1. Responsible Person and Point of Contact
The responsible person under data protection law for the processing described in this data protection policy is:
Schaad Balass Menzl & Partner AG
2. How we collect and process Personal Data
In the course of our business activities, including client relationships, we obtain and process personal data, especially data concerning our clients, affiliated individuals, counterparties, courts and authorities, correspondent law firms, professional and other associations, participants in events, recipients of newsletters, and other entities or their respective contacts and employees.
Some of the personal information is provided by you or the individuals concerned when you contact us via email or phone and inquire about our services. This includes, for example, name, contact details, and information about the position of the person concerned in the company or organization for which you or the respective contacts work or on whose behalf you contact us. Additionally, we process personal data received in our correspondence with third parties, especially clients, counterparties, authorities, and courts, and their employees or other contacts within the scope of the client relationship. These data may include names, contact details, language skills, and information about the role of the person concerned in the company or the employment relationship. Furthermore, we may collect some personal data ourselves, for example, from public directories or websites.
If you provide us with data about other individuals (e.g., employee, inventor, or designer information, family members, representatives, counterparties, or other affiliated persons), we assume that you are authorized to do so, that the data is accurate, and that you have ensured that these individuals are informed about this disclosure, to the extent an obligation to provide information exists.
The mentioned personal data is primarily processed by us to perform, document, and invoice our legal services. Additionally, we use the data of our clients, their employees, or other contacts to inform about publications, events, updates, services, or products that may be of interest to them.
To the extent required by law for data processing, we base our data processing on your consent, existing legal obligations, the protection of vital interests of a natural person, the protection of our legitimate interests or those of third parties (including communication with you or third parties, the operation of our website, the improvement of our offerings, and the registration for specific offerings and services, training and education, security purposes, compliance with Swiss law, applicable legal provisions, and instructions and recommendations from authorities, compliance with internal rules for risk management and corporate governance, administration, evidence and quality assurance, organization, implementation and follow-up of events, as well as processing of job applications), and the necessity for the initiation and conclusion of contracts, their management, processing, and enforcement.
Please specify the context in which you request information, correction, supplementation, blocking, deletion, or restriction regarding your personal data and its processing when contacting us. Failure to provide certain personal data may result in the inability to provide related services or conclude a contract. We generally indicate where personal data requested by us is mandatory.
3. Disclosure of Personal Data
The disclosure of your personal data may also occur to other individuals if this is evident from the purposes under point 2. This includes, for example, recipients of deliveries or payments specified by you, third parties in the context of representation relationships (such as your legal representative or your bank), or individuals involved in administrative or judicial proceedings. In certain cases, especially when it is necessary to lift our professional duty of confidentiality, we may also disclose your personal data to our supervisory authority. In the course of business development, it may also happen that we sell or acquire businesses, business areas, assets, or companies, enter into partnerships, and thereby disclose data (including yours, for example, as a customer or supplier or as their representative) to individuals involved in these transactions.
We process personal data under our responsibility in Switzerland. However, these data may be transferred to recipients (including clients, correspondent lawyers, external service providers, counterparties, or authorities) who process the data in other countries. This may include countries that do not offer a level of data protection comparable to Swiss law. If this is the case, we would do so to fulfill a contract with you, act in your interest, or enforce legal claims if necessary. In doing so, we rely on legal exceptions such as consent, contract fulfillment, determination, exercise, or enforcement of legal claims, overriding public interests, published personal data, data from a legally provided register, or the need to protect the integrity of the individuals concerned.
4. Retention period and data security
In general, we store and process your data for as long as necessary for our processing purposes (see point 2), the legal retention and documentation periods, our legitimate interests, especially for documentation and evidence purposes within the scope of a client relationship, require, or if storage is needed for technical reasons (e.g., backups or document management systems). Unless legal, contractual obligations, or technical reasons oppose it, we typically delete or anonymize your data after the expiration of the storage or processing period according to our standard procedures.
We implement appropriate and reasonable security measures to protect personal data from loss, unauthorized alteration, or unauthorized access by third parties. Please note that, within the framework of client management, we may rely on external IT service providers. In doing so, we use certain IT services and communication tools that may be associated with data security risks (such as email, video conferences). It is your responsibility to inform us of the desire for additional security measures.
5. Your rights to your Personal Data
Under applicable data protection law, you have the right to information about your stored personal data and the purpose of data processing, to correction, supplementation, deletion, or restriction of the processing of your personal data, as provided. You can object to processing (especially for data processing for direct marketing purposes), revoke consent given, and insist on data portability.
Please note, however, that these rights are subject to certain conditions, restrictions, or exceptions. To the extent permitted or required by law, we may reject requests to exercise these rights. For example, we may or must continue to store or process personal data under certain circumstances, even if you have requested deletion or restriction of processing, e.g., if we are legally obliged to retain or process certain data, if we have a predominant interest in the use of this data, if we need the data to assert claims, if professional confidentiality obligations apply, or to protect third parties or business secrets. We reserve the right to redact or only partially provide copies for reasons of data protection or confidentiality.
To assert your rights as a data subject, it is generally necessary for you to clearly prove your identity. To enforce your rights, you can contact the address mentioned in point 1.
6. Use of our website
During your visit to our website, usage data is automatically collected. This includes general or technical information, such as the access date, your IP address, the type of web browser used, and the operating system used. Log files are used to identify technical problems and ensure security. Based on this information, we cannot draw conclusions about your identity. No cookies are used on our website.