SwissLegal Data Protection Statement

Version dated 25 May 2018

In this Data Protection Statement, we explain how we at SwissLegal Ltd (hereinafter SwissLegal, we, SwissLegal Group or us) collect and otherwise process personal data. This description is not exhaustive; other data protection statements govern specific issues as required. Personal data is defined as any information relating to an identified or identifiable person.

When you provide us with the personal data of other persons (e.g. family members or colleagues), please ensure that these persons are aware of this Data Protection Statement, and only notify us of their personal data if you are allowed to do so, and if such personal data is correct.

This Data Protection Statement is based on the EU General Data Protection Regulation (GDPR). Although the GDPR is a regulation of the European Union (EU), it is of importance to us. The Swiss Federal Act on Data Protection (FADP) is strongly influenced by EU law, and enterprises outside the European Union or the European Economic Area (EEA) must comply with the GDPR under certain circumstances. We have therefore based this Data Protection Statement on the standards of the GDPR.

  • 1. Controller
  • 2. Collecting and processing personal data
  • 3. Purposes of data processing and legitimate basis
  • 4. Cookies, tracking and other technologies in relation to the use of our website
  • 5. Data transfer and transmission abroad
  • 6. Retention period for personal data
  • 7. Data security
  • 8. Obligation to provide personal data
  • 9. Rights of the data subject
  • 10. Modifications

1. Controller

SwissLegal Ltd is responsible for data processing as described here, unless otherwise agreed in specific cases. If you have concerns regarding data protection, you can contact us at the following address: SwissLegal Ltd, Industriestrasse 49, 6300 Zug, Switzerland, tel.: +41 (0)41 712 12 34, e-mail:

2. Collecting and processing personal data

We mainly process personal data received in the course of attorney-client relationships with our clients or other contractual relationships with their business partners or additional persons involved. We also process personal data collected from users during the operation of our websites and other applications.

Insofar as this is allowed, we also obtain certain types of data from sources in the public domain (e.g. debt collection registers, land registries, commercial registers, press, Internet) or receive such data from our clients and their employees, from statutory authorities, courts (of arbitration) and other third parties (e.g. opposing parties, business and contractual partners of our clients). In addition to the data that you give us directly, the categories of personal data that we receive about you from third parties include but are not limited to information from public registers, information which we find in relation to official and legal proceedings, information relating to your professional function and activities (for example so that transactions with your employer can be carried out and handled with your assistance), information about you in correspondence and discussions with third parties, credit checks (if we handle transactions with you personally), information on you provided by people close to you (family, advisors, legal representatives, etc.) so that we can conclude or handle contracts with you or with your involvement (e.g. references, your address for deliveries, powers of attorney), information for compliance with legal requirements such as anti-money laundering legislation or export restrictions, information from banks, insurers, sales agents and our other contractual partners so that you can claim or render services (e.g. payments and purchases made), information from the media and Internet which relates to you (where appropriate in each specific case, e.g. in an advertisement, review, marketing/sales material, etc.), your address and possibly your interests or other socio-demographic data (for marketing), data relating to use of the website (e.g. IP address, MAC address of the smartphone or computer, details of your device and settings, cookies, date and time of the visit, pages and content accessed, functions used, referring website, location details).

3. Purposes of data processing and legitimate basis

We mainly use the personal data we collect to conclude and handle our contracts with our clients and business partners, in particular for the rendering of legal services for our clients and the purchase of products and services from our suppliers and auxiliary agents (in particular solicitors, legal chambers or experts consulted both in Switzerland and abroad), and to meet our legal obligations in Switzerland and abroad. If you work for one of these clients or business partners, you may also become a data subject within this function.

Furthermore, we also process your personal data and that of other data subjects, insofar as this is allowed and seems appropriate to us, for the following purposes in which we (and at times, third parties) have a legitimate interest in accordance with the purpose:

  • Offering and developing our products, services, websites and other platforms on which we are present; communication with third parties and processing of their enquiries (e.g. applications, media requests);
  • Advertising and marketing (including the staging of events), provided that you have not objected to the use of your data (if we send you advertising as an existing customer, you can object at any time, at which point we will put your name on a list to prevent any further advertising from being sent);
  • Market research and surveys, media tracking;
  • Assertion of legal claims and defence in relation to legal disputes and official proceedings;
  • Prevention and clarification of criminal acts and other misconduct (e.g. conducting internal investigations, data analysis for the prevention of fraud);
  • Safeguards provided by our enterprise, in particular by IT, our websites, and other platforms;
  • Video surveillance to safeguard property rights and other measures for IT, building and system security, and protection of our employees, other persons, or assets entrusted to our care (e.g. physical access controls, visitors lists, network and mail scanners, phone records);
  • Any transactions subject to company law and the related transmission of personal data as well as transaction management measures and steps to comply with statutory and regulatory obligations or the internal provisions of SwissLegal.

If you have given us your consent to process your personal data for specific purposes, we will process your personal data within the context of and based upon this consent, unless we have another legitimate basis or require such a basis for doing so. Once consent has been granted, it may be withdrawn at any time. This will not affect data processing which has already been completed.

Contract performance will serve as a legitimate basis for the processing of personal data which is required for the performance of a contract (in particular for client-attorney relationships) where the data subject is a contractual party. This also applies to processing operations which are required for the performance of steps prior to entering into a contract.

If the processing of personal data is required in order to comply with a legal obligation to which the SwissLegal Group is subject, this fulfilment obligation serves as a legitimate basis.

If data processing is required to safeguard a legitimate interest of the SwissLegal Group or of a third party, and the interests, fundamental rights and freedoms of the data subject do not override the interest of the former, these legitimate interests will serve as a legitimate basis for data processing.

4. Cookies | Tracking and other technologies in relation to the use of our website

In general, our websites do not use cookies and similar technologies which can identify your browser or device. A cookie is a small file which is sent to your computer or automatically stored on your computer or mobile device by the web browser used when you visit our website. If you access this website again, this enables us to recognise you, even though we do not know who you are. In addition to cookies which are only used during a session and are deleted after your website visit (“session cookies”), cookies can also be used to store user settings and other information over a specific period, e.g. two years (“permanent cookies”). You can however set your browser so that it refuses cookies, only stores them for a session, or deletes them prematurely. The default setting of most browsers is to accept cookies. We do not use permanent cookies to gain a better understanding of your use of our websites and their content. In general, you can also disable cookies yourself, although this may impair functions such as language selection, location search, etc.

We do not use Google Analytics or any other comparable services on our websites. The service provider does not receive any personal data from us (and does not store IP addresses), but may use other means to ascertain how you use our website, and combine this information with other websites visited by you. If you have registered with this service provider yourself, the service provider will nonetheless recognise you. The service provider is therefore responsible for processing your personal data in accordance with its data protection provisions. The service provider does not tell us how our website is used, and does not provide us with any other information about you personally.

5. Data transfer and transmission abroad

If authorised and appropriate, we also disclose data to third parties in the course of our business activities and for the purposes set out in section 3, whether they process the data for us or want to use it for their own purposes. This relates to the following bodies in particular:

  • Our service providers (e.g. banks, insurers), including processors (e.g. IT providers);
  • Traders, suppliers, auxiliary agents (in particular solicitors, legal chambers and experts consulted both in Switzerland and abroad) and other business partners;
  • Clients and their affiliated companies and their counterparties in Switzerland and abroad;
  • Swiss and foreign authorities, official bodies or courts as well as courts of arbitration;
  • Media, the public, including visitors to websites and social media;
  • Competitors, industry organisations, associations, organisations and other committees;
  • Any counterparties or interested parties in the course of transactions subject to company law;
  • Other parties in potential or actual legal proceedings;

All recipients in general.

Some of these recipients are in Switzerland, but may be in any country of the world. The data can be transmitted in particular to the country of domicile of our clients, their affiliated companies, counterparties or business partners as well as to that of any service providers or experts consulted, or to a country in which our clients and their corporate groups are involved in proceedings. If we transmit data to a country without reasonable statutory data protection, we will provide an appropriate level of protection, as prescribed by law, through use of the appropriate contracts (based on the standard contract clauses of the European Commission), use of the Swiss-US Privacy Shield or Binding Corporate Rules, or will base our actions on the statutory exceptions of consent, contract execution, the establishment, exercise or enforcement of legal claims, overriding public interest, published personal data, or because such protection is required to protect the integrity of the data subjects. You can source a copy of the contractual safeguards mentioned above at any time from the contact person named in section 1. However, we reserve the right to redact copies for data protection reasons or on grounds of confidentiality, or to supply extracts only.

6. Retention period for personal data

We process and store your personal data for as long as it is required to meet our contractual and legal obligations or for the purposes pursued by the processing, i.e. for the full duration of the business relationship, for example (from the drafting and processing of a contract until its termination) and beyond, as set out by the statutory retention and documentation obligations. It is possible that personal data may be stored throughout the period during which claims may be asserted against our enterprise (i.e. during the statutory limitation period in particular), or for as long as we are required to do so by law or due to legitimate business interests (e.g. for evidentiary and documentation purposes). In principle we delete your personal data or render data anonymous wherever possible as soon as it is no longer required for the purposes stated above. Much shorter retention periods of twelve months or less apply to operating data (e.g. system protocols or logs).

7. Data security

We take technical and organisational security measures to protect your personal data against unauthorised access and misuse.

8. Obligation to provide personal data

In the course of our business relationship, you must provide personal data which is required for the establishment and implementation of a business relationship and the performance of the related contractual obligations (as a rule, you do not have a statutory obligation to provide us with data). Without this data, we will generally be unable to conclude or carry out a contract with you (or with the body or person you represent). In addition, the website cannot be used if certain information is not disclosed to ensure movement of data (e.g. IP address).

9. Rights of the data subject

Within the scope of the data protection law which applies to you, and insofar as the law provides for it (as in the case of the GDPR), you have the right to access, rectification, erasure, the right of restriction of data processing, and also the right to object to our data processing and to the provision of certain personal data for the purposes of transmission to another body (data portability). Please be aware however that we reserve the right to exercise the statutory restrictions applicable to us if we are obliged to retain or process certain data, have an overriding interest in such data (insofar as we are allowed to invoke this interest), or need it to assert claims. We will inform you of any costs incurred in advance. We have already notified you of the option to withdraw your consent in section 3. Please note that the exercising of these rights may conflict with contractual agreements, and could lead to early termination of the contract or result in costs, for example. We will inform you in advance in cases in which this is not already governed by the contract.

The exercising of such rights generally requires that you provide clear proof of your identity (e.g. by submitting a copy of your ID if your identity is otherwise unclear or cannot be verified). To assert your rights, you may contact us at the address given in section 1.

Moreover, every data subject has the right to assert their claims in a court of law or to lodge a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (

10. Modifications

We may amend this Data Protection Statement at any time without prior notice. The applicable version is the latest version as published on our website. Insofar as the Data Protection Statement forms part of an agreement with you, we will inform you of any updates by e-mail or other suitable means (e.g. via the legal notice on our website).

Status (last updated): 11 June 2018