Data Privacy Notice
current version: July 17, 2024
Arvedelis AG is a Swiss law firm specializing in transactions and corporate matters, with legal seat in Dübendorf and company address at Zürichstrasse 98, 8600 Dübendorf, Switzerland (hereinafter also “Arvedelis”, “us“, “we“).
As part of our business activities, we obtain and process personal data, in particular personal data about our clients, associated persons, counterparties, courts and authorities, law firms, professional and other associations, visitors to our Website, participants in events, recipients of newsletters and other bodies or their respective contact persons and employees (hereinafter also referred to as “you“).
In this privacy notice (“Privacy Notice“), we provide information about this data processing. In addition to this Privacy Notice, we may inform you separately about the processing of your data, for example in declarations of consent, forms, contractual conditions and additional privacy notices.
If you disclose data about other persons (e.g. family members, representatives, counterparties or other associated persons) to us, we assume that you are authorized to do so, that this data is correct and that you have ensured that these persons are informed about this disclosure (e.g. by bringing this Privacy Notice to their attention in advance), insofar as a legal obligation to provide information applies.
Arvedelis AG, Zürichstrasse 98, 8600 Dübendorf, Switzerland, is responsible for the data processing described in this Privacy Notice. If you would like to contact us about the processing of your data, contact us at contact@arvedelis.ch.
If you make use of our services, use our Website www.arvedelis.ch (hereinafter “Website“), are involved in a case that we are handling for one of our clients, or otherwise have dealings with us, we obtain and process various categories of your personal data. In principle, we may obtain and otherwise process this data for the following purposes in particular:
- Communication: We process personal data so that we can communicate with you and third parties (e.g. parties to proceedings, courts or authorities) by email, telephone, mail or otherwise (e.g. to respond to inquiries, in the context of legal advice and representation as well as contract initiation or execution). For this purpose, we process in particular the content of the communication, your contact details, the marginal data of the communication and any image and/or audio recordings of (video) telephone calls. If we need or want to establish your identity, we collect additional data (e.g. a copy of an identity document). We may occasionally or regularly send our clients, contractual partners and other interested persons information in digital and/or analog form about our law firm, events, changes in the law and the like. You can reject these mailings at any time or refuse or revoke your consent to being contacted for advertising purposes by notifying us (see contact details in section 2 of this Privacy Notice).
- Initiation and conclusion of contracts: With regard to the conclusion of a contract with you or your client or employer, we may in particular obtain and otherwise process names, contact details, powers of attorney, declarations of consent, information about third parties (for example contact persons, family details and counterparties), contract contents, date of conclusion, creditworthiness data and all other data which you provide to us or which we collect from public sources or from third parties (for example commercial registers, credit agencies, sanctions lists, media, legal expenses insurance companies or from the Internet). We also process this data in particular if you or your client or employer conclude a contract with us to establish a client relationship or if another party does so in a case in which you are involved. This also includes clarifying any conflicts of interest at Arvedelis.
- Administration and processing of contracts: We obtain and process personal data so that we can comply with our contractual obligations towards our clients and other contractual partners (e.g. suppliers, service providers, correspondence law firms, project partners) and, in particular, provide and demand contractual services. This also includes data processing for client management (e.g. legal advice and representation of our clients before courts and authorities and correspondence) as well as data processing for the enforcement of contracts (debt collection, legal proceedings, etc.), accounting and public communication (if permitted). For this purpose, we process in particular the data that we receive or have collected as part of the initiation, conclusion and execution of the contract as well as data that we create as part of our contractual services or that we collect from public sources or from other third parties (e.g. courts, authorities, counterparties, information services, media, detective agencies or from the Internet). This data may include, in particular, minutes of meetings and consultations, notes, internal and external correspondence, contractual documents, documents that we prepare and receive in the context of proceedings before courts and authorities (e.g. statements of claim, appeals and complaints, judgments and decisions), background information about you, counterparties or other persons as well as other mandate-related information, proof of performance, invoices and financial and payment information.
- Operation of our Website: In order to operate our Website in a secure and stable manner, we collect technical data (for example IP address, information about the operating system and settings of your end device as well as the region, time and type of use). We also use cookies and similar technologies. For further information, see section 8 of this Privacy Notice.
- Improvement of our offerings: In order to continuously improve our Website and other electronic offerings (for example apps, online tools and other websites) as well as our other offerings (for example services), we collect data about your behavior and preferences, for example by analyzing how you navigate through our Website and how you interact with our social media profiles and our online tools or how you use our services or how you like our services. For this purpose, we also process direct or indirect feedback from you about our Website, social media presence and our tools (for example, comments, emails or other statements addressed directly to us or of which we otherwise become aware) and other feedback about our services, including in the context of client relationships or in the context of public statements from you (for example, on social media, in the media or mailings).
- Registration: In order to use certain offers and services (e.g. newsletters), you must register (directly with us or via our external login service providers). For this purpose, we process the data provided during the registration process. We may also collect personal data about you while you are using the offer or service (e.g. behavioral and preference data and communication data); if necessary, we will provide you with further information about the processing of this data.
- Security purposes and access controls: We obtain and process personal data in order to ensure and continuously improve the appropriate security of our IT and other infrastructure (for example, buildings). This includes, for example, monitoring and controlling electronic access to our IT systems and physical access to our premises, analyzing and testing our IT infrastructures, system and error checks and creating backup copies. For documentation and security purposes (preventive and to investigate incidents), we also keep access logs and visitor lists in relation to our premises and use surveillance systems (e.g. security cameras).
- Compliance with laws, directives and recommendations from authorities and internal regulations (“compliance”): We obtain and process personal data to comply with applicable laws (for example tax obligations, our professional obligations or to combat money laundering), self-regulation, certifications, industry standards, our corporate governance and for both internal and external investigations in which we are a party (to proceedings) (for example by a law enforcement or supervisory authority or a mandated private body). For this purpose, we collect master data, behavioral data and financial data in particular, but also any other data that we deem necessary or useful in order to meet our compliance obligations.
- Risk management and corporate governance: We obtain and process personal data as part of risk management (e.g. to protect against criminal activities) and corporate governance. This includes our business organization (e.g. resource planning) and corporate development (e.g. acquisition and sale of business units or companies). In particular, we process master data, contract data, registration data and technical data, as well as behavioral and communication data.
- Job application: If you apply for a job with us, we will obtain and process the relevant data for the purpose of reviewing the application, carrying out the application process and, in the case of successful applications, for the preparation and conclusion of a corresponding contract. In addition to your contact details and the information from the corresponding communication, we also process the data contained in your application documents and the data that we can additionally obtain about you, for example from job-related social networks, the Internet, the media and from references, if you consent to us obtaining references. Data processing in connection with the employment relationship is the subject of a separate privacy policy.
- Other purposes: Other purposes include, for example, training and education purposes and administrative purposes (e.g. accounting). We may listen to or record telephone or video conferences for training, evidence and quality assurance purposes. In such cases, we will inform you separately (for example, by displaying a message during the video conference in question) and you are free to let us know if you do not wish to be recorded or to terminate the communication (if you simply do not wish your image to be recorded, please turn off your camera). In addition, we may process personal data for the organization, implementation and follow-up of events, in particular participant lists and the content of presentations and discussions, as well as image and audio recordings made during these events. The protection of other legitimate interests is also one of the other purposes, which cannot be listed exhaustively.
From you: You provide us with much of the data we process yourself (for example, as part of a client relationship or otherwise in connection with our services, the use of our Website and apps, or communication with us). You are not obliged to disclose your data, with exceptions in individual cases (e.g. legal obligations). However, if you wish to make use of our services or otherwise conclude contracts with us, you must provide us with certain data. The use of our Website is also not possible without data processing.
From third parties: We may also obtain data from publicly accessible sources (e.g. debt collection registers, land registers, commercial registers, media or the internet, including social media) or receive such data from (i) authorities in Switzerland and abroad, (ii) your employer or client, provided that they either have a business relationship with us or are otherwise involved, and from (iii) other third parties (e.g. clients, counterparties, legal expenses insurers, credit reference agencies, address dealers, associations, contractual partners, internet analysis services). This includes in particular the data that we process in the context of a client relationship or otherwise in the initiation, conclusion and execution of contracts as well as data from correspondence and discussions with third parties, but also all other categories of data in accordance with section 3 of this Privacy Notice.
In connection with the measures described in section 3 of this Privacy Notice, we transfer your personal data in particular to the categories of recipients listed below. If necessary, we will obtain your consent for this or have our supervisory authority release us from our professional duty of confidentiality.
- Service providers: We work with service providers in Switzerland and abroad who (i) process data on our behalf (e.g. IT providers), (ii) process data that they have received from us or collected for us on their own responsibility or (iii) process data on their own responsibility. These service providers include, for example, IT providers, banks, insurance companies, debt collection agencies, credit reference agencies, address verifiers, legal directories, other law firms and other consulting companies. We generally agree contracts with our processors on the use and protection of personal data.
- Clients and other contractual partners: This initially refers to clients and other contractual partners of ours for whom a transfer of your data results from the contract (e.g. because you work for a contractual partner or the contractual partner provides services for you). This category of recipients also includes entities with which we cooperate, such as other law firms in Switzerland and abroad and legal expenses insurers. The recipients generally process the data under their own responsibility.
- Authorities and courts: We may disclose personal data to offices, courts and other authorities in Switzerland and abroad if this is necessary for the fulfillment of our contractual obligations and in particular for the performance of our mandate, if we are entitled or legally obliged to do so or if this appears necessary to protect our interests or those of our clients or third parties. These recipients process the data under their own responsibility.
- Counterparties and persons involved: If this is necessary for the fulfillment of our contractual obligations, in particular for the management of the mandate, or if we deem it appropriate, we will also pass on your personal data to counterparties and other persons involved (e.g. guarantors, financiers, affiliated companies, other law firms, persons providing information and experts).
- Other persons: This refers to other cases where the involvement of third parties arises from the purposes set out in section 3 of this Privacy Notice. This concerns, for example, delivery addressees or payment recipients specified by you, third parties in the context of representative relationships (e.g. your lawyer or your bank) or persons involved in official or court proceedings. We may also disclose your personal data to our supervisory authority, in particular if this is necessary in individual cases to release you from our professional duty of confidentiality. If we work with the media (including publishers of legal directories) and provide them with material (e.g. photos and contact details), you may also be affected by this; we may also pass on your personal data in the context of publications (e.g. in the form of quotes and reports on cases). In the context of company development, we may sell or acquire businesses, parts of businesses, assets or companies or enter into partnerships, which may also result in the disclosure of data (including from you, for example as a client or supplier or as their representative) to the persons involved in these transactions. In the course of communication with our competitors, industry organizations, associations, market observers and other bodies, data relating to you may also be exchanged.
All these categories of recipients may in turn involve third parties, so that your data may also become accessible to them. We can restrict processing by certain third parties (e.g. IT providers), but not by other third parties (e.g. authorities and banks).
We enable certain third parties to collect personal data from you on our Website and at our events, including on their own responsibility (e.g. media photographers and providers of tools that we have integrated on our Website). Insofar as we are not decisively involved in this data collection, these third parties are solely responsible for it. If you have any concerns and wish to assert your data protection rights, please contact these third parties directly (see section 8 of this Privacy Notice).
We process and store personal data mainly in Switzerland and the European Economic Area (EEA), but potentially in any country in the world, depending on the case – for example via subcontractors of our service providers or in proceedings before foreign courts or authorities. Your personal data may also be transferred to any country in the world as part of our work for clients.
If a recipient is located in a country without adequate data protection, we contractually oblige the recipient to comply with an adequate level of data protection (we use the revised standard contractual clauses of the European Commission, which are available here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?, including the supplements required for Switzerland), unless the recipient is already subject to a legally recognized set of rules to ensure data protection. We may also disclose personal data to a country without adequate data protection without concluding a separate contract if we can rely on an exemption clause for this. An exception may apply in particular to legal proceedings abroad, but also in cases of overriding public interests or if the performance of a contract that is in your interest requires such a disclosure (e.g. if we disclose data to our correspondence offices) if you have given your consent, or it is not possible to obtain your consent within a reasonable period of time and the disclosure is necessary to protect your life or physical integrity or that of a third party, or if it concerns data that you have made generally accessible and whose processing you have not objected to. We may also rely on the exception for data from a register provided for by law (e.g. commercial register), which we have legitimately obtained access to.
You have certain rights in connection with our data processing. In accordance with applicable law, you may in particular request information about the processing of your personal data, have incorrect personal data corrected, request the erasure of personal data, object to data processing, request the disclosure of certain personal data in a commonly used electronic format or its transfer to other controllers or withdraw your consent with effect for the future, provided that our processing is based on your consent.
If you wish to exercise your rights against us, please contact us; you will find our contact details in section 2 of this Privacy Notice. So that we can rule out misuse, we must identify you (e.g. with a copy of your ID, if necessary).
Please note that conditions, exceptions or restrictions apply to these rights (e.g. to protect third parties or business secrets or due to our professional duty of confidentiality). We reserve the right to black out copies for reasons of data protection or confidentiality or to supply only excerpts.
When using our Website (including newsletters and other digital offers), data is collected that is stored in logs (in particular technical data). We may also use cookies and similar technologies (e.g. pixel tags or fingerprints) to recognize website visitors, evaluate their behavior and identify preferences. A cookie is a small file that is transmitted between the server and your system and makes it possible to recognize a specific device or browser.
You can set your browser so that it automatically rejects, accepts or deletes cookies. You can also deactivate or delete cookies in individual cases. You can find out how to manage cookies in your browser in the help menu of your browser.
Neither the technical data we collect nor cookies generally contain any personal data. However, personal data that we or third-party providers commissioned by us store about you (e.g. if you have a user account with us or these providers) may be linked to the technical data or to the information stored in and obtained from cookies and thus possibly to your person.
We sometimes also use social media plug-ins, which are small software modules that establish a connection between your visit to our Website and a third-party provider. The social media plug-in informs the third-party provider that you have visited our Website and may send the third-party provider cookies that it has previously placed on your web browser. For more information on how these third-party providers use your personal data collected via their social media plug-ins, please refer to their respective privacy notices.
We also use our own tools and third-party services (which may themselves use cookies) on our Website, in particular to improve the functionality or content of our Website (e.g. integration of videos or maps), to compile statistics and to place advertisements.
We currently use offers from the following service providers and advertising partners on our Website and otherwise in the digital area, whereby their contact details and further information on the individual data processing can be found in the respective privacy notice:
- Facebook
Provider: Meta Platforms Ireland Ltd, Ireland
Data protection information: https://www.facebook.com/privacy/policy - Google Analytics
Provider: Google Ireland Ltd, Ireland
Data protection information: https://policies.google.com/privacy?hl=de - Google Maps
Provider: Google LLC, USA
Data protection information: https://policies.google.com/privacy?hl=de - Instagram
Provider: Meta Platforms Ireland Ltd, Ireland
Data protection information: https://privacycenter.instagram.com/policy - LinkedIn
Provider: LinkedIn Ireland Unlimited Company, Ireland
Data protection information: https://de.linkedin.com/legal/privacy-policy - WhatsApp
Provider: Meta Platforms Ireland Ltd, Ireland
Data protection information: https://www.whatsapp.com/legal/privacy-policy-eea
In terms of data protection law, some of these third parties are our processors and some are controllers. Further information on this can be found in their data protection policies/notices.
Where the third-party providers we use are located outside Switzerland, you will find information on any data disclosure by us abroad under section 6 of this Privacy Notice.
We operate pages and other online presences on social networks and other platforms operated by third parties and process data about you in this context. We receive data from you (e.g. when you communicate with us or comment on our content) and from the platforms (e.g. statistics). The providers of the platforms can analyze your use and process this data together with other data that they have about you. They also process this data for their own purposes (e.g. marketing and market research purposes and to manage their platforms) and act as their own data controllers for this purpose. For further information on processing by the platform operators, please refer to the privacy notices of the respective platforms.
We currently use the following platforms, whereby the identity and contact details of the platform operator can be found in the respective privacy notices:
- Facebook
Provider: Meta Platforms Ireland Ltd, Ireland
Data protection information: https://www.facebook.com/privacy/policy - Instagram
Provider: Meta Platforms Ireland Ltd, Ireland
Data protection information: https://privacycenter.instagram.com/policy - LinkedIn
Provider: LinkedIn Ireland Unlimited Company, Ireland
Data protection information: https://de.linkedin.com/legal/privacy-policy
We are entitled, but not obliged, to check content before or after it is published on our online presences, to delete content without notice and, if necessary, to report it to the provider of the platform in question.
Where the platform operators we use are located outside Switzerland, you will find information on any data disclosure by us abroad under section 6 of this Privacy Notice. If you access their offers directly (e.g. visit our online presence on social media), you yourself transfer your personal data abroad and not us.
We do not assume that the EU General Data Protection Regulation (“GDPR“) is applicable in our case. However, should this be the case in exceptional cases for certain data processing, this section 10 shall also apply exclusively for the purposes of the GDPR and the data processing subject to it.
We base the processing of your personal data in particular on the fact that
- they are as described in point 3 of this Privacy Notice is necessary for the initiation and conclusion of contracts and their administration and enforcement (article 6 paragraph 1 litera b GDPR);
- it is necessary to protect our legitimate interests or those of third parties as described in section 3 of this Privacy Notice, namely for communication with you or third parties, to operate our Website, to improve our electronic offers and registration for certain offers and services, for security purposes, for compliance with Swiss law and internal regulations, for our risk management and corporate governance and for other purposes such as training and education, administration, evidence and quality assurance, organization, implementation and follow-up of events and other legitimate interests (see section 3 of this Privacy Notice) (article 6 paragraph 1 litera f GDPR);
- it is required or permitted by law on the basis of our mandate or our position under the law of the EEA or a member state (article 6 paragraph 1 litera c GDPR) or is necessary to protect your vital interests or those of other natural persons (article 6 paragraph 1 litera d GDPR);
- you have separately consented to the processing, for example via a corresponding declaration on our Website (article 6 paragraph 1 litera a and article 9 paragraph 2 litera a GDPR).
We would like to point out that we will process your data for as long as it is necessary for our processing purposes (see section 3 of this Privacy Notice), the statutory retention periods and our legitimate interests, in particular for documentation and evidence purposes, or if storage is technically necessary (e.g. in the case of backups or document management systems). If there are no legal or contractual obligations or technical reasons to the contrary, we will always delete or anonymize your data after the storage or processing period has expired as part of our normal processes and in accordance with our retention policy.
If you do not provide certain personal data, this may mean that it is not possible to provide the associated services or conclude a contract. As a matter of principle, we indicate where personal data requested by us is mandatory.
The procedure described in section 7 of this Privacy Notice applies in particular to data processing for the purpose of direct marketing.
If you do not agree with our handling of your rights or data protection, please let us know (see contact details in section 2 of this Privacy Notice). If you are located in the EEA, you also have the right to lodge a complaint with the data protection supervisory authority in your country. A list of authorities in the EEA can be found here: https://edpb.europa.eu/about-edpb/board/members_de.
This Privacy Notice is not part of any contract with you.
We may amend this Privacy Notice at any time without notice.
The version published on our Website is the current version.