Version of September 1, 2023
If you provide us with data about other persons (for example family members, representatives, counterparties or other associated persons), we assume that you are authorized to do so and that this data is correct and that you have ensured that these persons are informed about this disclosure, insofar as a legal obligation to provide information applies (for example, by bringing this data protection declaration to their attention in advance).
2. Who is responsible for processing your data?
Friedli & Schnidrig Attorneys at Law
3. For what purposes do we process which of your data?
When you use our services, visit the website www.fslaw.ch (hereinafter "Website") or otherwise interact with us, we collect and process various categories of your personal data. In principle, we may obtain and otherwise process this data for the following purposes in particular:
Communication: We process personal data so that we can communicate with you and with third parties, such as parties to proceedings, courts or authorities, by email, telephone, letter or otherwise (for example, to respond to inquiries, as part of legal advice and representation and to initiate or process contracts). For this purpose, we process in particular the content of the communication, your contact details and the marginal data of the communication.
Initiation and conclusion of contracts: With regard to the conclusion of a contract, such as in particular a contract to establish a client relationship with you or your client or employer, which also includes the clarification of any conflicts of interest, we may in particular obtain your name, contact details, powers of attorney, declarations of consent, information about third parties (for example contact persons, family details and counterparties), contract contents, date of conclusion, creditworthiness data and all other data that you provide to us or that we collect from public sources or third parties (e.g. commercial register, credit agencies, sanctions lists, media, legal expenses insurance or from the Internet).
Administration and processing of contracts: We obtain and process personal data so that we can comply with our contractual obligations towards our clients and other contractual partners (e.g. suppliers, service providers, correspondence law firms, project partners) and, in particular, provide and demand contractual services. This also includes data processing for client management (e.g. legal advice and representation of our clients before courts and authorities and correspondence) as well as data processing for the enforcement of contracts (debt collection, legal proceedings, etc.) and accounting. For this purpose, we process in particular the data that we receive or have collected as part of the initiation, conclusion and execution of the contract as well as data that we create as part of our contractual services or that we collect from public sources or from other third parties (e.g. courts, authorities, counterparties, information services, media, detective agencies or from the Internet). This data may include, in particular, minutes of meetings and consultations, notes, internal and external correspondence, contractual documents, documents that we prepare and receive in the context of proceedings before courts and authorities (e.g. statements of claim, appeals and complaints, judgments and decisions), background information about you, counterparties or other persons as well as other mandate-related information, proof of performance, invoices and financial and payment information.
Security purposes and access controls: We obtain and process personal data in order to ensure and continuously improve the appropriate security of our IT and other infrastructure (for example, buildings). This includes, for example, monitoring and controlling electronic access to our IT systems and physical access to our premises, analyzing and testing our IT infrastructures, system and error checks and creating backup copies.
Compliance with laws, instructions and recommendations from authorities and internal regulations ("compliance"): We obtain and process personal data to comply with applicable laws (for example, to combat money laundering or due to tax or professional obligations), for self-regulatory purposes and for internal and external investigations in which we are a party (to proceedings) (for example, following a mandate from a law enforcement or supervisory authority or a private body).
Risk management and corporate governance: We obtain and process personal data as part of risk management (e.g. to protect against criminal activities) and corporate governance. This includes, among other things, our business organization (e.g. resource planning).
Job application: If you apply for a job with us, we obtain and process the relevant data for the purpose of reviewing the application, carrying out the application process and - in the case of successful applications - for the preparation and conclusion of a corresponding contract. In addition to your contact details and the information from the relevant communication, we process in particular the data contained in your application documents and the data that we can additionally obtain about you, for example from job-related social networks, the Internet, the media and from references, if you consent to us obtaining references.
Other purposes: Other purposes include, for example, training and education purposes as well as administrative purposes (e.g. accounting). The protection of other legitimate interests is also one of the other purposes, which cannot be listed exhaustively.
4. Where does the data come from?
From you: You (or your end device) provide us with the majority of the data we process yourself (for example in connection with our services, the use of our website or communication with us). You are not obliged to disclose your data, with exceptions in individual cases (e.g. legal obligations). However, if you wish to conclude contracts with us or make use of our services, for example, you must provide us with certain data. The use of our website is also not possible without data processing.
From third parties: We may also obtain data from publicly accessible sources (e.g. debt collection register, land register, commercial register, media, internet including social media) or receive such data from (i) authorities, (ii) your employer or client who either has a business relationship with us or is otherwise involved with us, as well as from (iii) other third parties (e.g. clients, counterparties, legal expenses insurers, associations, contractual partners). This includes in particular the data that we process in the context of the initiation, conclusion and execution of contracts as well as data from correspondence and discussions with third parties, but also all other categories of data in accordance with section 3.
5. To whom do we disclose your data?
In connection with the purposes listed in section 3, we transfer your personal data in particular to the categories of recipients listed below. If necessary, we will obtain your consent for this or have our supervisory authority release us from our professional duty of confidentiality.
Service providers: We work with service providers in Germany and abroad who (i) process data on our behalf, (ii) process data that they have received from us or collected for us on their own responsibility or (iii) process data on their own responsibility. These service providers include, for example, IT providers, banks, insurance companies, other law firms, notary's offices or consulting firms. We generally enter into contracts with these third parties regarding the use and protection of personal data.
Clients and other contractual partners: This initially refers to clients and other contractual partners of ours for whom the transfer of your data arises from the contract (for example, because you work for a contractual partner or they provide services for you). This category of recipients also includes entities with which we cooperate, such as other law firms in Switzerland and abroad or legal expenses insurance companies. The recipients generally process the data under their own responsibility.
Authorities and courts: We may disclose personal data to offices, courts and other authorities in Switzerland and abroad if this is necessary for the fulfillment of our contractual obligations and in particular for the performance of our mandate, or if we are legally obliged or entitled to do so or if this appears necessary to protect our interests. These recipients process the data under their own responsibility.
Counterparties and persons involved: Insofar as this is necessary for the fulfillment of our contractual obligations, in particular for the management of the mandate, we also pass on your personal data to counterparties and other persons involved (for example guarantors, financiers, affiliated companies, other law firms, persons providing information or experts, etc.).
Other persons: This refers to other cases where the inclusion of third parties arises from the purposes set out in section 3. This concerns, for example, delivery addressees or payment recipients specified by you, third parties in the context of agency relationships (e.g. your lawyer or your bank) or persons involved in official or court proceedings. We may also disclose your personal data to our supervisory authority, in particular if this is necessary in individual cases to release you from our professional duty of confidentiality.
All these categories of recipients may in turn involve third parties, so that your data may also become accessible to them. We can restrict processing by certain third parties (e.g. IT providers), but not by other third parties (e.g. authorities, banks, etc.).
6. Is your personal data also sent abroad?
We process and store personal data mainly in Switzerland, but depending on the case - for example via subcontractors of our service providers or in proceedings before foreign courts or authorities - potentially in any country in the world. Your personal data may also be transferred to any country in the world as part of our work for clients.
If a recipient is located in a country without adequate data protection, we contractually oblige the recipient to comply with an adequate level of data protection, unless the recipient is already subject to a legally recognized set of rules to ensure data protection. We may also disclose personal data to a country without an adequate level of data protection without concluding a separate contract if we can rely on an exception to this rule. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interests or if the performance of a contract that is in your interest requires such disclosure (for example, if we disclose data to our correspondence offices), if you have given your consent or it is not possible to obtain your consent within a reasonable period of time and the disclosure is necessary to protect your life or physical integrity or that of a third party, or if the data in question has been made generally accessible by you and you have not objected to its processing. We may also rely on the exception for data from a statutory register (e.g. commercial register) which we have legitimately obtained access to.
7. What rights do you have?
You have certain rights in connection with our data processing. In accordance with applicable law, you may in particular request information about the processing of your personal data, have incorrect personal data corrected, request the erasure of personal data, object to data processing, request the disclosure of certain personal data in a commonly used electronic format or its transfer to other controllers.
If you wish to exercise your rights against us, please contact us; our contact details can be found in section 2. In order for us to rule out misuse, we must identify you (e.g. with a copy of your ID, if necessary).
Please note that conditions, exceptions or restrictions apply to these rights (for example, to protect third parties or business secrets or due to our professional duty of confidentiality). We reserve the right to black out copies for reasons of data protection or confidentiality or to supply only excerpts.
8. How are cookies, similar technologies and social media plug-ins used on our website and other digital services?
You can set your browser so that it automatically rejects, accepts or deletes cookies. You can also deactivate or delete cookies in individual cases. You can find out how to manage cookies in your browser in the help menu of your browser.
We also use social media plug-ins, which are small pieces of software that establish a connection between your visit to our website and a third-party provider. The social media plug-in informs the third-party provider that you have visited our website and may send the third-party provider cookies that it has previously placed on your web browser. For more information on how these third-party providers use your personal data collected via their social media plug-ins, please refer to their respective privacy policies.
Provider: Google Ireland
Data protection information: https://support.google.com/analytics/answer/6004245
Information for Google accounts: https://policies.google.com/technologies/partner-sites?hl=de
Some of the third-party providers we use may be located outside Switzerland. Information on the disclosure of data abroad can be found in section 6. In terms of data protection law, some of them are only processors on our behalf and some are controllers. Further information on this can be found in the corresponding data protection declarations.
9. How do we process personal data on our pages in social networks?
We operate pages and other online presences on social networks and other platforms operated by third parties and process data about you in this context. We receive data from you (for example, when you communicate with us or comment on our content) and from the platforms (for example, statistics). The providers of the platforms can analyze your use and process this data together with other data that they have about you. They also process this data for their own purposes (e.g. marketing and market research purposes and to manage their platforms) and act as their own data controllers for this purpose. For further information on processing by the platform operators, please refer to the privacy policies of the respective platforms.
We are entitled, but not obliged, to check third-party content before or after its publication on our online presences, to delete content without notice and, if necessary, to report it to the provider of the platform in question.
Some of the platform operators may be located outside Switzerland. Information on data disclosure abroad can be found in section 6.
10. What else needs to be considered?
Insofar as the EU General Data Protection Regulation ("GDPR") is applicable to us, this Section 10 shall also apply exclusively for the purposes of the GDPR and the data processing subject to it.
We base the processing of your personal data in particular on the fact that
- It is necessary, as described in section 3, for the initiation and conclusion of contracts and their administration and enforcement (Art. 6 para. 1 lit. b GDPR);
- it is necessary for the purposes of the legitimate interests pursued by us or by third parties, as described in Section 3, namely for communication with you or third parties, to operate our website, to improve our electronic offerings and registration for certain offerings and services, for security purposes, for compliance with Swiss law and internal regulations, for our risk management and corporate governance and for other purposes such as training and education, administration, evidence and quality assurance, organization and for the protection of other legitimate interests (see Section 3) (Art. 6 para. 1 lit. f GDPR);
- it is required or permitted by law on the basis of our mandate or our position under the law of the EEA or a member state (Art. 6 para. 1 lit. c GDPR) or is necessary to protect your vital interests or those of other natural persons (Art. 6 para. 1 lit. d GDPR);
- you have separately consented to the processing (Art. 6 para. 1 lit. a and Art. 9 para. 2 lit. a GDPR).
Please note that we generally process your data for as long as required by our processing purposes (see section 3), the statutory retention periods and our legitimate interests, in particular for documentation and evidence purposes, or if storage is technically necessary (e.g. in the case of backups or document management systems).
If there are no legal or contractual obligations or technical reasons to the contrary, we generally delete or anonymize your data after the storage or processing period has expired as part of our usual processes and in accordance with our retention policy.
If you do not provide certain personal data, this may mean that it is not possible to provide the associated services or conclude a contract. As a matter of principle, we indicate where personal data requested by us is mandatory.
If you do not agree with our handling of your rights or data protection, please let us know (see contact details in section 2). If you are located in the EEA, you also have the right to lodge a complaint with the data protection supervisory authority in your country. A list of authorities in the EEA can be found here: https://edpb.europa.eu/about-edpb/board/members_de.
The version published on this website is the current version.