Data Protection
With this privacy policy, Pairfact Legal AG (Europaallee 41, 8004 Zurich, Switzerland) (hereinafter referred to as "we") provides information on how it collects, uses, passes on and otherwise processes personal data. In the course of our business activities, we collect and process personal data, in particular personal data about our clients, associated persons, counterparties, courts and authorities, law firms, professional and other associations, visitors to our website, participants in events and other bodies or their respective contact persons and employees (hereinafter referred to as "you").
Where permitted, we may also obtain certain personal data from publicly accessible sources.
Other data protection declarations, individual data protection declarations or information may apply to specific circumstances.
Personal data refers to all information relating to an identified or identifiable natural person.
1. Responsible person and contact details
pair.fact legal AG is responsible for the data processing described in this privacy policy, unless you are informed otherwise in individual cases. You can contact us at the following address if you have any data protection concerns:
pair.fact legal AG
Europaallee 41
8004 Zurich Switzerland
Tel: +41 44 785 92 20
2. Purposes of data processing and any legal bases
When you make use of our services, visit our website (www.pairfactlegal.com) or otherwise deal with us or are involved in a case that we are handling for one of our clients, we obtain and process various categories of your personal data. In principle, we may obtain and process this data for the following purposes in particular:
-
Communication: We process personal data so that we can communicate with you and with third parties, e.g. parties to proceedings, courts or authorities, by email, telephone, letter or otherwise (e.g. to respond to inquiries, in the context of legal advice and representation as well as contract initiation and processing). For this purpose, we process in particular the content of the communication, your contact details, the marginal data of the communication and any image and audio recordings of (video) telephone calls. In the event of an audio or video recording (e.g. in a video conference), we will inform you separately and you are free to inform us that you do not wish to be recorded or to end the communication. If we need or want to establish your identity, we will collect additional data (e.g. a copy of an identity document). We may send our clients and contractual partners as well as other interested persons information about events, changes in the law, news about our law firm or similar. This may take the form of newsletters and other regular contact (electronically, by post, by telephone). You can reject these mailings (which may be sent via any contact channel we have) at any time or refuse or revoke your consent to being contacted for advertising purposes by notifying us (see contact details in section 1).
-
Initiation, conclusion, performance and administration of contracts: With regard to the conclusion of a contract (e.g. a contract to establish a client relationship) with you or your client or employer, we may in particular obtain and otherwise process names, contact details, powers of attorney, declarations of consent, information about third parties (e.g. contact persons, family details and counterparties), contract contents, date of conclusion, creditworthiness data and all other data that you make available to us or that we collect from public sources or third parties (e.g. commercial register, credit agencies, sanction lists, media, legal expenses insurance companies or from the Internet). We also process this data in particular if you or your client or employer conclude a contract with us to establish a client relationship or if another party does so in a case in which you are involved. This also includes clarifying any conflicts of interest with us. We obtain and process personal data so that we can comply with our contractual obligations towards our clients and other contractual partners (e.g. suppliers, service providers, law firms, project partners) and in particular provide and demand the contractual services. This also includes data processing for client management (e.g. legal advice and representation of our clients before courts and authorities and correspondence) as well as data processing for the enforcement of contracts (debt collection, legal proceedings, etc.), accounting and public communication (if permitted). For this purpose, we process in particular the data that we have received or collected in the context of the initiation, conclusion and fulfillment of the contract, as well as data that we create in the context of our contractual services or that we collect from public sources or from other third parties (e.g. courts, authorities, counterparties, information services, media, detective agencies or from the Internet). This data may include, in particular, minutes of meetings and consultations, notes, internal and external correspondence, contractual documents, documents that we prepare and receive in the context of proceedings before courts and authorities (e.g. statements of claim, appeals and complaints, judgments and decisions), background information about you, counterparties or other persons, image and audio recordings as well as other mandate-related information, documents, proof of performance, invoices and financial and payment information.
-
Operation of our website: In order to operate our website securely and stably, we collect technical data, e.g. IP address, information about the operating system and settings of your end device, as well as the region, time and type of use. We also use cookies and similar technologies. For further information, see section 4.
-
Improvement of our offers: In order to continuously improve our website and also our offerings (e.g. services), we collect data about your behavior and preferences, for example by analyzing how you navigate through our website and how you interact with our social media profiles and our online tools, or how you use or like our services. For this purpose, we also process direct or indirect feedback from you about our website, social media presence and our tools (e.g. comments, emails or other statements that are addressed directly to us or of which we otherwise become aware) as well as other feedback about our services, including in the context of client relationships or in the context of public statements made by you (e.g. on social media, in the media or mailings).
-
To fulfill legal obligations: We process personal data in order to comply with our legal or regulatory obligations. Processing purposes include documentation and compliance with legal and regulatory requirements.
-
Security purposes and access controls: We obtain and process personal data in order to ensure and continuously improve the appropriate security of our IT and other infrastructure (e.g. buildings). This includes, for example, monitoring and controlling electronic access to our IT systems and physical access to our premises, analyzing and testing our IT infrastructures, system and error checks and creating backup copies. For documentation and security purposes (preventive and to investigate incidents), we also keep access logs and visitor lists for our premises and use surveillance systems (e.g. security cameras). Our office at Europaallee 41, 8004 Zurich is managed by OBC Suisse AG. For its part, OBC Suisse obtains personal data, e.g. through surveillance systems. For more information about the collection and processing of your personal data by OBC Suisse, please refer to OBC Suisse's privacy policy: https://www.obc-suisse.ch/datenschutzerklaerung/.
-
Compliance with laws, directives and recommendations from authorities and internal regulations ("compliance"): We obtain and process personal data to comply with applicable laws (e.g. tax obligations, our professional obligations or to combat money laundering), self- regulations, certifications, industry standards, our "corporate governance" and for internal as well as external investigations in which we are a (procedural) party (e.g. by a law enforcement or supervisory authority or a mandated private body). For this purpose, we collect master data, behavioral data and financial data in particular, but also any other data that we deem necessary or useful in order to meet our compliance obligations.
-
Risk management: We obtain and process personal data as part of risk management (e.g. to protect against criminal activities). In particular, we process master data, contract data, registration data and technical data, as well as behavioral and communication data.
-
Job application: If you apply for a job with us, we will obtain and process the relevant data for the purpose of reviewing the application, carrying out the application process and, in the case of successful applications, for the preparation and conclusion of a corresponding contract. In addition to your contact details and the information from the relevant communication, we also process in particular the data contained in your application documents and the data, including criminal record extracts, which we may additionally obtain about you, e.g. from job-related social networks, the Internet, the media and from references, if you consent to us obtaining references. Data processing in connection with the employment relationship is the subject of a separate privacy policy.
-
Other purposes: Other purposes include, for example, training and education purposes and administrative purposes (e.g. accounting). We may listen to or record telephone or video conferences for training, evidence and quality assurance purposes. In such cases, we will inform you separately (e.g. by displaying a message during the video conference in question) and you are free to inform us if you do not wish to be recorded or to terminate the communication (if you simply do not wish your image to be recorded, please turn off your camera). In addition, we may process personal data for the organization, implementation and follow-up of events, in particular participant lists and the content of presentations and discussions, as well as image and audio recordings made during these events. The protection of other legitimate interests is also one of the other purposes, which cannot be listed exhaustively.
3. Sources of the data
-
From you: You provide us with much of the data we process yourself (e.g. as part of a client relationship or otherwise in connection with our services, the use of our website or communication with us). You are not obliged to disclose your data, with exceptions in individual cases (e.g. legal obligations). However, if you wish to make use of our services or otherwise conclude contracts with us, you must provide us with certain data. The use of our website is also not possible without data processing.
-
From third parties: We may also obtain data from publicly accessible sources (e.g. debt collection registers, land registers, commercial registers, media or the Internet incl. social media) or receive such data from (i) authorities in Switzerland and abroad, (ii) your employer or client, provided that they either have a business relationship with us or are otherwise involved, and from (iii) other third parties (e.g. clients, counterparties, legal expenses insurers, credit reference agencies, address dealers, associations, contractual partners, Internet analysis services). This includes in particular the data that we process in the context of a client relationship or otherwise in the initiation, conclusion and performance of contracts as well as data from correspondence and discussions with third parties, but also all other categories of data listed in section 2.
4. Cookies, tracking and other technologies in connection with the use of our website
We use cookies and similar technologies on our website and in our marketing communications that enable us to store information on your device and/or access the information stored on your device or to obtain information about your response to website offers and other marketing activities. This enables us to better understand user behavior and preferences and to provide our services in a technically error-free, secure, user-friendly and needs-based manner.
-
Cookies: These are small text files that are stored permanently or temporarily on your device when you visit our website. By using cookies, your browser receives an identifier and shows this on request. We use so-called session cookies. These store your entries while you navigate our website during a visit. Session cookies are automatically deleted after your visit to the website. We also use permanent cookies, which remain stored on your device for a certain period of time over several sessions and enable it to recognize your browser the next time you visit the website. We use persistent cookies to store your preferences (e.g. language) and to help us understand how you use our services and content. If you block cookies, certain functions (e.g. language selection) may no longer work. Permanent cookies are deleted when their expiration date is reached or if you delete them beforehand. Most browsers are set to accept cookies by default.
-
Social media plug-ins: You can recognize plug-ins by the corresponding logo of the relevant social network on the website. By clicking on the plug-in, you will be redirected to our corresponding social media page. The plug-in tells the social network that you have visited our website with your IP address. This can happen even if you are not logged in to the social network or are not a member of the social network. If you are logged in to the social network, the social network can assign your surfing behavior directly to your profile there. The social network is responsible for the processing of your personal data that is transmitted with the plug-in and the data protection provisions of the respective social network apply. We have no precise knowledge of the content and scope of the transmitted data or its use by the social network and have no influence over it. As a rule, this is the following data Visited website, the data transmitted by your browser (IP address, browser type and version, operating system, time) and your identification number in the social network, if you are registered there as a user.
-
Tracking marketing communications: We use tracking technologies in our marketing communications to help us assess whether marketing emails or other communications have been opened, responded to or forwarded and whether links have been followed.
-
Website analytics: We use Google Analytics on our website. This is a service provided by Google (google.com) that allows us to measure and evaluate the use of the website (non- personal). Permanent cookies set by Google are also used for this purpose. Google does not receive any personal data from us (and does not store any IP addresses), but can track your use of the website. You can find more information about Google Analytics and the processed data here: https://support.google.com/analytics/answer/6004245. Cookies and similar technologies generally do not provide personal data, but only anonymous traffic data relating to your device (e.g. your IP address) and statistical data (e.g. number and type of website visits). However, where the identifiers collected are classified as personal data under applicable law, we treat them as such. In addition, we sometimes combine non-personal data collected using these technologies with other personal data in our possession. When we combine data in this way, we treat the combined data as Personal Data for the purposes of this Privacy Policy.
By using our website, you accept the use of the above-mentioned technologies. If you do not wish to do so, you can block or delete cookies and similar technologies via the data protection settings of your browser and e-mail program, although this may impair your use of the website under certain circumstances.
5. Disclosure of personal data to other persons
In connection with the purposes listed in section 2, we transfer your personal data in particular to the categories of recipients listed below. If necessary, we will obtain your consent for this or have our supervisory authority release us from our professional duty of confidentiality.
We may disclose personal data to the following categories of recipients:
-
Service providers: We work with service providers in Switzerland and abroad who (i) process data on our behalf, (ii) on our joint responsibility or (iii) on their own responsibility, which they have received from us or collected for us. These service providers include, for example, IT providers, forensic service providers, banks, insurance companies, debt collection agencies, credit reference agencies, address verifiers, private investigators, legal directories, other law firms or consulting firms. As a rule, we agree contracts with our processors on the use and protection of personal data, in particular - were relevant - with regard to attorney- client privilege.
-
Clients and other contractual partners: This initially refers to clients and other contractual partners of ours for whom the transfer of your data arises from the contract (e.g. because you work for a contractual partner or they provide services for you). This category of recipients also includes entities with which we cooperate, such as other law firms in Switzerland and abroad or legal expenses insurance companies. The recipients generally process the data under their own responsibility, sometimes alone and sometimes together with us.
-
Authorities and courts: We may disclose personal data to offices, courts and other authorities in Switzerland and abroad if this is necessary for the fulfillment of our contractual obligations and in particular for the performance of our mandate, if we are entitled or legally obliged to do so or if this appears necessary to protect our interests or those of our clients or third parties. These recipients process the data under their own responsibility.
-
Counterparties and persons involved: If this is necessary for the fulfillment of our contractual obligations, in particular for the management of the mandate, or if we deem it appropriate, we will also pass on your personal data to counterparties and other persons involved (e.g. guarantors, financiers, affiliated companies, other law firms, persons providing information or experts, etc.).
-
Other persons: This refers to other cases where the inclusion of third parties arises from the purposes set out in section 3. This applies, for example, to delivery recipients or payment recipients specified by you, third parties in the context of representation relationships (e.g. your lawyer or your bank) or persons involved in official or court proceedings. We may also pass on your personal data to our supervisory authority, in particular if this is necessary in individual cases to release you from our professional confidentiality obligation. In the course of communication with our competitors, industry organizations, associations, market observers and other bodies, data relating to you may also be exchanged. All these categories of recipients may in turn involve third parties, so that your data may also become accessible to them. We can restrict the processing by certain third parties (e.g. IT providers), but not by other third parties (e.g. authorities, banks, etc.).
6. Disclosure of personal data abroad
We process and store personal data mainly in Switzerland and the European Economic Area (EEA), but potentially in any country in the world, depending on the case - for example via subcontractors of our service providers or in proceedings before foreign courts or authorities. Your personal data may also be transferred to any country in the world as part of our work for clients.
If a recipient is located in a country without adequate data protection, we contractually oblige the recipient to comply with an adequate level of data protection (we use the revised standard contractual clauses of the European Commission, which are available here: https://eur- lex.europa.eu/eli/dec_impl/2021/914/oj?; including the supplements required for Switzerland), unless the recipient is already subject to a legally recognized set of rules to ensure data protection.
In exceptional cases, we may disclose personal data to countries without adequate data protection in the following circumstances:
-
You give your express consent.
-
The disclosure is necessary for the performance of a contract with you or a contract in your interest.
-
The disclosure is necessary for the fulfillment of a legal obligation.
-
The disclosure is necessary to safeguard overriding public interests, to establish, exercise or enforce legal claims or to protect the life or physical integrity of you or third parties.
-
You have made the personal data generally accessible and have not expressly prohibited its processing.
-
The personal data originates from a register provided for by law, which is accessible to the public or to persons with an interest worthy of protection, provided that the legal requirements for inspection are met in individual cases.
7. EU General Data Protection Regulation
We do not assume that the EU General Data Protection Regulation ("GDPR") is applicable in our case. However, should this be the case in exceptional cases for certain data processing, this Section 7 shall also apply exclusively for the purposes of the GDPR and the data processing subject to it.
We base the processing of your personal data in particular on the fact that:
-
it is necessary as described in section 2 for the initiation and conclusion of contracts and their administration and enforcement (Art. 6 para. 1 lit. b GDPR);
-
it is necessary for the purposes of the legitimate interests pursued by us or by third parties, as described in Section 2, in particular for communication with you or third parties, to operate our website, to improve our electronic services, for security purposes, for compliance with Swiss law and internal regulations, for our risk management and for other purposes such as training and education, administration, evidence and quality assurance, organization, implementation and follow-up of events and other legitimate interests (Art. 6 para. 1 lit. f GDPR);
-
it is required or permitted by law on the basis of our mandate or our position under the law of the EEA or a member state (Art. 6 para. 1 lit. c GDPR) or is necessary to protect your vital interests or those of other natural persons (Art. 6 para. 1 lit. d GDPR);
-
you have separately consented to the processing, e.g. via a corresponding declaration on our website (Art. 6 para. 1 lit. a and Art. 9 para. 2 lit. a GDPR).
8. Duration of storage of personal data
We process and store personal data for as long as is necessary for the processing purpose for which we collected it. As a rule, this is for the duration of our business relationship and thereafter for as long as we have a legitimate interest in retaining the data (e.g. due to the applicable limitation periods, for the retention of documents and the generation of know-how). In addition, there may be a contractual or statutory retention or documentation obligation (e.g. under the Swiss Code of Obligations, VAT Act, etc.). It is possible that personal data may be stored for the period in which claims can be asserted against us or insofar as we are otherwise legally obliged to do so or legitimate business interests require this (e.g. for evidence and documentation purposes). If the personal data is no longer required, it will be deleted or anonymized as far as possible. Subject to an express written agreement, we are under no obligation to you to retain personal data for a certain period of time.
9. Data security
We take appropriate technical and organizational security precautions to protect your personal data from unauthorized access and misuse, such as warnings, training, IT and network security solutions, access controls and restrictions, encryption of data carriers and transmissions, pseudonymization, controls.
10. Rights of the data subject
In accordance with the applicable data protection law and to the extent provided therein, you have the right to information, correction and deletion of your personal data, the right to restrict processing or to object to data processing by Pairfact and the right to receive certain personal data for transmission to another controller (so-called data portability). Please note, however, that we reserve the right to assert the restrictions provided for by law, e.g. if we are obliged to store or process certain data, have an overriding interest in doing so (insofar as we can invoke such interests), are obliged to maintain confidentiality or need the data to assert claims. If the exercise of certain rights is associated with costs for you, we will inform you of this in advance.
The exercise of these rights generally requires that you can clearly prove your identity (e.g. by means of a copy of your ID card if your identity is not otherwise apparent or cannot be verified in any other way). To assert your rights, please contact us using the contact details provided in section 1.
You have the right to assert your claims in court or to lodge a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).
11. Obligations of the data subject
As part of the business relationship with us, you must provide the personal data required to enter into and conduct a business relationship and to fulfill the associated contractual obligations (there is generally no legal obligation to provide us with data). Without this data, we will generally not be able to conclude or fulfill a contract with you (or the legal or natural person you represent). In addition, the website cannot be used if certain information for securing data traffic (such as the IP address) is not provided.
If you provide us with personal data of other persons (e.g. data of work colleagues), please ensure that these persons are aware of this data protection declaration and that you only pass on their personal data to us if you are authorized to do so and this personal data is correct.
Please note that the Internet is generally not a secure environment, as it is an open network that can be accessed by anyone. We therefore also appeal to you to take personal responsibility when handling your personal data. To the extent permitted by law, we exclude liability for the security of data that you transmit to us via the Internet (e.g. by e-mail) or other electronic channels and for any direct or indirect damage. We ask you to choose other means of communication if this appears necessary or sensible for security reasons.
12. Changes to the privacy policy
We may change this privacy policy at any time without prior notice. The latest version published on our website (www.pairfactlegal.com/de/privacy-policy) applies.
pair.fact legal AG
January 2024