Privacy Notice

Protecting your data is important to us.

 

As a legal and notary service provider, we are entrusted with important data. In this policy, we tell you how we treat and protect your personal data.

In this policy, we explain:

  • who processes personal data,
  • what personal data we process,
  • the purposes for which we process personal data,
  • the legal bases on which we process personal data,
  • to whom we disclose personal data,
  • how long we store personal data,
  • whether you must provide us with personal data, and
  • what your rights as a data subject in the European Union are.

The Swiss Data Protection Act applies to our data processing. Under certain circumstances, the General Data Protection Regulation of the European Union may also apply. We abbreviate it below to GDPR.

We may amend this privacy policy at any time. The version published on our website applies.

Last update: June 25, 2018

1. Who processes personal data?

The controller of personal data is:

Lex Futura AG
Platz 4
CH-6039 Root D4
Switzerland
www.lexfutura.ch
info@lexfutura.ch

If you have any questions or concerns regarding data protection, please contact:

Lex Futura AG
Simon Roth
Platz 4
CH-6039 Root D4
Switzerland
simon.roth@lexfutura.ch

2. What personal data do we process?

2.1 If you visit our website

General
When you visit our website (www.lexfutura.ch), our server stores a logfile. In the logfile, we collect and process the following data:

  • The IP address from which our website was accessed. This is a number used on the Internet to communicate on the network.
  • The date and time of access to our website.
  • HTTP protocol information, such as protocol type, protocol version, http requests, status codes, information on the transferred data. This is technical data that is generated when network traffic on the Internet occurs.
  • Error messages that occurred during access.
  • The type and version of the browser utilized by the user, the operating system and the model of the computer or mobile device.
  • The website from which the user accesses our website.

Contact form
If you use our contact form, we collect and process the following data:

  • Salutation
  • Company
  • First and last name
  • Telephone number
  • E-mail address
  • The date and time when the message was sent
  • The message you send us

Social Plugins
Our contact page uses a plugin from Google Maps. Google Maps is a map service of Google Inc, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA. When you access the contact page, your browser establishes a direct connection to the Google server and Google transmits the map content directly to the browser. Personal data (including IP address, date and time of the access, location data) may be transmitted to Google. We have no control over the further processing of personal data by Google. For more information about Google's privacy policy, click here.

We operate a company page on the LinkedIn platform. LinkedIn is a service operated in the European Union, the European Economic Area and Switzerland by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. When you visit our company website, LinkedIn processes personal data. We have no control over that. For more information on LinkedIn's privacy policy, click here.

2.2 When we provide our services

In connection with the offering and the provision of our legal and notarial services, we collect and process in particular the following data in our systems:

  • Name and industry of our customers
  • Contact information of our customers: Address, email address, landline number, mobile number, fax number, Skype Name, website, etc.
  • Contact information of the contact persons at our customers: Name, address, e-mail address, landline number, mobile number, fax number, Skype name, website, etc.
  • Contact information of third parties involved in mandates (other consultants, counterparties, etc.): name, address, e-mail address, landline number, mobile number, fax number, Skype name, website, etc.
  • Mandate information, such as mandate description, mandate budget, mandate tasks, mandate schedule, etc.
  • Billing information, such as invoiced services, invoice amount, billing address, VAT information
  • Data which, in the course of fulfilling our mandate, we receive from you, your employees and consultants, your employer or from third parties, or which we collect ourselves, such as:
    • Contact information
    • Court and administrative files
    • Contracts, correspondence, e-mails, fact statements
    • Data from public registers (e.g. commercial register, land register, debt collection register)
    • Details about yourself and your background
    • Public data available from the media and the Internet
    • Data that we collect and process in order to comply with regulatory requirements (e.g. Professional Conduct requirements, anti-money laundering regulations)
    • Bank and insurance data
    • Special categories of personal data according to Article 9 GDPR (e.g. health data or data on trade union membership) or particularly sensitive personal data according to Article 3(c) of the Swiss Data Protection Act.

2.3 When we purchase goods or services

In the context of purchasing goods and services, we collect and process the following data in our systems:

  • Name of our suppliers
  • Contact information of our suppliers: Address, email address, landline number, mobile number, fax number, Skype Name, website, etc.
  • Contact information of the contact persons at our suppliers: Name, address, e-mail address, landline number, mobile number, fax number, Skype name, website, etc.
  • Billing information, such as invoiced services, invoice amount, billing address, VAT information

3. For what purposes do we process your personal data?

3.1 If you visit our website

We collect and process personal data for the following purposes:

  • With respect to log files. We use this information to track and resolve technical issues, troubleshoot problems, prevent attacks on our infrastructure, support analysis in the event of hacker attacks, and compile visitor statistics for our website. We do not use this data for direct marketing, profiling or automated individual decision making.
  • With reference to data of the contact form. We use this information to understand your request and to contact you in this regard. We do not use this data for direct marketing, profiling or automated individual decision making.

3.2 When we provide our services

We collect and process personal data in order to offer and provide legal and notarial services to our customers and to invoice them for the respective services. We do not use this data for direct marketing, profiling or automated individual decision making.

3.3 When we purchase goods or services

We collect and process personal data in order to obtain and pay for the supplier's services. We do not use this data for direct marketing, profiling or automated individual decision making.

4. What are the legal bases on which we process your personal data?

If the GDPR is applicable to the processing of your personal data, we must at this point inform you about the so-called legal basis for data processing.

4.1 If you visit our website

We collect and process personal data according to the following legal bases:

  • With respect to log files. We may process the data as we have a legitimate interest according to Article 6(1)(f) GDPR. This consists of understanding and solving technical problems, finding errors, averting attacks on our infrastructure, carrying out analyses in the event of a hacker attack and producing visitor statistics.
  • With respect to data of the contact form. The contact form may contain personal data about our customers as well as about third parties.
    • If the data refer to the customer. We may process the data as permitted by Article 6(1)(b) GDPR for the performance of a contract or for the implementation of pre-contractual measures taken at the request of the data subject.
    • If the data does not refer to the customer. We may process the data because we and our customers have a legitimate interest pursuant to Article 6(1)(f) GDPR. This consists of the offering, providing and invoicing our customers legal and notarial services.

4.2 When we provide our services

We collect and process the personal data according to the following legal bases:

  • If the data in our systems refer to the customer. We may process the data as permitted by Article 6(1)(b) GDPR for the performance of a contract or for the implementation of pre-contractual measures taken at the request of the data subject.
  • If the data in our systems do not refer to the customer. We may process the data because we and our customers have a legitimate interest in accordance with Article 6(1)(f) GDPR. This consists of the offering, providing and invoicing our clients legal and notarial services.
  • When we process special categories of personal data. We may process the data, as the processing is necessary to establish, exercise or defend legal claims of our customers according to Article 9(2)(f) GDPR.

4.3 When we purchase goods or services

We collect and process the personal data according to the following legal bases:

  • If the data in our systems refer to the supplier. We may process the data as permitted by Article 6(1)(b) GDPR for the performance of a contract or for the implementation of pre-contractual measures taken at the request of the data subject.
  • If the data in our systems do not refer to the supplier. We may process the data as we have a legitimate interest under Article 6(1)(f) GDPR. This consists of making use of and remunerating the supplier's services.

5. To whom do we disclose your personal data?

We disclose personal data to the following persons:

  • to data processors who process personal data on our behalf, in particular IT service providers. For the purpose of Professional Conduct, these processors are considered auxiliary persons within the meaning of Article 321 of the Swiss Criminal Code;
  • only with the customer's consent to authorities, courts and arbitral tribunals;
  • only with the customer's consent to counterparties and their lawyers and advisors as well as other parties involved in a mandate and their lawyers and advisors; and
  • only with the customer's consent to the media and the public.

If we are requested by any authority to disclose data that are subject to attorney-client privilege, we will take the measures provided by law to protect such privilege.

6. Do we transfer your personal data to third countries?

All our data processors (e.g. IT service providers) process personal data in Switzerland. The Swiss Data Protection Act offers an appropriate level of data protection. The European Commission's adequacy decision can be found here.

To the extent permitted under Swiss law and only with the consent of our customers, we may transfer personal data to non-governmental parties (e.g. to correspondent lawyers) in third countries for which the European Commission has not determined an appropriate level of data protection if such transmission is necessary for the establishment, exercise or defense of legal claims of our customers.

Finally, the transfer to third countries in the context of the use of social plugins is reserved (see Section 2.1). Both Google and LinkedIn are covered by the so-called Privacy Shield and thus offer an appropriate level of data protection in accordance with the GDPR and Article 6(1) of the Swiss Data Protection Act. You can find the European Commission's adequacy decision here, the guide to the Privacy Shield of the Federal Data Protection and Information Commissioner here (in German only).

7. How long do we store your personal data?

7.1 If you visit our website

We store the personal data as follows:

  • With respect to log files. The data will remain on our systems until the operational necessity ceases and the statutory or contractual deadlines expire and will then be deleted automatically. For most data, the maximum storage period is six months.
  • With respect to data of the contact form. The storage period depends on whether we have a customer relationship with you or your employer or principal. If this is the case, the storage period is ten years from the conclusion of the last mandate for the respective customer. Otherwise, the storage period is three months from submission of the contact form (i.e. contact requests that do not lead to a mandate will be deleted after three months).

7.2 When we provide our services

We store data that we process in the course of providing our services for a period of ten years from the conclusion of the last mandate for the respective customer. Data that we have collected without subsequently establishing a customer relationship will be stored for three years from the date of collection.

7.3 When we purchase goods or services

If you are our supplier, the storage period is ten years from completion of the last procurement from the respective supplier.

8. Do I have to provide my personal data?

For us to render our legal and notary services to you, you must provide us with at least the following personal data:

  • Name of the customer
  • At least the following contact information of the customer: address
  • At least the following contact information of a contact person of the customer: Name, e-mail address or landline or mobile number
  • Billing address of the customer
  • Data that we need to comply with regulatory requirements (e.g. anti-money laundering regulations)

Without these data we cannot open the customer relationship and cannot offer you any legal or notarial services.

9. What are your rights as a data subject in the European Union?

If your personal data is processed and the GDPR is applicable, you have the following rights towards us:

  • Right of access. You have the right to obtain a confirmation as to whether personal data concerning you is being processed. If this is the case, you can request access to the personal data and the following information:

    1. the purposes of the processing;
    2. the categories of personal data concerned;
    3. the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
    4. where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
    5. the existence of the right to request from us rectification or erasure of personal data or restriction of processing of personal data or to object to such processing;
    6. the right to lodge a complaint with a supervisory authority;
    7. where the personal data are not collected from you, any available information as to their source;
    8. the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

    You have the right to request information as to whether personal data concerning you is transferred to a third country or to an international organization. In this context, you have the right to be informed of the appropriate guarantees in accordance with Article 46 GDPR in connection with the transmission.

  • Right to rectification. You have the right to obtain the rectification of inaccurate personal data. We must effect the rectification without delay.

  • Right to restriction of processing. You have the right to obtain restriction of processing where one of the following applies:

    1. you contest the accuracy of the personal data, for a period enabling us to verify the accuracy of the personal data;
    2. the processing is unlawful, and you oppose the erasure of the personal data and request the restriction of their use instead;
    3. we no longer need the personal data for the purposes of the processing, but you require them for the establishment, exercise or defense of legal claims; or
    4. you have objected to processing pursuant to Article 21(1) GDPR pending the verification whether our legitimate grounds override those of you.

    Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

    We will inform you if we lift any restriction on data processing you have obtained according to the above conditions.

  • Right to erasure. You have the right to obtain the erasure of personal data without undue delay and we shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
    1. The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
    2. the data subject objects to the processing and there are no overriding legitimate grounds for the processing; or
    3. the personal data have been unlawfully processed.

    The right to erasure does not apply to the extent processing is necessary for the establishment, exercise or defense of legal claims.

  • Right to notification. If you have exercised your right of rectification, erasure or restriction, we shall communicate such rectification, erasure of data or restriction of processing to each recipient to whom personal data have been disclosed, unless this proves impossible or involves disproportionate efforts.
  • Right to object. You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on the legal basis of legitimate interest.

    We shall no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

  • Right to lodge a complaint with the supervisory authority. Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes the GDPR. A list of supervisory authorities can be found here.