Data Privacy Statement
weber schaub ltd (hereinafter weber schaub & partner, we or us), a law firm based in Zurich, attaches great importance to the privacy of the individuals whose data it processes and is committed to the protection of this personal data – i.e. all information on the basis of which someone can be identified as an individual person.
With this Data Privacy Statement we therefore would like to inform you about
- who is responsible for the processing (controller) of personal data (Section 2);
- which personal data is collected and processed (Section 3);
- how and from whom the personal data is collected and processed (Section 4);
- the purpose and the legal grounds for our processing of personal data
- to whom we transfer the personal data (Section 6);
- how long we retain the personal data (Section 7); and
- what your rights as a data subject (affected person) are (Section 8).
While collecting, processing, transferring and retaining personal data, we and our employees not only comply with this Data Privacy Statement but also with the applicable data protection provisions – mainly the Swiss Data Protection Act (DPA) and its ordinance. Since we also maintain business relationships with partners established in the European Union (EU) or in the European Economic Area, we have aligned our Data Privacy Statement with the requirements according to the EU General Data Protection Regulation (GDPR).
If you provide us with personal data of other persons (such as employees, family members, work colleagues), please make sure the respective persons are aware of this Data Privacy Statement and only provide us with their data if you are allowed to do so and if such personal data is correct.
2. Responsibility for Data Processing
weber schaub & partner is responsible for the data processing as described in this Data Privacy Statement, unless indicated otherwise. If you have any concerns regarding data protection, you can contact us via e-mail (email@example.com) or via postal service to the following address: weber schaub & partner ag, Mühlebachstrasse 2, Postfach 22, 8024 Zurich.
3. Collection and Processing of Personal Data
We primarily process personal data that we receive from our clients and their employees, from authorities, courts or other third parties (e.g. counterparties, business and contractual partners of our clients) in the course of our client relationships. We also collect certain personal data when you visit our website (weber-schaub.ch) or - where appropriate and permitted - from publicly accessible sources (e.g. the Internet, press, land register, debt enforcement register or commercial register).
The categories of personal data that we collect and process include, but are not limited to, the following
- personal details and contact information such as name, gender, date of birth, address, telephone number, country or place of residence and religion (the latter mainly in connection with tax returns) and, if applicable, health data in the context of an estate planning or inheritance dispute;
- personal data in connection with communications such as correspondence with you or with business partners about you by letter, e-mail, telephone or other means of communication;
- information about you provided by people close to you (family, advisors, guardians, health care proxy and other representatives, etc.);
- professional and tax information such as your employer's contact details, salary and asset data or details of professional functions and activities as well as any creditworthiness information insofar as we conclude transactions with you personally;
- information from banks, insurance companies and other business partners of ours to process services with you (e.g. debt collection);
- automatically transmitted or collected personal data in connection with the use of our website (e.g. date and time of use, previous and accessed page, IP address, data on the browser used, device identification, current location, insofar as this information is released - otherwise we deliberately refrain from collecting such data as far as possible, cf. Section 5);
- information from the media and internet about your person (if this is appropriate in the specific case, e.g. in the context of a job application or marketing), and if necessary your interests and other socio-demographic data (for marketing).
We operate pages and other online presences on social networks and other platforms operated by third parties and process data about you in this context. In doing so, we receive data from you (e.g. when you communicate with us or comment on our content) and from the platforms (e.g. statistics). The providers of the platforms may analyse your usage and process this data together with other data they have about you. They also process this data for their own purposes (e.g. marketing and market research purposes and to manage their platforms), and act as their own data controllers for this purpose. For more information on the processing by the platform operators, please refer to the privacy statements of the respective platforms.
We are entitled but not obliged to check third-party content before or after its publication on our online presences, to delete content without notice and, if necessary, to report it to the provider of the platform concerned.
Some platform operators may be located outside of Switzerland. Information on data disclosure abroad can be found below under Section 6.
4. Purposes of Processing and Legal Basis
We use the personal data we collect primarily to conclude and process our contracts with you and business partners, in particular in the context of legal and tax advice. We also process personal data when purchasing services from our auxiliary persons (in particular legal and tax advisors/experts in Switzerland and abroad) and when purchasing products from our suppliers. The processing of personal data also serves to comply with our legal obligations in Switzerland and abroad. If you work for one of our clients or business partners, your personal data may also be affected in this capacity.
In addition, we also process personal data of clients and other persons, as far as we are permitted to do so and it appear to be appropriate, for the following purposes in which we (and sometimes also third parties) have a legitimate interest corresponding to the purpose:
- asserting legal claims and defence in legal disputes and official proceedings;
- communicating with third parties and processing their requests (e.g. providing reference information);
- any transactions under company law and related transfers of personal data as well as measures for business management and compliance with legal and regulatory obligations as well as internal regulations of weber schaub & partner;
- further development of our services, offers and website or other communication channels on which we are active;
- advertising and marketing (including the organisation of events), insofar as you have not objected to the use of your personal data for this purpose (if we send you advertising as an existing client, you can object to this at any time and we will then put you on a list against further advertising mailings);
- guarantees of our operations, in particular the IT and our other infrastructure and their appropriate security, our websites and other platforms;
- Risk and business management.
If you have given us consent to process your personal data for certain purposes, we will process your personal data within the scope of and based on this consent, insofar as we have no other legal basis and we require such a basis. Consent given can be revoked at any time, but this has no effect on data processing that has already taken place.
In general, there is no legal obligation for you to provide us with your personal data. However, this data is regularly required for the establishment and implementation of a mandate or business relationship and its fulfilment as well as the associated contractual obligations. Without this data, we will therefore often not be in a position to enter into a client relationship with you or to conclude or execute a contract with you (or a person you represent). Also, our website cannot be used or can only be used with restrictions if certain information to secure data traffic (such as IP‑ address) is not disclosed or certain settings are not activated (e.g. cookies).
We obtain and process personal data to comply with applicable laws (e.g. anti-money laundering, tax obligations or our professional obligations), self-regulations, certifications, industry standards, our corporate governance and for internal as well as external investigations to which we are a party (e.g. by a law enforcement or supervisory authority or a mandated private body).
If you apply for a job with us, we obtain and process the relevant data for the purpose of reviewing the application, carrying out the application procedure and, in the case of successful applications, for the preparation and conclusion of a corresponding contract. For this purpose, in addition to your contact details and the information from the corresponding communication, we also process the data contained in your application documents and the data as we can additionally obtain about you, for example from job-related social networks, the Internet, the media and from references, if you consent to us obtaining references.
5. Use of our Website: Cookies, Tracking and Other Technologies
When using our website, data is generated that is stored in logs (in particular technical data). In addition, we use "cookies" and similar techniques on our website to identify your browser or device. A cookie is a small text file that is sent to your computer and automatically saved on your computer or mobile device by the web browser you use when you visit our website. This allows us to recognise you when you return to this website, even if we do not know your identity. In addition to cookies that are only used during a session and deleted after your visit to the website ("session cookies"), cookies can also be used to store user settings and other information for a certain period of time (e.g. two years) ("permanent cookies"). However, you can set your browser to reject cookies, save them for one session only or otherwise delete them prematurely. Most browsers are preset to accept cookies. We use permanent cookies to help us understand how you use our services and content. If you block cookies, certain functionalities (such as language settings) may no longer be available to you.
Both the technical data collected by us and cookies do not generally contain any personal data. However, personal data that we or third-party providers commissioned by us store from you (e.g. if you have a user account with us or these providers) may be linked to the technical data or to the information stored in and obtained from cookies and thus possibly to your person.
We also use social media plug-ins. These are small pieces of software that create a connection between your visit to our website and a third-party provider. The social media plug-in tells the third-party provider that you have visited our website and may send the third-party provider cookies that they have previously placed on your web browser. For more information on how these third-party providers use your personal data collected via their social media plug-ins, please refer to their respective data privacy statements.
We use Google Analytics or similar services on our website. These are services provided by third parties that may be located in any country in the world (in the case of Google Analytics it is Google LLC, www.google.com) and with which we can measure and evaluate the use of the website (on an anonymised basis). For this purpose, permanent cookies set by the service provider are used. The service provider does not receive any personal data from us (and does not keep any IP addresses), but can track your use of the website, combine this information with data from other websites that you have visited and which are also tracked by the service provider, and use these findings for its own purposes (e.g. controlling advertisements). If you have registered with the service provider yourself, the service provider also knows you. The processing of your personal data by the service provider then takes place under the responsibility of the service provider in accordance with its data protection regulations. The service provider only informs us how our website is used (no personal information on you).
6. Disclosure of Personal Data
In the context of our business activities and for the purposes pursuant to Section 4 we may disclose your personal data to third parties where this is permitted and appears to us to be appropriate. The main reasons for this are that such third parties process the personal data for us or require it for their own purposes. If necessary, we obtain your consent for this or have our supervisory authority release us from our professional duty of confidentiality. This concerns the following recipients in particular:
- clients as well as companies affiliated with them and their counterparties in Switzerland and abroad;
- other parties in potential or actual legal and tax proceedings;
- domestic and foreign (tax) authorities, official agencies or (arbitration) courts;
- suppliers and auxiliary persons of ours (such as, in particular, legal and tax advisors consulted in Switzerland and abroad);
- service providers of ours (such as banks or insurance companies including order processors (e.g.: IT providers);
- media, public, including website visitors and social media;
- any counterparties or interested parties in the context of transactions under company law;
all together "recipients". All these recipients may in turn involve third parties, so that your data may also become accessible to them. We can restrict processing by certain third parties (e.g. IT providers), but not by other third parties (e.g. authorities, banks, etc.).
We process and store personal data mainly in Switzerland and the European Economic Area (EEA), but potentially in any country in the world, depending on the case - for example, via subcontractors of our service providers or in proceedings before foreign courts or authorities. If we transfer personal data to a country without adequate legal data protection, we ensure - as required by law - by using appropriate contracts (namely on the basis of the revised standard contractual clauses of the European Commission, which are available here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?), insofar as the recipient of the personal data is not already subject to a legally recognised set of rules to ensure data protection, or rely on an exceptional legal circumstance such as consent, the performance of a contract, the establishment, exercise or enforcement of legal claims, overriding public interests, generally accessible personal data or because it is necessary to protect the physical integrity of the data subjects. We may also rely on the exemption for data from a register provided for by law (e.g. Commercial Register) to which we have been legitimately given access. You may at any time request a copy of the contractual guarantees referred to under Section 2 above, if any exist. However, we reserve the right to black out copies for reasons of data protection law or confidentiality or to supply only excerpts.
7. Retention and Security of Personal Data
We store your personal data in Switzerland and have taken appropriate technical and organisational security measures to protect it from unauthorised access and misuse (e.g. IT and network security solutions, encryption of communication or data carriers, issuing instructions and conducting training). We store your personal data for as long as it is necessary for the fulfilment of our contractual and legal obligations or otherwise for the purposes pursued with the processing, i.e. e.g. for the duration of the entire contractual relationship (from the initiation, processing to the termination of a mandate) as well as beyond that in accordance with the statutory retention and documentation obligations. As soon as your personal data is used for the purposes described in section 4 above, they will be deleted or anonymised as far as possible. For operational data (e.g. system logs), shorter retention periods of twelve months or less generally apply.
8. Your Rights as a Data Subject
You have certain rights in connection with our data processing. In accordance with applicable law, you can in particular request information about the processing of your personal data, have incorrect personal data corrected, request the deletion of personal data, object to the processing of data, request the release of certain personal data in a standard electronic format or their transfer to other persons responsible.
If you wish to exercise your rights towards us, please contact us; you will find our contact details in section 2. In order for us to be able to exclude misuse, we must identify you (e.g. with a copy of your identity card, if necessary).
Please note that these rights are subject to conditions, exceptions or restrictions (e.g. for the protection of third parties or business secrets or due to our professional duty of confidentiality). We reserve the right to black out or only supply excerpts of documents for reasons of data protection or confidentiality.
We have already informed you about the possibility of revoking your consent in Section 4 above. Please note that the exercise of these rights may conflict with contractual agreements and may have consequences such as the premature termination of the contract with you or cost consequences for you. We will inform you in advance if this is not already contractually regulated.
The exercise of your rights generally requires that you provide us with clear proof of your identity in advance (e.g. by means of a copy of your identity card if your identity is otherwise not clear or cannot be verified). The contact details for exercising your rights can be found under Section 2 above.
If you are in the EEA, you also have the right to lodge a complaint with the competent data protection authority in your country . A list of authorities in the EEA can be found here: https://edpb.europa.eu/about-edpb/board/members_en.
9. What else needs to be considered
We do not assume that the EU General Data Protection Regulation ("GDPR") is applicable in our case. However, should this exceptionally be the case for certain data processing operations, this Section 9 shall apply additionally exclusively for the purposes of the GDPR and the data processing operations subject to it.
We base the processing of your personal data in particular on the fact that
- it is necessary, as described in section 4, for the initiation and conclusion of contracts and their administration and enforcement (Art. 6 para. 1 lit. b DSGVO;
- it is necessary for the protection of legitimate interests of us or of third parties as described in para. 4, namely to communicate with you or third parties, to operate our website, to improve our electronic offers and registration for certain offers and services, for security purposes, to comply with Swiss law and internal regulations for our risk management and corporate governance and for other purposes such as training and education, administration, evidence and quality assurance, organisation, implementation and follow-up of events and to protect other legitimate interests (see section 4) (Art. 6 para. 1 lit. f DSGVO);
- it is required or permitted by law on the basis of our mandate or our position under the law of the EEA or a member state (Art. 6 para. 1 lit. c DSGVO) or is necessary to protect your vital interests or those of other natural persons (Art. 6 para. 1 lit. d DSGVO);
- you have separately consented to the processing.
We may amend this Data Privacy Statement at any time without prior notice. The current version published on our website shall apply.