. We can also inform you about data processing through other data protection statements or similar documents (e.g. contract terms, consent forms).
When processing personal data, we comply with the requirements of Swiss data protection law and, insofar as this is applicable to our data processing, also the European Data Protection Regulation (EU GDPR).
Controller / Contact
Responsible data controller for the data processing we describe here is: LANTER, Attorneys & Tax Consultants, Seefeldstrasse 19, P.O. Box, 8032 Zurich, firstname.lastname@example.org, +41 44 250 29 29.
If you have any questions about data protection, have a concern regarding the processing of your personal data or would like further information, please contact us at: email@example.com.
Collection and processing of personal data
Categories of personal data
Personal data is any information that identifies you or that can reasonably be used to identify you. Anonymous or statistical data that cannot be linked to the data subject or can only be linked to the the data subject with unreasonable effort are not included here.
The personal data we process includes:
- Master Data: Master data is your basic data such as first name, last name, contact details, information e.g. about role/function, employer/organization, bank details, date of birth, powers of attorney, signature authorizations, declarations of consent, photos and videos, copy of IDs, official documents (e.g. excerpts from the commercial register, etc.), other identification and background information, information about your relationship with us and about our interactions (e.g. history) as well as sensitive personal data such as health data.
- Contractual data: Contractual data is generated in connection with the initiation, conclusion or execution of a contract. This includes, for example, information about business partners, services, billing, insurance, financial and tax data, complaints, etc.
- Communication Data: If you are in contact with us (e.g. via the contact form, by e-mail, telephone, chat, letter), we collect the exchanged communication content, your name and contact details, as well as information about the type, time and place of communication and any image and audio recordings of (video) telephone calls. In the event of an audio or video recording (e.g. in a video conference), we will inform you separately and you are free to inform us that you do not wish to be recorded or to terminate the communication. For the purpose of identification (e.g., in the case of a request for information made by you), we collect data to establish your identity (e.g., a copy of your ID).
- Technical data: When you use our website or other offers, we collect certain technical data, such as IP address, date, time and duration of access, name and URL of the pages or files accessed, referrer URL (i.e. website from which access is made), operating system used by the user, information about the type and version of the browser used and the user’s Internet service provider and log data (logs in which we record the use of our systems) to ensure the functionality and security of these offers. Under certain circumstances, we may also assign an individual code to your terminal device (e.g. in the form of a cookie and similar technologies in order to recognize your terminal device).
- Registration data: Certain offers and services (e.g. newsletter dispatch) can only be used with registration, whereby you must provide us with certain data (such as name, user name, password, e-mail). We collect data about the use of these offers and services.
- Behavioral and Preference Data: When you use our website, applications and/or services, we may collect data about the corresponding usage, preferences and generally about your interaction with our offers.
- Other data: We also collect your personal data in other situations, e.g. data (such as files, evidence, etc.) in connection with official or judicial proceedings.
Origin of personal data
We generally process the personal data that we obtain in the course of our business activities or the operation of our website. We obtain the personal data
- from you yourself – e.g. in connection with our services, as part of a registration or through your communication with us, when using the website. The provision of your personal data is basically voluntary; however, we have to collect certain data in case of legal obligation or in the context of the respective contract with you or in order to provide our services or when you use our website; or
- from third parties – e.g. from your employer or principal who enters into contracts with us, transacts business or is otherwise involved with us; from public authorities and courts; from other third parties (e.g. clients, counterparties, legal protection insurers, credit agencies, address dealers, associations, contractual partners, Internet analysis services). This includes, in particular, the data that we process in the course of initiating, concluding and executing contracts, as well as data from correspondence and discussions with third parties, but also all other categories of data pursuant to section 3.1 above; or
- from publicly accessible sources such as public registers (such as debt collection registers, land registers, commercial registers, etc.), the media or the Internet (websites, social media, etc.).
If you do not disclose or provide certain personal data, it may not be possible to use the website or other applications or to provide related services or to conclude a contract.
Purposes of the data processing
We process your data for the following purposes:
- For the establishment of contractual relationships with our clients and other contractual partners (including for the clarification of any conflicts of interest and in the context of a KYC procedure). For this purpose, we may obtain and otherwise process master and contractual data, powers of attorney, declarations of consent, information about third parties (e.g. contact persons, family details and counterparties), contract content, date of conclusion, creditworthiness data and all other data that you provide to us or that we collect from public sources or third parties.
- For the administration and processing of contractual relationships with our clients and other contractual partners so that we can comply with our contractual obligations and, in particular, provide and collect the contractual services. This also includes data processing for management of our mandates (e.g. legal advice and representation of our clients before courts and authorities and correspondence) as well as data processing for the enforcement of contracts (debt collection, legal proceedings, etc.), accounting and public communication (if permitted). For this purpose, we may process master data, contractual data and other data that we receive or have collected in the course of initiating, recording, managing and settling contracts, or that we create in the course of our contractual services, or that we collect from public sources or other third parties.
- For communication with you and with third parties, such as parties to proceedings, courts or authorities, by e-mail, telephone, letter or other means of communication, e.g. for contract initiation and processing, for legal advice and representation, for answering inquiries or queries. For this purpose, we may in particular process the communication and master data.
- For relationship management and information, in order to send our clients and other contractual partners as well as other interested persons information about events, changes in the law, news about our law firm or similar, such as in the form of newsletters and other regular contacts (electronically, by mail, by telephone), invitations, etc. For this purpose, we may process in particular the communication and master data. You may refuse such contacts and mailings at any time, or refuse or withdraw consent to such contact.
- For the secure and stable operation of our website (ensuring connection establishment and functionality). For this purpose, we process in particular the technical data as well as cookies and similar technologies (see section 9 below).
- In connection with your registration for certain offers and services (e.g. newsletter). For this purpose, we process the registration data that you provide to us and communication, behavioral and preference data that we collect during the use of the offers or services.
- To improve our offerings, such as our website, other application software, online tools, etc., as well as our services. For this purpose, we collect technical, behavioral and preference data, e.g. by analyzing your navigation through the website, your usage of our services, your interaction with our tools, your comments, feedbacks and responses.
- To clarify and assert legal claims and defense in connection with legal disputes and official proceedings.
- For ongoing security of our IT and other infrastructure, access control, fraud and abuse prevention, and evidentiary purposes, e.g., by: analyzing technical, behavioral, and transactional data to identify suspicious behavior patterns and fraudulent activity; evaluating system-level records of the use of our systems (log data); preventing, deterring, and resolving cyberattacks and malware attacks; analyzing and testing our networks and IT infrastructures and performing system and error checks; controlling access to electronic systems (e.g., user account logins); documentation purposes; and creating backup copies.
- To comply with laws, directives and recommendations of authorities and internal regulations, e.g. (i) in the context of combating money laundering and terrorist financing by means of “know-your-customer” investigations, (ii) in the context of fulfilling disclosure, information or reporting obligations, e.g. in connection with supervisory, tax or professional obligations, (iii) in the context of self-regulations, certifications and industry standards, (iv) in the context of archiving obligations, (v) to prevent and clarify criminal offences and other misconduct, (vi) by cooperating in external investigations, e.g. by a law enforcement or regulatory authority; (vii) by receiving and processing complaints and other reports. For this purpose, we collect in particular master data, contractual data, behavioral data and other data the collection of which we deem necessary or useful to fulfill our compliance obligations.
- For the purposes of our risk management and prudent corporate governance, including business organization, corporate development. For this purpose, we collect and process all types of data.
- For job applications or for reviewing applications, for carrying out the application process and – in the case of successful applications – for preparing and concluding employment contracts. For this purpose, we may process your master data and communication data – in particular the data contained in the application documents as well as the data that we additionally obtain about you (e.g. from criminal records, the Internet, media, networks, references – if you have consented to obtaining references).
- For other purposes, e.g. for internal processes and administration, central storage and management of data, archiving, training and quality assurance purposes and also for the organization, implementation and follow-up of events. For these purposes we can process all kinds of personal data. The selection of other legitimate interests is also one of the other purposes, which cannot be named exhaustively. The protection of other legitimate interests is also one of the other purposes that cannot be named exhaustively.
Legal basis of the data processing
If a legal basis is required for the data processing (e.g. in case of possible applicability of the EU-GDPR), the legal bases listed below come into consideration:
- On the basis of the initiation, execution or fulfillment of a contract with you or of pre-contractual measures (where the EU GDPR applies: Art. 6 para. 1 lit. b EU GDPR).
- Based on legal requirements (if the EU GDPR applies: Art. 6 para. 1 lit. c EU GDPR) or if it is necessary to protect your vital interests or those of other natural persons (if the EU GDPR applies: Art. 6 para. 1 lit. d EU GDPR).
- Based on our legitimate interests, in particular (i) in the processing for the pursuit of the purposes described above under section 4 and for the implementation of the corresponding measures (e.g. our business interest in the provision of our website, communication, relationship management and information, improvement of our offers, information security, enforcement of our own legal claims, compliance with applicable law, etc.) and (ii) in the disclosure of data pursuant to Section 6 and the related objectives (where the EU GDPR applies: Art. 6 para. 1 lit. f EU GDPR). The legitimate interests include our own interests and the interests of third parties.
- If you have given us your consent to process your personal data for certain purposes (e.g., for the processing of sensitive personal data or the performance of a background check; if the EU GDPR applies: Art. 6 para. 1 lit. a EU-GDPR), we will inform you separately about the corresponding processing. Consent given can be revoked at any time with effect for the future (which, however, has no effect on data processing that has already taken place). After receipt of the revocation, we will no longer process your data for the purposes to which you originally consented, unless we have another legal basis for doing so.
Disclosure of data to third parties
We disclose personal data about you to third parties who assist us in the performance of a contractual relationship with you, in connection with our legal obligations, or otherwise within the scope of the aforementioned processing purposes. Third parties include the following categories of recipients:
- Service providers who process your data either (i) on our behalf (order processor) or (ii) under joint responsibility with us or (iii) under their own responsibility in connection with the performance of a contract, e.g.
- IT providers, such as for chat and video platforms, data analysis, data storage, financial data services, login services, technical support, newsletter delivery, web hosting, web design as well as
- service providers for accounting, document management, as well as banks, insurance companies, debt collection service providers, credit agencies, telecom companies, forensics, tax advisors, other law firms and consulting companies, legal directories.
We have contractually obligated these service providers to, among other things, comply with our data protection provisions, to maintain confidentiality and to provide evidence of the given technical and organizational measures for data security (to the extent that these obligations are not already provided for by law). Our partners and service providers may use your personal data exclusively for the purposes for which they were originally collected.
- Other third parties who process the personal data for their own purposes (i) if you have expressly consented to the corresponding transfer and processing or (ii) if we are legally obliged or entitled to transfer the data. In these cases, the data recipients are their own data controllers. These include, for example
- Clients and contractual partners of ours where the transfer of data arises from contracts between us and these third parties (e.g. if you work for the contractual partner or they provide services for you) – including other law firms and legal protection insurance companies;
- Domestic and foreign offices, courts and authorities, if this is necessary for the fulfillment of our contractual obligations and in particular for the conduct of our mandate, or if we are legally obligated or entitled to do so, or if this appears necessary to protect our interests (e.g. for the assertion, exercise or defense of legal claims) – including our supervisory authority, in particular insofar as this is necessary in individual cases for the release from our professional duty of confidentiality;
- Counterparties and other persons involved (such as cooperation partners who help us carry out our activities, affiliated companies, other law firms, experts, financiers, etc.), if this is necessary or appears reasonable to us for the fulfillment of our contractual obligations and in particular for the management of the mandate;
- Other third parties involved for the purposes set out in section 4 above, such as payees and delivery addressees specified by you, your representative (lawyer, bank, etc.) or other persons involved in official or legal proceedings;
- Third parties in connection with business development (new partnerships, mergers with other law firms, purchase/sale of businesses, parts of businesses, assets or companies), bankruptcies, assignments and similar matters.
All these categories of recipients may in turn involve third parties, so that your personal data may also become accessible to them.
We can restrict the processing by certain third parties (e.g. IT providers), but not by other third parties (e.g. authorities, banks).
Data transmission abroad
We process and store personal data mainly in Switzerland and the European Economic Area (EEA). However, the above-mentioned recipients of data may be located in any country in the world – e.g. in the case of proceedings before foreign courts or authorities, in the case of service providers and subcontracted processors in such countries or otherwise in the course of our activities for clients. In these cases in particular, you must expect that your personal data will be transferred to any such country.
If we transfer personal data to a country without adequate legal data protection, we contractually oblige the recipient to maintain an adequate level of data protection (for this purpose, we use the revised standard contractual clauses of the European Commission, which are available here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj, including the supplements necessary for Switzerland), unless (a) the recipient is already subject to a legally recognized set of rules to ensure data protection and (b) we can already rely on an exception. An exception may apply, for example, (i) in connection with legal proceedings abroad or (ii) in case of overriding public interests or (iii) if the execution or performance of a contract which is in your interest requires such disclosure (e.g. disclosure of your data to our correspondence offices), (iv) if you have given your consent, or (v) if it is not possible to obtain your consent within a reasonable period of time and the disclosure is necessary to protect your life or physical integrity or that of a third party, or (vi) if the data in question has been made generally available by you and you have not objected to its processing.
We process and store personal data for as long as necessary, in particular (a) to fulfill the processing purposes for which they are collected (see section 4 above), (b) to fulfill our contractual and legal obligations (including retention periods) and (c) for our legitimate interests in processing, e.g. (i) for documentation and evidence purposes or (ii) to enforce or defend claims or (iii) to ensure IT security (i.e. for example for the duration of the contractual relationship as well as beyond this period in accordance with the statutory retention and documentation obligations and until the limitation of contractual claims) and (d) as long as storage is technically required (e.g. in the case of backups or document management systems).
If personal data is no longer required for the above-mentioned purposes and there are no legal or contractual obligations or technical reasons to the contrary, the personal data will be deleted or made anonymous after the storage or processing period has expired in accordance with our usual procedures.
However, cookies do not identify you personally. We use (i) “session cookies”, which are used to recognize your computer when you return to the Website during a session and are automatically deleted when you close your browser, and (ii) “persistent cookies”, which allow us to recognize your computer during subsequent sessions and are automatically deleted after a certain period of time. The content of a persistent cookie is limited to an identification number. Name, IP address, etc. are not stored.
You can configure your web browser to automatically refuse the installation of all or some cookies, or to override or disable installed cookies (see the help menu of your browser for instructions). You can also disable or delete cookies on a case-by-case basis. However, if you block all cookies (including functional cookies) with your browser setting, this may result in reduced availability or impaired functionality of the websites.
Both the technical data we collect and cookies generally do not contain any personal data. However, personal data that we or third-party providers commissioned by us store from you may be linked to the technical data or to the information stored in and obtained from cookies and thus possibly to your person.
Multilingual plugin for WordPress
Processing purpose: We use WPML to display our website in different languages. The language setting you have selected is saved with a cookie on your end device. This allows personal data such as your activity as a user (in particular which pages were visited and which elements were clicked on) to be stored and analyzed.
Provider: OnTheGoSystems Limited, 22/F 3 Lockhart Road, Wanchai, Hong Kong
We take appropriate technical and organizational security measures to protect your personal data against unauthorized access, improper use or disclosure, unauthorized modification and unlawful destruction or accidental loss. However, we cannot guarantee absolute protection.
Where possible, our data processing systems are designed from the outset to be data protection-friendly, e.g., by minimizing and pseudonymizing personal data.
All employees, contract data processors and other third parties who have access to personal data are obliged to treat it confidentially and to protect it.
For reasons of security and to protect the transmission of confidential content, such as requests that you send to us as the website operator, our website uses SSL encryption (Secure Socket Layer). You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. If SSL encryption is activated, the data you transmit to us cannot be read by third parties.
Rights of the data subject
Subject to applicable law, you have the following rights with respect to your personal data: (a) the right to be informed whether we are processing your personal data and, if so, right to access a copy of such data; (b) the right to have inaccurate or incomplete data corrected; (c) the right to have your personal data deleted, as long as applicable legal requirements are met; (d) Right to object to our data processing, in particular in the case of data processing for the purpose of direct marketing (unless we have valid legitimate grounds for processing your personal data); (e) Right to obtain certain personal data in a commonly used electronic format or to have it transferred to other data controllers; (f) Right to withdraw consent at any time with effect for the future (to the extent that our processing is based on your consent).
You can exercise your rights at any time by sending your request to the addresses listed in section 2. The exercise of these rights usually requires that you can prove your identity (e.g., copy of identification documents).
Note that conditions, exceptions or limitations apply to these rights (e.g., to protect third parties or trade secrets or due to our professional duty of confidentiality). We may refuse requests that are excessive or constitute an abuse of the relevant rights. We reserve the right to black out copies or to supply only excerpts for reasons of data protection or confidentiality.
Furthermore, every data subject has the right to enforce his or her claims in court and to lodge a complaint with the competent supervisory authority, in particular the data protection authority responsible for your place of residence or the place of the alleged infringement or the supervisory authority responsible for us, namely the Swiss Data Protection and Information Commissioner FDPIC, Feldeggweg 1, 3003 Bern, Switzerland. (http://www.edoeb.admin.ch).
Update and modification