Table of Contents
1. WHAT IS THIS PRIVACY STATEMENT ABOUT?
2. WHO CONTROLS THE PROCESSING OF YOUR DATA?
3. FOR WHAT PURPOSES DO WE PROCESS WHICH OF YOUR DATA?
4. WHERE DOES THE DATA COME FROM?
5. TO WHOM DO WE DISCLOSE YOUR DATA?
6. IS YOUR PERSONAL DATA TRANSMITTED TO FOREIGN COUNTRIES?
7. WHAT RIGHTS DO YOU HAVE?
8. HOW ARE COOKIES AND SIMILAR TECHNOLOGIES USED ON OUR WEBSITE AND OTHER DIGITAL SERVICES?
9. HOW DO WE PROCESS PERSONAL DATA ON OUR PAGES IN SOCIAL NETWORKS?
10. WHAT ELSE SHOULD BE CONSIDERED?
11. CAN THIS PRIVACY STATEMENT BE CHANGED?
1. WHAT IS THIS PRIVACY STATEMENT ABOUT?
ADVOTECH ADVOKATEN, (the «Firm», hereinafter also «we», «us») is a law firm located in Basel.
In the course of our business activities, we collect and process personal data, i.e. information that relates to an identified or identifiable natural person. This includes, in particular, personal data about our clients, associated persons, counterparties, courts and authorities, experts, business partners, correspondent law firms, professional and other associations, visitors to our websites, participants in events, recipients of newsletters and other bodies or, in each case, their contact persons and employees as well as our employees (hereinafter also referred to as «you»). In this Privacy Statement, we inform you about these data processing activities.
In addition to this Privacy Statement, we may inform you separately about the processing of your data (e.g. in the context of forms or contractual terms).
If you disclose data to us about other persons (e.g. family members, agents, counterparties or other associated persons), we will assume that you are authorised to do so and that this data is correct and that you have ensured that these persons are informed about this disclosure, insofar as a legal duty to inform applies (e.g. by bringing this Privacy Statement to their attention in advance).
2. WHO CONTROLS THE PROCESSING OF YOUR DATA?
The persons responsible for the processing described in this Privacy Statement under data protection law are:
Gerry Bosshard
Christoph Mettler
David Schenker
ADVOTECH ADVOKATEN
Burgunderstrasse 36
Postfach 234
4009 Basel
advotech@advotech.ch
3. FOR WHAT PURPOSES DO WE PROCESS WHICH OF YOUR DATA?
When you use our services, visit our websites «https://advotech.ch» and «https://swiss-energy-forum.ch» (hereinafter referred to as «Websites»), or otherwise deal with us, we collect and process various categories of your personal data. In principle, we may collect and otherwise process this data for the following purposes in particular:
- Communication: We process personal data so that we can communicate with you and with third parties, such as parties to proceedings, courts or authorities, by e-mail, telephone, letter or otherwise (e.g. to answer inquiries, in the context of legal advice and representation, as well as the initiation or execution of contracts). This also includes that we can send our clients, contractual partners and other interested persons information about events, changes in the law, news about our Firm or similar. This may take the form of newsletters and other regular contacts (by electronic means, post, telephone). You can refuse such communication at any time or refuse or revoke your consent to such communication. For this purpose, we process in particular the content of the communication, your contact data and the marginal data of the communication (this content may also include audio recordings, for example if you leave us a voice message by telephone). If we need or want to establish your identity, we will collect additional data (e.g. a copy of an identity document).
- Initiation and conclusion of contracts: With regard to the conclusion of a contract, such as in particular a contract for the establishment of a client-lawyer relationship, with you or your client or employer, which also includes the clarification of any conflicts of interest, we may in particular collect and otherwise process your name, contact data, authority/powers of attorney, declarations of consent, information about third parties (e.g. contact persons, family details and counterparties), contract contents, date of conclusion, creditworthiness data and all other data that you provide to us or that we collect from public sources or third parties (e.g. commercial register, credit agencies, sanctions lists, media, legal protection insurance or the Internet).
- Administration and processing of contracts: We collect and process personal data so that we can comply with our contractual obligations towards our clients and other contractual partners (e.g. suppliers, service providers, correspondent law firms, project partners) and, in particular, so that we can provide and demand the contractual services. This also includes the data processing for the management of mandates (e.g. legal advice and representation of our clients before courts and authorities and correspondence) as well as the data processing for the enforcement of contracts (debt collection, legal proceedings, etc.), accounting and public communication (if permitted). For this purpose, we process in particular the data which we receive or have collected in the course of the initiation, conclusion and execution of the contract, as well as data which we generate in the course of our contractual services or which we collect from public sources or other third parties (e.g. courts, authorities, counterparties, information services, insurance companies, media, detective agencies or from the Internet). Such data may include, in particular, interview, meeting and consultation transcripts and minutes, notes, internal and external correspondence, contractual documents, documents that we create and receive in the course of proceedings before courts and authorities (e.g. statements of claim, appeals and complaints, orders, judgments and decisions), background information about you, counterparties or other persons, as well as other mandate-related information, performance records, invoices, and financial and payment information.
- Operation of our Websites: In order to operate our Websites in a secure and stable manner, we collect technical data, such as IP address, information about the operating system and settings of your device, region, time and type of use. We also use cookies and similar technologies. For more information, see section 8.
- Improvement of our electronic offers: In order to continuously improve our websites and other electronic offers, we collect data about your behaviour and preferences by analysing, for example, how you navigate through our Websites and how you interact with our social media profiles.
- Registration: In order to use certain offers and services (e.g. free WLAN, newsletter), you must register (directly with us or via our external login service provider). For this purpose, we process the data disclosed during the respective registration. Furthermore, we may also collect personal data about you when you use the offer or service; if necessary, we will provide you with further information about the processing of this data.
- Security purposes: We collect and process personal data to ensure and continuously improve the appropriate security of our IT and other infrastructure. This includes, for example, monitoring and controlling electronic access to our IT systems as well as physical access to our premises, analysis and testing of our IT infrastructure, system and error checks and the creation of security copies.
- Adherence to laws, directives and recommendations from authorities and internal regulations («Compliance»): We collect and process personal data to comply with applicable laws (e.g. anti-money laundering, tax obligations or our professional duties), self-regulations, certifications, industry standards, our «corporate governance» and for internal as well as external investigations (e.g. by a law enforcement or regulatory agency or an appointed private entity) in which we are a party (to the proceedings).
- Risk management and management of our Firm: We collect and process personal data in the context of risk management (e.g. to protect against criminal/tortious activities) and the management of our Firm. This includes, among other things, our operational organisation (e.g. resource planning) and the development of our Firm.
- Job application: If you apply for a job with us, we collect and process the relevant data for the purpose of reviewing the application, conducting the application process and, in the case of successful applications, for the preparation and conclusion of a corresponding contract. For this purpose, in addition to your contact data and the information from the corresponding communication, we also process in particular the data contained in your application documents and the data that we can additionally collect about you, for example, from employment-related social networks, the Internet, the media and from references, if you consent to us obtaining references.
- Employment relationship: If you are in an employment relationship with us, we process your data for the purpose of implementing the employment relationship. For this purpose, in addition to your contact data and the information from the application process, we process the information required for maintaining the personnel file and for the implementation of the respective employment relationship, in particular with regard to professional requirements, permits, good conduct, information on children, payment details, insurance, social security, work models, organisation, deployment planning, work recording, accounting, authority/powers of attorney, signatory powers, security, responsibility, risk management, working atmosphere, work equipment, home office, customer contacts, events, occasions, website, communication, correspondence, absences (in particular vacations, maternity, illness, accident, military, sabbaticals), secondary employment, offices held, education and training, career structure, reference letters, performance and conduct, disciplinary measures, labour disputes and procedures, etc. Data processing in connection with the employment relationship may be the subject of additional separate Privacy Statements.
- Other purposes: Other purposes include, for example, education and training purposes and administrative purposes (e.g. accounting). We may follow or record telephone or video conferences for training, evidence and quality assurance purposes. In such cases, we will notify you separately (e.g. by displaying a notice during the video conference in question) and you are free to tell us if you do not wish to be recorded or to terminate the communication (if you only do not wish your image to be recorded, please turn off your camera). In addition, we may process personal data for the organisation, implementation and follow-up of events, such as in particular lists of participants and the content of presentations and discussions, but also image and audio recordings made during these events. Other purposes cannot be named exhaustively and also include the protection of other legitimate interests.
4. WHERE DOES THE DATA COME FROM?
- From you: The majority of the data we process is provided by you (or your device) (e.g. in connection with our services, the use of our Websites, or communication with us). You are not obliged to disclose your data, with exceptions in some cases (e.g. legal obligations). However, if you wish to conclude contracts with us or use our services, for example, you must provide us with certain data. The use of our Websites is also not possible without data processing.
- From third parties: We may also collect or receive data from publicly available sources (e.g. debt collection registers, land registers, commercial registers, media or the Internet including social media) from (i) public authorities, (ii) courts, (iii) your employer or client who either has a business relationship with us or is otherwise involved with us, as well as from (iv) other third parties (e.g. clients, counterparties, legal protection insurers, credit agencies, address dealers, associations, contractual partners, Internet analysis services). This includes, in particular, the data that we process in connection with the initiation, conclusion and execution of contracts, as well as data from correspondence and discussions with third parties, but also all other categories of data pursuant to section 3.
5. TO WHOM DO WE DISCLOSE YOUR DATA?
In connection with the purposes listed in section 3, we transfer your personal data in particular to the categories of recipients listed below. If necessary, we obtain your consent for this or have our supervisory authority release us from our professional secrecy.
- Service providers: We work with service providers in Switzerland and abroad who process data they have received from us or collected for us (i) on our behalf (e.g. IT providers), (ii) jointly with us or (iii) on their own responsibility. These service providers include, for example, IT providers, banks, insurance companies, debt collection agencies, credit agencies, address checkers, other law firms or consulting firms. We generally agree on contracts with these third parties regarding the use and protection of personal data.
- Clients and other contractual partners: First of all, this refers to clients and other contractual partners of ours for whom the transfer of your data results from the contract (e.g. because you work for a contractual partner or he or she provides services for you). This category of recipients also includes bodies with which we cooperate, such as other law firms in Switzerland and abroad or legal protection insurance companies. The recipients generally process the data under their own responsibility.
- Authorities and courts: We may disclose personal data to offices, courts and other authorities in Switzerland and abroad if this is necessary for the fulfilment of our contractual obligations and in particular for the conduct of our mandate, or if we are legally obliged or entitled to do so, or if this appears necessary to protect our interests. These recipients process the data under their own responsibility.
- Counterparties and persons involved: If necessary for the fulfilment of our contractual obligations, in particular for the management of the mandate, we also disclose your personal data to counterparties and other involved persons (e.g. guarantors, financiers, affiliated companies, other law firms, informants or experts, etc.).
- Other persons: This refers to other cases where the involvement of third parties arises from the purposes set out in section 3. This concerns, for example, delivery addressees or payment recipients specified by you, third parties in the context of agency relationships (e.g. your lawyer or your bank) or persons involved in official or legal proceedings. We may also disclose your personal data to our supervisory authorities, in particular if this is necessary in individual cases to be released from our professional secrecy. If we cooperate with the media and provide them with material (e.g. photos), you may also be affected. As part of the development of our Firm, we may restructure, sell or acquire businesses, operations or assets, or enter into partnerships, which may involve the disclosure of information (including information about you, for example, as a client or supplier or as their representative) to those involved in these transactions. Communications with our competitors, industry organisations, associations and other bodies may also involve the exchange of data relating to you.
All of these categories of recipients may in turn involve third parties, so that your data may also become accessible to them. We can restrict processing by certain third parties (e.g. IT providers), but not by other third parties (e.g. authorities, banks, etc.).
We also allow certain third parties to collect personal data from you on their own responsibility (e.g. media photographers at our events). Insofar as we are not involved in a decisive manner in this collection of data, these third parties are solely responsible for it. If you have any concerns and wish to assert your data protection rights, please contact these third parties directly. We have listed your rights in section 7.
6. IS YOUR PERSONAL DATA TRANSMITTED TO FOREIGN COUNTRIES?
We process and store personal data mainly in Switzerland and the European Economic Area (EEA), but potentially in any country in the world, depending on the case – for example, via subcontractors of our service providers or in proceedings before foreign courts or authorities. In the course of our activities for clients, your personal data may also end up in any country in the world.
If a recipient is located in a country without adequate data protection, we contractually obligate the recipient to maintain an adequate level of data protection (for this purpose, we use the revised standard contractual clauses of the European Commission, which can be accessed here: «https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?», including the amendments necessary for Switzerland), unless the recipient is already subject to a legally recognised set of rules to ensure data protection. We may also transfer personal data to a country without adequate data protection without concluding a separate contract for this purpose if we can rely on a provision providing an exception for this purpose. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interests or if the performance of a contract that is in your interest requires such disclosure (e.g. if we disclose data to a correspondent law firm), if you have consented, or if it is not possible to obtain your consent within a reasonable period of time and the disclosure is necessary to protect your life or physical integrity or that of a third party, or if the data in question has been made generally available by you and you have not objected to its processing. We may also rely on the exception for data from a statutory register (e.g. commercial register) to which we have been legitimately granted access.
7. WHAT RIGHTS DO YOU HAVE?
You have certain rights in connection with our data processing. In accordance with applicable law, you may, in particular, request information about the processing of your personal data, have incorrect personal data corrected, request the deletion of personal data, object to data processing, request the release of certain personal data in a common electronic format or its transfer to other data controllers.
If you wish to exercise your rights against us, please contact us; you will find our contact details in section 2. In order to prevent misuse, we must identify you (e.g. with a copy of an identity card, if necessary).
Please note that these rights are subject to conditions, exceptions or limitations (e.g. to protect third parties or trade secrets or due to our professional secrecy). For reasons of data protection or reasons of confidentiality, we reserve the right to black out copies or to supply only excerpts.
8. HOW ARE COOKIES AND SIMILAR TECHNOLOGIES USED ON OUR WEBSITES AND OTHER DIGITAL SERVICES?
When using our Websites and other digital services, such as any newsletters, data is generated that is stored in logs (in particular technical data). In addition, we may use cookies and similar technologies (e.g. pixel tags or fingerprints) to recognise website visitors, evaluate their behaviour and recognise preferences. A cookie is a small file that is transferred between the server and your system and enables the recognition of a specific device or browser.
You can set your browser to automatically reject, accept or delete cookies. You can also disable or delete cookies on a case-by-case basis. You can find out how to manage cookies in your browser in the help menu of your browser.
Both the technical data we collect and cookies generally do not contain any personal data. However, personal data that we or third-party providers commissioned by us store from you (e.g. if you have a user account with us or these providers) may be linked to the technical data or to the information stored in and obtained from cookies and thus possibly to your person.
In addition, we use our own tools on our websites as well as third-party services or link to third-party services (which in turn may use cookies), in particular to improve the functionality or content of our websites (e.g. integration of videos or maps) and to compile statistics.
We currently use cookie technology for Matomo Analytics. Matomo Analytics provides us with information about how visitors use our Websites. It collects information about usage, such as the number of visitors to the Websites, where visitors log in from, which pages they view, and how long they stay on the Websites.
We run Matomo Analytics locally on a server in Switzerland. Usage data is also stored on this server. We also store IP addresses anonymously by masking two bytes (e.g. 192.168.xxx.xxx).
The analysis will only start when you click on «Okay» in the cookie banner.
In particular, we may also use offers from the following service providers and advertising partners, whereby their contact details and further information on the individual data processing can be found in the respective privacy policy:
Furthermore, we provide a link to Google Maps to show the location of our Firm. Google Maps is an online map service provided by the American provider Google LLC or, if you are a resident of the European Economic Area (EEA) or Switzerland, Google Ireland Limited («Google»). If you click on the corresponding link, you will be redirected to Google’s map service. Google may collect information about your use of the Google map service, analyse it and transmit it abroad. Google may process this data together with other data that Google has about you. If you have an account with Google and are logged in, Google can then assign your use directly to your account. Google also processes such data for its own purposes (e.g. marketing and market research purposes and for the administration of Google platforms), and acts as its own controller for this purpose. For more information on the processing by the platform operators, please refer in particular to the terms of use for Google Maps («https://www.google.com/intl/de_de/help/terms_maps/»), Google’s privacy policy («https://policies.google.com/privacy?hl=de&gl=de») and the information for Google accounts («https://policies.google.com/technologies/partner-sites?hl=de»).
Some of the third-party providers we use may be located outside of Switzerland. Information on the disclosure of data abroad can be found under point 6. In terms of data protection law, they are partly «only» our processors and partly controllers. Further information on this can be found in the Privacy Statements declarations.
9. HOW DO WE PROCESS PERSONAL DATA ON OUR PAGES IN SOCIAL NETWORKS?
We operate pages and other online presences on social networks and other platforms operated by third parties and process data about you in this context. In doing so, we receive data from you (e.g. when you communicate with us or comment on our content) and from the platforms (e.g. statistics). The providers of the platforms may analyse your usage and process this data together with other data they have about you. They also process this data for their own purposes (e.g. marketing and market research purposes and to manage their platforms), and act as their own data controllers for this purpose. For more information on processing by platform operators, please refer to the privacy statements of the respective platforms.
We currently use the following platforms, with the identity and contact details of the platform operator available in the privacy policy in each case:
We are entitled, but not obligated, to review third-party content before or after it is published on our online presences, to delete content without notice and, if necessary, to report it to the provider of the relevant platform.
Some of the platform providers may be located outside of Switzerland. Information on data disclosure abroad can be found in section 6.
10. WHAT ELSE SHOULD BE CONSIDERED?
We do not assume that the EU General Data Protection Regulation («GDPR») is applicable in our case. However, if this should exceptionally be the case for certain data processing, this section 10 shall apply in addition exclusively for the purposes of the GDPR and the data processing subject to it.
We base the processing of your personal data in particular on the fact that
- it is necessary, as described in section 3, for the initiation and conclusion of contracts and their administration and enforcement (Art. 6 Para. 1 lit. b GDPR);
- it is necessary for the protection of legitimate interests of us or of third parties as described in section 3, namely for communication with you or third parties, to operate our Websites, to improve our electronic offers and registration for certain offers and services, for security purposes, for compliance with Swiss law and internal regulations for our risk management and the management of the Firm and for other purposes such as training and education, administration, evidence and quality assurance, organisation, implementation and follow-up of events and to protect other legitimate interests (see section 3) (Art. 6 para. 1 lit. f GDPR);
- it is required or permitted by law on the basis of our mandate or our position under the law of the EEA or a member state (Art. 6 para. 1 lit. c GDPR) or is necessary to protect your vital interests or those of other natural persons (Art. 6 para. 1 lit. d GDPR);
- you have separately consented to the processing, e.g. via a corresponding declaration on our Websites (Art. 6 para. 1 lit. a and Art. 9 para. 2 lit. a GDPR).
We would like to point out that we will process your data for as long as our processing purposes (cf. section 3), the legal retention periods and our legitimate interests, in particular for documentation and evidence purposes, require, or for as long as storage is technically necessary (e.g. in the case of backups or document management systems). If there are no legal or contractual obligations or technical reasons to the contrary, we will delete or anonymise your data after the storage or processing period has expired, as part of our normal processes and in accordance with our retention policy.
If you do not disclose certain personal data, this may mean that it is not possible to provide the related services or conclude a contract. We always indicate where personal data requested by us is mandatory.
The right to object to the processing of your data as set out in section 7 applies in particular to data processing for the purpose of direct marketing.
If you do not agree with our handling of your rights or the data protection, please let us know (see contact details in section 2). If you are located in the EEA, you also have the right to complain to the data protection supervisory authority in your country. You can find a list of authorities in the EEA here: «https://edpb.europa.eu/about-edpb/board/members_de».
11. CAN THIS PRIVACY STATEMENT BE CHANGED?
This Privacy Statement is not part of any contract with you. We may amend this Privacy Statement at any time. The version published on this website is the current version.