Version from August 15, 2023
Personal data that we process about you include:
- Your name and contact information (for example, name, address, phone number or email address), information about the company you work for, your position or title, and/or your relationship to an individual, and other basic information);
- Identification and background information that you provide to us or that is collected from you as part of our application or employment process;
- Financial information, such as payment information;
- Information that is disclosed to us by or on behalf of our clients or that we provide to our clients as part of our services.
- Information provided to us for the purpose of attending meetings;
- Information related to documents and communications that we send to you electronically, such as your use of promotional e-mails.
- Any other information related to you that you provide to us.
2. Who is responsible for processing your data?
Bachmann Rechtsanwälte AG
3. For what purposes do we process which of your data?
When you use our services, use www.bachmann.law (hereinafter "website"), or otherwise deal with us, we obtain and process various categories of your personal data. In principle, we may collect and otherwise process this data in particular for the following purposes:
- Communication: We process personal data so that we can communicate with you as well as with third parties, such as parties to proceedings, courts or authorities, by e-mail, telephone, letter or otherwise (e.g. to answer inquiries, in the context of legal advice and representation as well as the initiation or execution of contracts). This includes that we may send a Christmas card to our clients, contractual partners and other interested persons (electronically or by mail). You may refuse such communication at any time or refuse or revoke your consent to such communication. For this purpose, we process in particular the content of the communication, your contact data and the marginal data of the communication.
- Initiation and conclusion of contracts: With regard to the conclusion of a contract, such as in particular a contract for the establishment of an attorney-client relationship, with you or your client or employer, which also includes the clarification of any conflicts of interest, we may in particular obtain and otherwise process your name, contact details, powers of attorney, declarations of consent, information about third parties (e.g. contact persons, family details as well as counterparties), contract contents, date of conclusion, creditworthiness data as well as all other data which you make available to us or which we collect from public sources or third parties (e.g. commercial register, credit agencies, sanctions lists, media, legal protection insurances or from the Internet).
- Administration and processing of contracts: We obtain and process personal data so that we can comply with our contractual obligations to our clients and other contractual partners (e.g., suppliers, service providers, correspondence law firms, project partners) and, in particular, so that we can provide and collect contractual services. This also includes data processing for client management (e.g. legal advice and representation of our clients before courts and authorities and correspondence) as well as data processing for the enforcement of contracts (debt collection, legal proceedings, etc.), accounting and public communication (if permitted). For this purpose, we process in particular the data which we receive or have collected in the course of the initiation, conclusion and execution of the contract, as well as data which we generate in the course of our contractual services or which we collect from public sources or other third parties (e.g. courts, authorities, counterparties, information services, media, detective agencies or from the Internet). Such data may include, in particular, minutes of conversations and consultations, notes, internal and external correspondence, contractual documents, documents that we create and receive in the course of proceedings before courts and authorities (e.g., statements of claim, appeals and complaints, judgments and decisions), background information about you, counterparties or other persons, as well as other mandate-related information, performance records, invoices, and financial and payment information.
- security purposes as well as access controls: We obtain and process personal data to ensure and continuously improve the appropriate security of our IT and other infrastructure. This includes, for example, monitoring and controlling electronic access to our IT systems as well as physical access to our premises, analyzing and testing our IT infrastructures, system and error checks, and creating security copies.
- Compliance with laws, directives and recommendations of authorities and internal regulations ("Compliance"): We obtain and process personal data to comply with applicable laws (e.g., anti-money laundering, tax obligations or our professional duties), self-regulations, certifications, industry standards, our corporate governance, as well as for internal and external investigations to which we are a party (e.g., by a law enforcement or regulatory agency or an appointed private entity).
- Risk management and corporate governance: We obtain and process personal data as part of risk management (e.g., to protect against tortious activities) and corporate governance. This includes, among other things, our operational organization (e.g., resource planning) and corporate development (e.g., acquisition and sale of operating units or companies).
- Job application: If you apply for a job with us, we obtain and process the relevant data for the purpose of reviewing the application, carrying out the application process and, in the case of successful applications, for the preparation and conclusion of a corresponding contract. For this purpose, in addition to your contact data and the information from the corresponding communication, we also process in particular the data contained in your application documents and the data as we can additionally obtain about you, for example from job-related social networks, the Internet, the media and from references, if you consent to us obtaining references.
- Other purposes: Other purposes include, for example, administrative purposes (e.g. accounting).
4. Where does the data come from?
- From you: The majority of the data we process is disclosed by you (or your terminal device) yourself (e.g. in connection with our services, the use of our website, or communication with us). You are not obliged to disclose your data, with exceptions in individual cases (e.g. legal obligations). However, if you wish to conclude contracts with us or use our services, for example, you must disclose certain data to us. The use of our website is also not possible without data processing.
- From third parties: We may also obtain or receive data from publicly available sources (e.g. debt collection registers, land registers, commercial registers, media or the internet including social media) from (i) public authorities, (ii) your employer or client who either has a business relationship with us or otherwise deals with us, and (iii) other third parties (e.g. clients, counterparties, legal protection insurers, credit agencies, address dealers, associations, contractual partners, internet analysis services). This includes, in particular, the data we process in the course of initiating, concluding and executing contracts, as well as data from correspondence and discussions with third parties, but also all other categories of data.
5. Who do we disclose your information to?
In connection with the provisions set forth in para. 3 we transfer your personal data in particular to the categories of recipients listed below. If necessary, we obtain your consent for this or have our supervisory authority release us from our professional duty of confidentiality.
- Service providers: We work with service providers in Switzerland and abroad who (i) process data on our behalf (e.g., IT providers), (ii) process data jointly with us, or (iii) process data on their own responsibility that they have received from us or collected on our behalf. These service providers include, for example, IT providers, banks, insurance companies, credit reporting agencies, address checkers, other law firms or consulting companies. We generally agree contracts with these third parties on the use and protection of personal data.
- Clients and other contractual partners: First of all, this refers to clients and other contractual partners of ours for whom a transfer of your data results from the contract (e.g. because you are working for a contractual partner or he is providing services for you). This category of recipients also includes entities with which we cooperate, such as other law firms in Switzerland and abroad or legal expenses insurers. The recipients process the data under their own responsibility.
- Authorities and courts: We may disclose personal data to offices, courts and other authorities in Switzerland and abroad if this is necessary for the fulfillment of our contractual obligations and, in particular, to conduct our mandate, or if we are legally obligated or entitled to do so, or if this appears necessary to protect our interests. These recipients process the data under their own responsibility.
- Counterparties and persons involved: To the extent necessary for the performance of our contractual obligations, in particular for the management of the mandate, we also disclose your personal data to counterparties and other involved persons (e.g. guarantors, financiers, affiliated companies, other law firms, respondents or experts, etc.).
- Other persons: This refers to other cases where the inclusion of third parties arises from the purposes under para. 3. This concerns, for example, delivery addressees or payment recipients specified by you, third parties in the context of agency relationships (e.g. your lawyer or your bank) or persons involved in official or legal proceedings. We may also disclose your personal data to our supervisory authority, in particular if this is necessary in individual cases to release you from our professional duty of confidentiality. In the course of business development, we may sell or acquire businesses, parts of businesses, assets or companies, or enter into partnerships, which may also result in the disclosure of data (including data about you, e.g. as a client or supplier or as their representative) to the persons involved in these transactions. Communications with our competitors, industry organizations, associations and other bodies may also involve the exchange of data relating to you.
All these categories of recipients may in turn involve third parties, so that your data may also become accessible to them. We can restrict processing by certain third parties (e.g. IT providers), but not by other third parties (e.g. authorities, banks, etc.).
6. Does your personal data also end up abroad?
We process and store personal data mainly in Switzerland and the European Economic Area (EEA), but potentially in any country in the world, depending on the case - for example, via subcontractors of our service providers or in proceedings before foreign courts or authorities. In the course of our activities for clients, your personal data may also end up in any country in the world.
If a recipient is located in a country without adequate data protection, we contractually oblige the recipient to comply with an adequate level of data protection (for this purpose, we use the revised standard contractual clauses of the European Commission, which can be accessed here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj? , including the supplements necessary for Switzerland), unless the recipient is already subject to a legally recognized set of rules to ensure data protection. We may also disclose personal data to a country without adequate data protection without entering into a separate contract for this purpose if we can rely on an exemption provision for this purpose. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interests or if the performance of a contract that is in your interest requires such disclosure (e.g., if we disclose data to our correspondence offices), if you have given your consent or it is not possible to obtain your consent within a reasonable period of time and the disclosure is necessary to protect your life or physical integrity or that of a third party, or if it concerns data that you have made generally available and you have not objected to its processing. We may also rely on the exception for data from a register provided for by law (e.g. HR) to which we have been legitimately given access.
7. What rights do you have?
You have certain rights in connection with our data processing. In accordance with applicable law, you may, in particular, request information about the processing of your personal data, have incorrect personal data corrected, request the deletion of personal data, object to data processing, request the release of certain personal data in a standard electronic format or its transfer to other data controllers.
If you wish to exercise your rights against us, please contact us; our contact details can be found in para. 2. In order for us to exclude misuse, we must identify you (e.g. with a copy of your ID, if necessary).
Please note that prerequisites, exceptions or restrictions apply to these rights (e.g. for the protection of third parties or business secrets or due to our professional duty of confidentiality). We reserve the right to black out copies or to supply only excerpts for reasons of data protection or confidentiality.
8. How are cookies and similar technologies used on our website?
You can set your browser to automatically reject, accept or delete cookies. You can also disable or delete cookies on a case-by-case basis. You can find out how to manage cookies in your browser in the help menu of your browser.
Both the technical data we collect and cookies generally do not contain any personal data. However, personal data that we or third-party providers commissioned by us collect from you may be linked to the technical data or to the information stored in and obtained from cookies and thus possibly to your person.
Some of the third-party providers we use may be located outside of Switzerland. Information on data disclosure abroad can be found under para. 6. In terms of data protection law, they are in part "only" order processors of us and in part responsible parties. Further information on this can be found in the data protection declarations.
9. How do we process personal data on our pages in social networks?
We operate pages and other online presences on social networks and other platforms operated by third parties and process data about you in this context. In doing so, we receive data from you (e.g., when you communicate with us or comment on our content) and from the platforms (e.g., statistics). The providers of the platforms may analyze your usage and process this data together with other data they have about you. They also process this data for their own purposes (e.g., marketing and market research purposes and to manage their platforms), and act as their own data controllers for this purpose. For more information on processing by the platform operators, please refer to the privacy statements of the respective platforms.
We are entitled, but not obliged, to check third-party content before or after it is published on our online presences, to delete content without notice and, if necessary, to report it to the provider of the relevant platform.
Some of the platform operators may be located outside of Switzerland. Information on data disclosure abroad can be found under para. 6.
10. What else needs to be considered?
We would like to point out that we process your data for as long as it is necessary for our processing purposes (cf. para. 3), the legal retention periods and our legitimate interests, in particular for documentation and evidence purposes, require it or storage is technically necessary (e.g. in the case of backups or document management systems). If there are no legal or contractual obligations or technical reasons to the contrary, we generally delete or anonymize your data after the storage or processing period has expired as part of our usual processes and in accordance with our retention policy.
If you do not provide certain personal data, this may mean that the provision of related services or the conclusion of a contract is not possible. We generally indicate where personal data requested by us is mandatory.
If you do not agree with our handling of your rights or data protection, please let us know (see contact details in para. 2). If you are in the EEA, you also have the right to complain to the data protection supervisory authority in your country. You can find a list of authorities in the EEA here: https://edpb.europa.eu/about-edpb/board/members_de.