Privacy Policy
With this Privacy Policy, we, Wisler Legal Law Office, would like to inform you about how we process personal data within the scope of our respective business activities and inform you about your rights. We are aware of the importance of processing personal data for you as a data subject and the protection of your privacy is of the utmost importance to us.
As an internationally operating law firm, the EU General Data Protection Regulation (GDPR) is important to us in addition to the Swiss data protection regulations. We have aligned this data protection declaration to a uniform and stricter standard of the GDPR. This Privacy Notice must be read together with any other legal notices and terms and conditions or terms of use provided or made available to you.
1. Data controller and contact details
Responsibility for the processing of personal data:
Rena Wisler
Bahnhofstrasse 12
8001 Zürich
Schweiz
[email protected]
We point out if there are other persons responsible for processing personal data in individual cases.
2. Collection and processing of personal data
We process personal data that we receive from you, our clients and their employees, business partners, from authorities, courts, arbitral tribunals or other third parties (such as e.g., opposing parties or business partners of our clients), that we receive when participating in training courses, events or competitions, or that we collect from through our websites, apps and other applications and offers. Insofar as it is permitted to us, we may also obtain certain personal data from publicly accessible sources.
The categories of personal data that we collect and process about you may include, in particular, the following data:
- Personal information and contact details, such as name, address, telephone number, e-mail address, date of birth, nationality, gender, pictures, professional functions and activities, education, qualifications, information on family members, relatives and related or affiliated persons, affiliations with third parties.
- Information relating to mandates and other agreements, such as contracts and contractual obligations, scope of work, claims, communication relating to mandates and other agreements.
- Information contained in communication and other interactions with us, such as correspondence by letter or e-mail or through other means of communication with you or with third parties, meetings, call history, notes relating to communication, access logs, inquiries, social media activities.
- Financial information, such as invoicing information, payment details, bank details, information relating to insurance, financial situation, accounting information, creditworthiness, debt enforcement and bankruptcy information.
- Information relating to administrative, court or other proceedings, such as information on claims and defenses, persons involved and the matter at issue, criminal prosecution and conviction.
- Information regarding legal regulations, such as anti-money laundering and export restrictions.
- Data related to marketing activities, such as preferences and interests, newsletter opt-ins and opt-outs, responses to marketing activities, invitations and participation in events and activities.
- Data related to the use of our website (e.g. via registration form) and other applications, such as connection data, IP address and other identifiers (e.g. user name in social media, MAC address of the smartphone or computer, data from cookies and similar technologies), date and time of the visit to our website, duration of the visit to the website, requested internet address (URL), referrer URL (i.e. the internet address of the website from which you accessed our website, if applicable with the search term used), browser type and version, operating system used, amount of data sent in bytes, and the search term used, location data, pages and content accessed, functions used.
- Data obtained from public registers and other public sources, such as the debt enforcement register, credit rating directories, land register, commercial register, media and internet.
3. Purposes of the data processing and legal bases
We may process personal data in accordance with applicable data protection law for the following purposes and, if necessary under applicable data protection law, on the basis of the following legal bases:
- For the performance of contracts: We process personal data in connection with the conclusion and performance of contracts with our clients and business partners, in particular in the context of providing legal services to our clients and the procurement of products and services from our suppliers and subcontractors (e.g., foreign and domestic lawyers and law firms or experts), as well as in order to comply with our legal obligations relating thereto. You may be affected by our data processing in your capacity as an employee of a client or business partner.
- To fulfill legal obligations: We process personal data in order to comply with our legal or regulatory obligations. Processing purposes include, but are not limited to documenting compliance with legal and regulatory requirements.
- To safeguard legitimate interests: We process personal data for the following purposes if this is necessary to protect the legitimate interests of us or of third parties or to protect legitimate public interests:
- providing and developing our products, services and websites, applications and other platforms, on which we are active;
- communication with third parties and the processing of their requests (e.g., job applications, media inquiries);
- advertising and marketing (including organizing events), provided that you have not objected to the use of your data for this purpose (if you are part of our client base and you receive marketing communication, you may object at any time);
- market and opinion research, media surveillance;
- asserting legal claims and defense in legal disputes and official proceedings;
- prevention and investigation of criminal offences and other misconduct (e.g., conducting internal investigations, data analysis to combat fraud);
- ensuring our business operations, including our IT, our websites, apps and other appliances;
- video surveillance to protect the domiciliary rights and other measures to ensure the safety of our premises and facilities as well as protection of our employees and other individuals and assets owned by or entrusted to us (such as e.g., access controls, visitor logs, network and mail scanners, telephone recordings);
- possible corporate transactions and the transfer of personal data related thereto as well as measures for business management and compliance with legal and regulatory obligations as well as internal regulations.
- For checking applications: We may collect and process personal data provided by applicants during an application process. Processing may also be carried out electronically. This is particularly the case when applicants submit application documents to us electronically, for example via email or a form on the website. The data transmitted will only be used in connection with the requested job profile.
- Based on your consent: If you have given us consent to process your personal data for certain purposes (for example, when you register to receive newsletters), we process your personal data within the scope of and based on this consent, unless we have another legal basis and we require such a basis. Consent given can be revoked at any time, but this has no effect on data processing that has already taken place.
4. Disclosure of personal data
We may disclose personal data to the following categories of recipients:
- Clients, their affiliates, opposing parties, transaction parties and other persons involved in matters and proceedings we are working on;
- Courts, arbitral tribunals, public authorities, regulatory bodies, self-regulatory bodies;
- Business partners, service providers and suppliers we work with (e.g., other lawyers and law firms, tax consultants, experts, banks, insurance companies), who may act as independent data controllers or process personal data for our own purposes (e.g., providers of cloud and other IT services);
5. Disclosure of personal data abroad
We process personal data in Switzerland and in the European Economic Area(EEA). However, we may also export or transfer personal data to other countries, in particular in order to process it or have it processed there.
We may export personal data to all countries and territories on earth, provided that the local law ensures adequate data protection in accordance with the decision of the Swiss Federal Council and – if and to the extent that the General Data Protection Regulation (GDPR) is applicable – in accordance with the decision of the European Commission.
We may transfer personal data to countries whose law does not guarantee adequate data protection, provided that data protection is guaranteed for other reasons, in particular on the basis of standard data protection clauses or with other appropriate guarantees. By way of exception, we may export personal data to countries without adequate or appropriate data protection if the special data protection law requirements are met, for example the express consent of the data subjects or a direct connection with the conclusion or performance of a contract. We will be happy to provide data subjects with information on any guarantees or a copy of any guarantees on request.
6. Cookies, tracking and other technologies related to the use of our website
We use cookies and similar technologies on our website and with respect to our marketing communication that allow us to store information on your device and/or access information stored on your device or to receive information on your response to website offerings and other marketing activities. This allows us to better understand user behavior and preferences, e.g. to provide our services in a technically error-free, secure, user-friendly and demand-oriented manner:
- Cookies: We may sometimes use cookies. Cookies can be used to optimise the information and offers on our website with the users in mind. Cookies enable us to recognise users of our website. The purpose of this recognition is to make the use of our website easier for users. You may prevent our website from setting cookies by adjusting the browser settings you use, thereby permanently blocking cookies.
- Use of Google Analytics: Google Analytics is a web analytics service. Our web analytics includes the anonymous collection and analysis of data concerning the behaviour of visitors to our website. The data recorded by a web analytics service includes information on the third-party website from which a user came to our website, which subpages were accessed, and how often and for how long a subpage was viewed. Google Analytics sets a cookie in order to record this information. As mentioned above, you can prevent the setting of cookies by our website at any time by configuring the corresponding setting in your internet browser.
- Use of script libraries: In order to deliver content correctly or prevent spam, we use script libraries and font libraries on our website (e.g. Google Webfonts for fonts, Google Ratings for ratings or Google Recaptcha to protect the website from spam). The retrieval of a script library or font library results in a connection to the provider of the library. It is possible that the operator of the library may collect data on this connection.
- Use of Google Maps: We use an interface to geographical data from Google to display location-based information. Google collects and uses data on the use of the map function. Information on how Google uses data is available in the Google privacy policy.
- Use of social plug-ins: Plug-ins from various social network providers may be used on our website. The relevant social networks include these plug-ins to use certain information, which may also include personal data. If the data subject is simultaneously logged in to a social network while visiting our website, it can be assumed that personal data will be transmitted to the social networks. We have no control over which data is used by social networks. We do not use social plug-ins to record personal data. The privacy policies of the corresponding social networks provide information on the collection, processing and use of personal data.
7. Notifications and messages
We send notifications and communications by email and through other communication electronic channels such as SMS.
8. Duration of the retention of personal data
We process and store personal data as long as it is necessary for the processing purpose for which we collected it. Typically, this is for the term of our business relation and thereafter, as long as we have a legitimate interest in retaining the information (e.g., for applicable statute of limitation, for record retention and know-how purposes). In addition, there may be a contractual or legal obligation to retain or document data (e.g. in accordance with the Swiss Code of Obligations, Value Added Tax Act, etc.). It is possible that personal data will be stored for the time during which claims can be asserted against us or and insofar as we are otherwise legally obligated to do so or legitimate business interests require this (e.g. for evidence and documentation purposes). If the personal data is no longer required, it will be deleted or anonymized as far as possible. Subject to an express written agreement, we are under no obligation to you to retain personal data for a specific period of time.
9. Data security
We take appropriate technical and organizational security measures to protect your personal data from unauthorized access and misuse, such as the issuance of warnings, training, IT and network security solutions, access controls and restrictions, encryption of data media and transmissions, pseudonymization, controls.
10. Rights of the data subject
In accordance with and as far as provided by applicable law (as is the case where the GDPR is applicable), you have the right to access, rectify and erase of your personal data, the right to restriction of processing or to object to our data processing in addition to right to receive certain personal data for transfer to another controller (data portability). Please note, however, that we reserve the right to enforce statutory restrictions on our part, for example if we are obliged to retain or process certain data, have an overriding interest (insofar as we may invoke such interests), are bound to maintain confidentiality or need the data for asserting claims. If exercising certain rights incurs costs for you, we will notify you thereof in advance. We have already informed you of the possibility to withdraw consent in Section 3 above.
In general, exercising these rights requires that you are able to prove your identity (e.g., by a copy of identification documents when your identity is not evident otherwise or cannot be verified in another way). In order to assert these rights, please contact us at the addresses provided in Section 1 above.
You have the right to enforce your claims in court or to file a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).
11. Obligations of the data subject
In the context of our business relationship, you must provide the personal data that is required for the establishment and implementation of a business relationship and the fulfillment of the associated contractual obligations (you do not usually have a legal obligation to provide us with data). Without this data, we will generally not be able to enter into or perform a contract with you (or the entity or person you represent). Also, the Website cannot be used if certain traffic-securing information (such as IP address) is not disclosed.
If you provide us with personal data of other persons (e.g. data of colleagues), please make sure that these persons are aware of this privacy notice and only share their personal data with us if you are allowed to do so and if this personal data is correct.
Please note that the Internet is generally not a secure environment because it is an open network that can be accessed by anyone. Therefore, we also appeal to your personal responsibility with regard to the handling of your personal data. To the extent permitted by law, we exclude liability for the security of data that you transmit to us via the Internet (e.g. by e-mail) or other electronic channels and for any direct or indirect damage. We ask you to choose other communication channels, should this appear necessary or reasonable for security reasons.
12. Modification of the privacy notice
We may amend this privacy notice at any time without prior notice. The current version published on our website shall apply.