This privacy notice («Privacy Notice») provides information on how your personal data will be processed by the Business Law Office Gal («we», «us») during the course of our business. We clarify which types of your personal data we process for what purposes and to what extent and provide general information about your rights as follows:
We process personal data in accordance with the Swiss Data Protection Act (Federal Act On Data Protection, FADP, of 19 June 1992) («CH-FADP») as well as the Ordinance to the Federal Act on Data Protection, OFADP, of 14 June 1993 («CH-OFADP») and – if and to the extent applicable – the EU General Data Protection Regulation (EU General Data Protection Regulation, GDPR, of 27 April 2016) («EU-GDPR»). The level of protection afforded by the CH-FADP is comparable to that of the EU-GDPR.
Pro memoria it should be mentioned that in individual cases other special legal sources in connection with data protection including, depending on the country of residence and/or domicile of the parties involved, also other national data protection requirements may be relevant.
Furthermore and among others, the professional secrecy must be observed (cf. in addition to the [mandate related] contractual confidentiality according to art. 398 of the Federal Act on the Supplement to the Swiss Civil Code of 30 March 1911, Part Five: Code of Obligations, «CO», in particular art. 321 Swiss Criminal Code of 21 December 1937, «SCC» and art. 13 Federal Act of 23 June 2000 on the Freedom of Movement for Lawyers, «Lawyer’s Act»,«FAFML») («Professional Secrecy Obligations»).
Hence, we may provide you with additional privacy notices where we believe that it is appropriate to do so (e.g. in connection with the attorney-client engagement agreement). Those additional notices supplement and should be read together with this Privacy Notice.
If you disclose personal data of other people to the Business Law Office Gal, we kindly ask you to ensure that you are allowed to share this personal data and that this personal data is correct.
1. RESPONSIBLE CONTROLLER FOR DATA PROCESSION
Responsible controller of the data file according to art. 3 lit. i. CH-FADP and, if and to the extent applicable, responsible controller according to art. 4 no. 7. of the EU-GDPR is the Business Law Office Gal, Else-Züblin-Strasse 94, CH-8404 Winterthur (see Imprint).
2. USE OF OUR WEBSITE
2.1 General Information, Definitions
When you use this website www.g-law.ch (https://www.g-law.ch) («Website») and its features and/or communicate with us via email or other channels such as e.g. the contact form, you consent that the Business Law Office Gal protects and processes your personal data according to this Privacy Notice.
Terms specific to data protection law, such as «personal data», «processing», «controller», «processor», etc. have the meaning ascribed to them in the CH-FADP or – if and to the extent applicable – in the EU-GDPR, depending on the context.
«Personal Data» means all data and information relating to a specific identifiable person.
This includes in particular contact data such as name, phone number, address or email address as well as user behavior.
2.2 Collection and Processing of Personal Data
2.2.1 Contracted Service Providers
If we use contracted service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail below about the respective processes.
In doing so, we also name the specified criteria for the storage duration.
We will inform you ad hoc and/or in the attorney-client engagement agreement about additional (cloud) services that may be used in individual cases as agreed (e.g. re video conferencing etc.).
2.2.2 Contact Via Email or Via the Contact Form
When contacting us by email or using the contact form, we will register the data you have provided to us (your email address, if applicable, your name and telephone number, text and other enclosed data) in order to answer your questions.
We delete the data that arise in this context after the storage is no longer required, or limit the processing if there are statutory retention requirements.
Regarding the risks of electronic communication and/or unsolicited information and documents sent to us prior to the completion of the attorney-client engagement acceptance process see (also) Imprint.
2.2.3 Collection of Personal Data When Visiting Our Website
2.2.3.1 Server Log Files
In the case of merely informative use of the Website, i.e. if you do not provide us otherwise with information, we will only collect the personal data that your browser transmits to our server.
If you wish to view our Website, we collect the following data, which is technically necessary for us to show you our Website and to ensure the stability and security (legal basis is art. 13 para. 2 CH-FADP and – if and to the extent applicable – art. 6 para. (1) sentence 1 lit. f) EU-GDPR; legitimate interests):
- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific subpage)
- Access Status / HTTP status code
- Website from which the request comes, in particular if the request is posted from another website or this Website is shared.
- Browser
- Operating system and its surface
- Version of the browser software, if available
2.2.3.2 Cookies, Tracking and Other Techniques Regarding the Use of Our Website
2.2.3.2.1 Definitions
In addition to the aforementioned data, cookies can be saved on your computer when you use a website. Cookies are small text files that are stored on your hard drive and assigned to the browser you are using, and through which certain information flows to the location that sets the cookie.
Cookies can not run programs or transmit viruses to your computer. They serve to make an internet offer more user-friendly, effective and secure overall.
a) No Own Cookies
This Website currently does not use any cookies, neither transient, persistent or other types of cookies.
b) Third-Party-Cookies
Regarding cookies possibly used by third parties, see in particular no. 2.2.3.3 (Embedded Functions as well as Content from Other Websites) and no. 2.8 (Social Media).
c) Right to Refuse Cookies
You can configure your browser settings according to your wishes and e.g. refuse to accept third-party-cookies or all cookies. We would like to point out that you may not be able to use all functions of this Website.
2.2.3.3 Embedded Functions and Content From Other Websites
2.2.3.3.1 Basics
Functional and content elements can be included in the online offer on this Website, i.e. embedded content that is obtained from the servers of the respective providers («Third-party Providers» or «Service Providers») (e.g. images, articles, social media buttons, etc.). Embedded content from other websites (“Embedded Third-Party Content”) behave as if the visitor had visited the other website.
The integration includes assuming that the Third-party Providers of this content process the IP address of the users, since they can not send the content to the browser without an IP address.
These websites can collect data about you, use cookies, embed additional third-party tracking, monitor your interaction with the embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to this Website.
2.2.3.3.2 Used Third-Party Provider/Service Provider
As to the Social Media provider LinkedIn and Twitter see no. 2.8.
a) Shutterstock Contents
This Website integrates images of Shutterstock.
Address of the Service Provider:
Shutterstock, Inc., a Delaware corporation with its office at Shutterstock, Inc., 350 Fifth Avenue, 21st Floor, New York, NY 10118, United States
Privacy Policy and Terms of Use:
https://www.shutterstock.com/privacy
https://www.shutterstock.com/terms
Privacy Shield (guaranteeing the level of data protection when processing data in the U.S.A.):
Shutterstock has submitted to the Swiss-U.S.-Privacy-Shield and the EU-U.S.-Privacy-Shield:
Privacy Shield Participant List:
https://www.privacyshield.gov/participant?id=a2zt0000000KzOdAAK&status=Active
Swiss-U.S. Privacy Shield Framework:
https://legacy.trade.gov/td/services/odsi/swiss-us-privacyshield-framework.pdf
EU-U.S. Privacy Shield Framework:
https://www.privacyshield.gov/servlet/servlet.FileDownload?file=015t00000004qAg
b) reCAPTCHA
We integrate the «reCAPTCHA», v2 (version 2), function to detect bots when making entries in the online contact form. The behavior data of the users (e.g. mouse movements or queries) are evaluated in order to be able to distinguish people from bots.
Address of the Service Provider:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland
Parent Company:
Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, U.S.A.
reCAPTCHA Website:
https://www.google.com/recaptcha/intro/v3.html
https://developers.google.com/recaptcha
https://developers.google.com/recaptcha/intro (Guide/version 2)
Privacy Policy and Terms of Use:
https://policies.google.com/privacy?hl=en
https://policies.google.com/terms?hl=en
Privacy Shield (guaranteeing the level of data protection when processing data in the U.S.A.):
Google has submitted to the Swiss-U.S.-Privacy-Shield and the EU-U.S.-Privacy-Shield:
Privacy Shield Participant List:
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
Swiss-U.S. Privacy Shield Framework:
https://legacy.trade.gov/td/services/odsi/swiss-us-privacyshield-framework.pdf
EU-U.S. Privacy Shield Framework:
https://www.privacyshield.gov/servlet/servlet.FileDownload?file=015t00000004qAg
Google Analytics Opt-out Browser Add-on:
https://tools.google.com/dlpage/gaoptout?hl=en
Your Privacy Controls/Ad settings/Ad personalization:
https://policies.google.com/privacy?hl=en#infochoices
https://adssettings.google.com/authenticated?hl=en
c) Google Fonts
We integrate fonts from Google LLC («Google Fonts») on our Website. In order to integrate the fonts from Google Fonts into this Website, your browser connects to the Google server. Data is used solely for the purpose of displaying the fonts in the user’s browser. The IP address of your device is transmitted to Google and the recordings of the font file queries are logged and protected against unauthorized access. Google also uses aggregated data to optimize Google Fonts and to recognize which websites use Google Fonts.
Google Fonts Website:
https://fonts.google.com/about
Address of the Service Provider:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland
Parent Company:
Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, U.S.A.
Privacy Policy and Terms of Use :
https://policies.google.com/privacy?hl=en
https://policies.google.com/terms?hl=en
Privacy Shield (guaranteeing the level of data protection when processing data in the U.S.A.):
Google has submitted to the Swiss-U.S.-Privacy-Shield and the EU-U.S.-Privacy-Shield:
Privacy Shield Participant List:
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
Swiss-U.S. Privacy Shield Framework:
https://legacy.trade.gov/td/services/odsi/swiss-us-privacyshield-framework.pdf
EU-U.S. Privacy Shield Framework:
https://www.privacyshield.gov/servlet/servlet.FileDownload?file=015t00000004qAg
2.3 Potential Other Functions and Offers on Our Website
2.3.1 Potential Optional Services
In addition to the purely informational use of our website, we may offer in the future various services that you can use if you are interested. To do this, you generally have to provide further personal data that we use to provide the respective service and apply to the aforementioned data processing principles.
2.3.2 External Service Providers
We sometimes use external service providers to process your data such as e.g. the hosting services provider for this Website. These have been carefully selected and commissioned by us (in particular e.g. by entering into an Order-related Data Processing Agreement, DPA, incorporating recognized standard contractual clauses), are bound by our instructions and are regularly checked.
All servers of our hosting services provider, who provides webhosting services including the sending, receiving and storing of emails, are located in Switzerland.
2.3.3 Disclosure of Data to Third Parties
Furthermore, we can pass on your personal data to third parties if we offer contracts or similar services together with partners. You will receive more information on this when you provide your personal data or below in the description of the offer.
2.3.4 Transfer of Data Abroad
If our service providers or partners are based in a country outside of Switzerland or – if and to the extent the EU-GDPR applies – outside of the European Economic Area, we will inform you about the consequences of this in the description of the offer.
In such a case, the Business Law Office Gal will ensure that it complies with – if and as far as applicable – the provisions of the EU-GDPR or with similar provisions of the CH-FADP relating to the transfer of data to third countries (such as e.g. by selection of a service provider/processor that is subject to the Swiss-U.S. or EU-U.S. Privacy Shield, or by incorporating recognized standard contractual clauses for the transfer of personal data to service providers/processors in third countries).
2.4 Objection Against Or Withdrawal of the Processing of Your Data
2.4.1 Withdrawal of Consent
If you have given your consent to the processing of your data, you can revoke it at any time.
Such a revocation affects the admissibility of processing your personal data after you have given it to us.
2.4.2 Objection to Data Processing When Balancing Interests
If we base the processing of your personal data on the balancing of interests, you can object to the processing.
This is the case if the processing is not necessary in particular to fulfill a contract with you which is described by us in the following description of the functions.
However, no objection can e.g. be made to the purely informational offer of this Website (without additional functions).
When exercising such an objection, we kindly ask you to explain the reasons why we should not process your personal data as we have done.
In the event of your justified objection, we will examine the situation and either stop or adjust the data processing or show you our compelling reasons worthy of protection, on the basis of which we will continue the processing.
2.4.3 Objection Against Direct Marketing
Of course, you can object to the processing of your personal data for advertising and data analysis purposes at any time.
You can inform us about your objection to advertising using the following contact details: Business Law Office Gal, Else-Züblin-Strasse 94, CH-8404 Winterthur (see Imprint).
2.5 Special Forms of Use of Our Website
Currently, we do not offer any other services besides the purely informational Website-use via our Website such as e.g. a blog function or a forum etc.
2.6 Newsletter
Currently, we do not offer besides the purely informational Website-use a Newsletter that can be subscribed to via our Website.
2.7 Web Analytics/Tracking Systems
This Website does not use any tracking systems such as e.g. Google Analytics.
Regarding the systems used by third parties, see e.g. no. 2.2.3.3 (Embedded Functions and Content from Other Websites) and no. 2.8 (Social Media) of this Privacy Notice.
2.8 Social Media
2.8.1 Use of Social Media Plug-ins
2.8.1.1 Social Media Plug-ins Used
We currently use the following social media plug-ins: LinkedIn and Twitter (social icons with links and social feed).
We use the so-called two-click solution. This means that when you visit our Website, no personal data is initially passed on to the providers of the plug-ins («Social Media Plug-in Provider»). You can recognize the provider of the plug-ins by the logo at the bottom left of the Website.
We give you the opportunity to communicate directly with the provider of the plug-in using the button. The plug-in provider only receives the information that you have called up the corresponding Website of our online offer if you click on the marked field and thereby activate it.
In addition, in particular the data as mentioned under nos. 2.2.3.1 (Server Log Files) and 2.2.3.2 (Cookies) in this Privacy Notice are transferred.
Hence, by activating the plug-in, personal data is transmitted from you to the respective Social Media Plug-in Provider and stored there (for U.S. providers in the U.S.A.).
Since the Social Media Plug-in Provider collects data in particular using cookies, we recommend that you delete all cookies via the security settings of your browser before clicking on the greyed-out box.
2.8.1.2 Data Collection and Processing by Social Media Plug-in Providers
We have no influence on the data collected and data processing operations, nor are we aware of the full scope of data collection, the purposes of processing, the storage periods.
We also have no information on the deletion of the data collected by the Social Media Plug-in Provider.
2.8.1.3 Data Stored by Social Media Plug-in Providers
The Social Media Plug-in Provider saves the data collected about you as usage profiles and uses them for the purposes of advertising, market research and/or to design its website to meet your needs. Such an evaluation is carried out in particular (also for users who are not logged in) to display needs-based advertising and to inform other users of the social network about your activities on our Website.
You have a right to object to the creation of these user profiles, whereby you must contact the respective Social Media Plug-in Provider to exercise them.
With the plug-ins, we offer you the opportunity to interact with social networks and other users, so that we can improve our offer and make it more interesting for you as a user.
The legal basis for using the plug-ins is art. 13 para. 1 CH-FADP and, if and as far as applicable, art. 6 para. (1) sentence 1 lit. f) EU-GDPR (legitimate interests).
2.8.1.4 Data Transfer
The data is passed on regardless of whether you have an account with the Social Media Plug-in Provider and are logged in there.
If you are logged in with the Social Media Plug-in Provider, your data collected from us will be assigned directly to your account with the Social Media Plug-in Provider. If you press the activated button and e.g. link the page, the Social Media Plug-in Provider also stores this information in your user account and shares it publicly with your contacts.
We recommend that you log out regularly after using a social network, but especially before activating the button, as this way you can avoid being assigned to your profile by the Social Media Plug-in Provider.
2.8.1.5 Data Protection Declarations of the Social Media Plug-in Providers
Further information on the purpose and scope of the data collection and its processing by the Social Media Plug-in Provider can be found in the data protection and further related user terms and conditions of these Social Media Plug-in Providers given below.
There you will also find further information about your rights and setting options to protect your privacy.
2.8.1.6 Addresses of the Respective Social Media Plug-in Providers and URL With Their Data Protection Information
2.8.1.6.1 LinkedIn
Address of the social media Plug-in Provider:
LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, U.S.A.
Privacy Policy, Cookie Policy and User Agreement:
https://www.linkedin.com/legal/privacy-policy
https://www.linkedin.com/legal/cookie-policy
https://www.linkedin.com/legal/user-agreement
Privacy Shield (guaranteeing the level of data protection when processing data in the U.S.A.):
LinkedIn has submitted to the Swiss-U.S.-Privacy-Shield and the EU-U.S.-Privacy-Shield:
Privacy Shield Participant List:
https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active
Swiss-U.S. Privacy Shield Framework:
https://legacy.trade.gov/td/services/odsi/swiss-us-privacyshield-framework.pdf
EU-U.S. Privacy Shield Framework:
https://www.privacyshield.gov/servlet/servlet.FileDownload?file=015t00000004qAg
2.8.1.6.2 Twitter
Address of the social media Plug-in Provider :
Twitter Inc., 1355 Market St, Suite 900, San Francisco, California 94103, U.S.A.
Privacy Policy, Cookies and Terms of Service, Ads Info:
https://twitter.com/en/privacy
https://help.twitter.com/en/rules-and-policies/twitter-cookies
https://twitter.com/en/tos
https://business.twitter.com/en/help/troubleshooting/how-twitter-ads-work.html
Privacy Shield (guaranteeing a comparable level of data protection when processing data in the U.S.A.):
Twitter has submitted to the Swiss-U.S.-Privacy-Shield and the EU-U.S.-Privacy-Shield :
Privacy Shield Participant List:
https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active
Swiss-U.S. Privacy Shield Framework:
https://legacy.trade.gov/td/services/odsi/swiss-us-privacyshield-framework.pdf
EU-U.S. Privacy Shield Framework:
https://www.privacyshield.gov/servlet/servlet.FileDownload?file=015t00000004qAg
2.8.2 Other Social Media Plug-in Services
Currently we do not use other social media online presence plug-in services. As to embedded functional and content elements see no. 2.2.3.3 hereinabove.
2.9 Online Advertising
This Website does not use any online advertising services such as GoogleAdSense etc.
2.10 Purpose of the Data Processing and Legal Basis
In sum, the legal basis for the processing of personal data by us when visiting our Website is mainly art. 13 para 2 lit. a. CH-FDPA and, if and to the extent applicable, art. 6 para. (1) subpara. (1) lit. b) EU-GDPR (processing in direct connection with the conclusion or processing of a contract) as well as art. 13 para. 1 CH-FDPA and, if and to the extent applicable, art. 6 para. (1) subpara. (1) lit. a), c) and f) EU-GDPR (consent of the person concerned or justification by law and legitimate interests, unless the interests or fundamental rights and freedoms of the data subject that requires the protection of personal data outweigh).
3. LEGAL SERVICES
3.1 Data Subjects
As far as it is necessary for the completion of the attorney-client engagement acceptance process and for the handling and management of client matters, Business Law Office Gal will process personal data of the following persons:
- (Prospective) clients, their representatives, employees, corporate bodies and beneficial owners as well as related persons
- Third parties and other business contacts as well as their respective representatives and employees, such as (in)direct proprietors, business and contractual partners as well as advisors of the (prospective) clients
- (Potential) opponents of the (prospective) clients in a legal dispute and their legal advisors as well as in each case the representatives of the aforementioned persons
- Employees of authorities and courts
- Witnesses and experts
3.2 Type of Processed Personal Data
As far as it is necessary for the completion of the attorney-client engagement acceptance process and for the handling and management of client matters, Business Law Office Gal may in particular process the following categories of personal data:
- First and last name as well as form of address and title if applicable
- Contact details (address, email address, telephone number etc.)
- Nationality
- Information on occupation
- Business interests
- Information on income and financial circumstances
- Other personal data that are necessary for the determination and legal assessment of the facts of the matter and the provision of appropriate legal advice and representation of the client in connection with the matter
- Information of all kind from correspondence, contacts and interactions with us that is revealed to us in the course of our services or collected by us
In individual cases, the data processed by the Business Law Office Gal may also include special categories of personal data within the meaning of art. 3 CH-FADP (cf. also art. 9 EU-GDPR) such as e.g. data concerning health (art. 3 lit. c. para. 2. CH-FADP) and data on administrative and criminal prosecution and sanctions in the sense of art. 3 lit. c. para. 4 CH-FADP (cf. also art. 10 EU-GDPR criminal convictions and offences).
Regarding the contact via email or via the contact form as well as the risks of electronic communication and/or unsolicited information and documents sent to us prior to the completion of the attorney-client engagement acceptance process see (also) no. 2.2.2 of this Privacy Notice hereinabove and Imprint.
Where you fail to provide the necessary information requested to process the attorney-client engagement acceptance process and/or the mandate, we will not be able to start working for you.
3.3 Sources of the Personal Data Processed by Us
The Business Law Office Gal receives personal data either directly from the data subjects (e.g. when corresponding with contact persons at the client and/or opposing party) or from the following sources:
- Clients and their representatives, employees, corporate bodies and beneficial owners as well as third parties clients have dealings with (employers, other organizations)
- Courts and (regulatory) authorities, government agencies (e.g. when inspecting files and/or receiving information)
- Other third parties involved and their respective representatives, other professional advisers and employees (e.g. parties to the proceedings, witnesses, other law firms etc.)
- Publicly accessible sources (public registers, internet searches)
3.4 Purpose of the Data Processing and Legal Basis
The Business Law Office Gal will process data in connection with a client matter for the following purposes:
to fulfill legal requirements to identify the client and the beneficial owners associated with the client. The legal basis for this processing is art. 13 para. 1 CH-FADP (cf. also art. 6 para (1) subpara. (2) lit. c) EU-GDPR; justification by law).
- to check for possible conflicts of interest befor accepting a matter
- to determine and legally assess the facts of the matter
- to provide legal advice and represent the client according to the attorney-client engagement agreement
- to correspond with clients, authorities, courts and other parties involved
- to run our Law Office’s business (e.g. carry out administrative or operational processes, to issue invoices)
- to process and assert other claims arising from the client relationship
- to monitor and analyze our business
- to improve our services and products
The legal basis for these processing activities is, as far as personal data of the client is processed, art. 13 para. 2 lit. a. CH-FADP (cf. also art. 6 para. (1) subpara. (1) lit. b) EU-GDPR; processing in direct connection with the conclusion or processing of a contract); otherwise art. 13 para. 1 CH-FADP (cf. also art. 6 para. (1) subpara (1) lit. f) EU-GDPR; legitimate interests in particular the provision of legal services).
The legal basis under Swiss law for the disclosure/transfer of special categories of personal data is art. 3 lit. c. in conjunction with art. 12 para. 2 lit. c., art. 13 and art. 14 CH-FADP (justification such as e.g. express consent on disclosure to third parties) (cf. generally already in connection with the processing also art. 9 para. (2) lit. f) EU-GDPR [processing necessary for the establishment, exercise or defence of legal claims] in conjunction with the provisions of art. 6 EU-GDPR mentioned in the previous section).
If you or the organization for which you are acting are a client and you fail to provide information that we require at all or on time as requested, we may not be able to provide our services and continue our engagement.
3.5 Data Transfer
As far as this is necessary to work on a client matter, the Business Law Office Gal will transfer personal data to the following recipients:
- Clients
- Authorities and courts
- Other third parties. These include related parties, direct and indirect proprietors of the client, business and contractual partners as well as advisors of the client, (potential) counterparties in a legal dispute and their legal advisors.
In individual cases, data will also be transferred to recipients in third countries outside Switzerland or the European Union or the European Economic Area for which Switzerland or the European Commission has not formally established the existence of an adequate level of data protection in accordance with art. 6 para. 1 in conjunction with art. 31 para. 1 lit. d. CH-FADP and art. 7 CH-OFADP (cf. also art. 45 para. 3 and art. 46 EU-GDPR).
Insofar as the transfer is not necessary for the establishment, exercise or defence of legal claims (art. 6 para. 2 lit. d. CH FADP; cf. also Art. 49 para. (1) subpara. (1) lit. e) EU-GDPR), and there is no other reason for the transfer pursuant to art. 6 para. 2 lit. b. – g. CH-DSG (vgl. auch art. 49 para. (1) EU-GDPR), appropriate safeguards for the protection of the personal data at the recipient are provided for, generally in the form of data protection agreements on the basis of so-called standard data protection clauses pursuant to art. 6 para. 2 lit. a. CH-FADP in conjunction with art. 6 para. 3 CH-OFADP (cf. also art. 46 para. (2) lit. c) EU-GDPR).
4. BUSINESS RELATIONS INDEPENDENT OF A CLIENT MATTER
4.1 Data Subjects
The Business Law Office Gal processes personal data in the course of its cooperation with service providers and other business partners («Business Partners») and their employees as well as generally when you request information from us or provide information to us.
4.2 Type of Processed Personal Data
Business Law Office Gal may in particular process the following categories of personal data as far as they are necessary to establish or implement its contractual relationships with the business partner:
- First and last name as well as form of address and title, if applicable
- Contact details (address, email address, telephone number etc.)
- Information on occupation
- Bank/postal account details
Regarding the contact via email or via the contact form as well as the risks of electronic communication and/or unsolicited information and documents sent to us prior to the completion of the attorney-client engagement acceptance process see (also) no. 2.2.2 of this Privacy Notice and Imprint.
4.3 Sources of the Personal Data Processed by Us
As far as the Business Law Office Gal does not receive personal data directly from the data subjects (e.g. when corresponding with contact persons at the business partner), the data usually come from the Business Partner as the employer of the data subject.
4.4 Purpose of the Data Processing and Legal Basis
The Business Law Office Gal processes the personal data mentioned in no. 4.2 of this Privacy Notice for the establishment, implementation and processing of the contractual relationship with the Business Partner.
The legal basis for these processing activities is, as far as personal data of the Business Partner is processed, art. 13 para. 2 lit. a. CH-FADP (cf. also art. 6 para. (1) subpara. (1) lit. b) EU-GDPR; processing in direct connection with the conclusion or processing of a contract); otherwise art. 13 para. 1 CH-FADP (cf. also art. 6 para. (1) subpara. (1) lit. f) EU-GDPR; legitimate interests).
5. DATA PRIVACY INFORMATION FOR INTERESTED PARTIES WHO HAVE CONSENTED TO RECEIVE INFORMATION
If you have consented to receive information about current legal developments (currently we do not yet offer a formal newsletter, cf. no. 2.6 hereinabove) and/or (also virtual) events of Business Law Office Gal, then we will use your contact information (first name and last name as well as form of address and title, if applicable, business address and position, email address, business interests and interactions with us) to send you the requested information (generally by email).
The legal basis for this processing is art. 13 para. 1 CH-FADP(cf. also art. 6 para. (1) subpara. (1) lit. a) EU-GDPR; consent).
You may revoke your consent at any time with effect for the future. If you revoke your consent, we will no longer send you information and delete your contact information.
The same applies, whether or not you revoke your consent, if we have had no contact with you for more than two years.
Your contact information will not be deleted if we have a right or obligation to continue to store your information for other legal reasons (e.g. in connection with working on a client matter).
If we invite you to an event based on your consent, we may process the aforementioned data in order to provide you with a registration form that has already been filled out.
If you register for the event, we will process your name as well as what company or entity you work for and in what position, so that we can provide you and the other attendees with a list of all those who will be attending. The legal basis for this processing is art. 13 para. 1 CH-FADP (cf. also art. 6 para. (1) subpara. (1) lit. f) EU-GDPR; legitimate interests).
6. TRANSFER OF PERSONAL DATA TO THIRD PARTIES
Except as stated in this Privacy Notice, the Business Law Office Gal will not transfer your data to any third parties without your express consent and considering the Professional Secrecy Obligations, unless we are required to do so by law, regulatory directive or court order.
Regarding the data transfer cases stated in this Privacy Notice, cf. e.g. hereinabove no. 2.2.3.2.2.b) regarding the right to refuse to accept third-party or all cookies, no. 2.2.3.3 Embedded Functions and Content from Other Websites, no. 2.3.3 Disclosure of Data to Third Parties, no. 2.3.4 Transfer of Data Abroad, no. 2.8.1.1 para. 5, no. 2.8.1.2, no. 2.8.1.3 and no. 2.8.1.4 re transfer of personal data to and data collection and processing by the Social Media Plug-in Providers LinkedIn and Twitter as well as no. 3.5 Data Transfer in connection with the provision of legal services.
Furthermore, Business Law Office Gal works with companies and other entities with particular expertise in individual areas or certain specialized subjects (e.g. auditors, tax experts, consulting firms, logistics service providers) as well as with other third parties who provide services on our behalf and we may share your personal data with them, e.g. with banks, insurance companies or IT service providers, who may have access to your personal data when providing software support.
These are either subject Professional Secrecy Obligations or have been obliged by Business Law Office Gal to maintain confidentiality.
Should it be necessary to forward personal data to them, the legal basis for this is art. 13 para. 2 lit. a. CH-FADP or art. 13 para. 1 CH-FADP (cf. art. 6 para. (1) sentence 1 lit. b) or lit. f) EU-GDPR; processing in direct connection with the conclusion or processing of a contract or legitimate interests).
7. RETENTION
We store your personal data for as long as necessary for the purpose stated in this Privacy Notice, in particular to fulfill our contractual and legal as well as regulatory obligations.
If necessary, we will also store your personal data for other purposes if and as long as the law permits the storage for these purposes, in particular for the defence of legal claims or for as long as legitimate interests, including data security require.
8. DATA SECURITY
This Website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content. You can recognize an encrypted connection by the fact that the address line of the browser changes from «http://» to «https://» and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us can not be read by third parties.
In addition, we use other appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or total loss, destruction or unauthorized access by third parties, improper use or disclosure.
However, we would like to point out that data transmission over the Internet (e.g. communication by email) can have security gaps (see also Imprint). A complete protection of data against access by third parties is not possible.
Our possible partners, employees and third-party service providers who have access to confidential information including personal data are subject to confidentiality obligations.
9. YOUR CHOICES AND RIGHTS
You have the following rights towards us with regard to your personal data:
- Right to information
and, if certain legal requirements are satisfied:
- Rights to correction or deletion
- Right to restriction of processing
- Right to object to processing
- In particular if and and to the extent the EU-GDPR applies and we carry out processing for performance of a contract or based on your consent:
Right to data portability, i.e. the right to receive the personal data you provided in a structured, common and machine-readable format. This includes the right to transfer such data to another controller. If technically feasible and legally allowed, you may also demand that the Business Law Office Gal transfer your personal data directly to other controllers.
Art. 12, 13 and 15 CH-FDPA provide for a broad right to object. The responsible controller can, among others, justify non-compliance with an objection based on overriding private or public interest as well as on law (cf. also no. 2.4 hereinabove).
If the processing of your personal data is based on a weighing of interests within the meaning of – if and to the extent applicable – Art. 6 para. (1) subpara. (1) lit. f) EU-GDPR (legitimate interests), you have the right to object to this processing under the conditions described in art. 21 EU-GDPR.
If you have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific purpose at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for this specific purpose you originally agreed to, unless we have another legitimate basis for doing so.
Moreover, also for the choices and rights mentioned under this no. 9. exceptions and restrictions apply. In particular, your personal data may have to be processed and stored in order to fulfill a contract with you or to protect our own legitimate interests such as the assertion, exercise or defense of legal claims or to comply with legal obligations.
To the extent legally permissible or even required, we might reject your data protection-related requests or only partially comply with your requests. This is particularly to protect the rights and freedoms of other persons concerned as well as to protect our own legitimate interests (e.g. non-disclosure and security interests as well as consideration of our business resources and opportunities). In particular, Professional Secrecy Obligations must always be taken into account.
To the exent legally required, we will inform you about the reasons for our decision.
We may charge a fee for access if the relevant data protection legislation allows us to do so, in which case we will inform you as required by the law.
You also have the right to complain to the competent data protection supervisory authority about the processing of your personal data by us (see Imprint).
Last modified: 11 May 2020