Privacy Policy

schaller.law GmbH (hereinafter the "Firm", or also "we", "us") is a law firm based in Kuesnacht. In the course of our business activities, we obtain and process personal data, in particular personal data about our clients, associated persons, counterparties, courts and authorities, correspondent law firms, professional and other associations, visitors to our website, participants in events, recipients of newsletters and other entities or, in each case, their contact persons and employees (hereinafter also "you").

With this data protection declaration, we inform you which personal data we process, for what purpose, how and where, in particular in connection with our schaller.law website and our other services. With this privacy policy, we also inform you about the rights of persons whose data we process.

If you disclose information to us about other persons (e.g., family members, agents, counterparties, or other associated persons), we will assume that you have the authority to do so, that such information is accurate, and that you have ensured that such persons are aware of such disclosure to the extent that a legal duty to inform applies (e.g., by bringing this Privacy Policy to their attention in advance).

1. Contact address

schaller.law GmbH is responsible under data protection law for the processing described in this privacy policy. Please contact us as follows: Responsibility for the processing of personal data:

• schaller.law GmbH
• c/o Jean-Marc Schaller
• Goldbacherstrasse 12
• 8700 Kuesnacht-Zurich
• Switzerland

E-mail address: jms@schaller.law

We point out if there are other persons responsible for the processing of personal data in individual cases.

2. Processing of your personal data

2.1 Terms

Personal data is any information relating to an identified or identifiable person. A data subject is a person about whom personal data is processed. Processing includes any handling of personal data, regardless of the means and procedures used, in particular the storage, disclosure, procurement, collection, deletion, storage, modification, destruction and use of personal data.

2.2 Legal basis

We process personal data in accordance with Swiss data protection law such as, in particular, the revised Federal Data Protection Act (FADP) and the Ordinance to the Federal Data Protection Act (FADP), and, if applicable, the European General Data Protection Regulation (GDPR).

2.3 Source, type, scope and purpose

The majority of the data we process is disclosed by you (or your terminal device) yourself (e.g. in connection with our services, the use of our website and apps, or communication with us). You are not obliged to disclose your data, with exceptions in individual cases (e.g. legal obligations). However, if you want to conclude contracts with us or use our services, for example, you must disclose certain data to us. Also the use of our website is not possible without data processing.

We may also obtain data from publicly available sources (e.g. debt collection registers, land registers, commercial registers, media or the Internet including social media) or receive such data from (i) public authorities, (ii) your employer or client who either has a business relationship with us or is otherwise involved with us, as well as from (iii) other third parties (e.g. clients, counterparties, legal protection insurers, credit agencies, address dealers, associations, contractual partners, Internet analysis services). This includes, in particular, the data we process in the course of initiating, concluding and executing contracts, as well as data from correspondence and discussions with third parties, but also all other categories of data.

When you use our services, use our website https://www.schaller.law (hereinafter "website"), or otherwise deal with us, we obtain and process various categories of your personal data. In principle, we may obtain and otherwise process this data in particular for the following purposes:

- Communication: we process personal data so that we can communicate with you as well as with third parties, such as parties to proceedings, courts or authorities, by email, telephone, letter or otherwise (e.g. to respond to inquiries, in the context of legal advice and representation, and to initiate or execute contracts). This also includes that we may send our clients, contractual partners and other interested persons information about events, changes in the law, news about our law firm or similar. This may take the form of newsletters and other regular contacts (electronic, postal, telephone), for example. You may refuse such communications at any time, or refuse or withdraw consent to such communications. For this purpose, we process in particular the content of the communication, your contact data and the marginal data of the communication, but also image and audio recordings of (video) telephone calls. In the event of an audio or video recording we will point this out to you separately and you are free to inform us if you do not wish to be recorded or to terminate the communication. If we need or want to establish your identity, we will collect additional data (e.g. a copy of an identification document).

- Initiation and conclusion of contracts: With regard to the conclusion of a contract, such as in particular a contract for the establishment of an attorney-client relationship, with you or your client or employer, which also includes the clarification of any conflicts of interest, we may in particular collect your name, contact details, powers of attorney, declarations of consent, information about third parties (e.g. contact persons, family details as well as counterparties), contract contents, date of conclusion, creditworthiness data as well as all other data which you make available to us or which we collect from public sources or third parties (e.g. commercial register, credit agencies, sanctions lists, media, legal protection insurances or from the Internet).

- Administration and processing of contracts: We obtain and process personal data so that we can comply with our contractual obligations to our clients and other contractual partners (e.g., suppliers, service providers, correspondence law firms, project partners) and, in particular, so that we can provide and collect contractual services. This also includes data processing for client management (e.g. legal advice and representation of our clients before courts and authorities and correspondence) as well as data processing for the enforcement of contracts (debt collection, legal proceedings, etc.), accounting and public communication (if permitted). For this purpose, we process in particular the data which we receive or have collected in the course of the initiation, conclusion and execution of the contract, as well as data which we generate in the course of our contractual services or which we collect from public sources or other third parties (e.g. courts, authorities, counterparties, information services, media, detective agencies or from the Internet). This data may include, in particular, minutes of conversations and consultations, notes, internal and external correspondence, contractual documents, documents that we create and receive in the course of proceedings before courts and authorities (e.g., complaint, appeal and grievance documents, judgments and decisions), background information about you, opposing parties or others, and other client-related information, service records, invoices, and financial and payment information.

- Operation of our Website: In order to operate our website in a secure and stable manner, we collect technical data, such as IP address, information about the operating system and settings of your terminal device, region, time and type of use. In addition, we use cookies and similar technologies. For more information, see section 8.

- Improving our electronic offerings: In order to continuously improve our website and other electronic offerings, we collect data about your behavior and preferences by, for example, analyzing how you navigate through our website and how you interact with our social media profiles.

- security purposes as well as access controls: We obtain and process personal data to ensure and continuously improve the appropriate security of our IT and other infrastructure (e.g., buildings). This includes, for example, monitoring and controlling electronic access to our IT systems as well as physical access to our premises (including by means of procedures involving the processing of biometric data), analysis and testing of our IT infrastructures, system and error checks, and the creation of security copies. For documentation and security purposes (preventive and incident investigation), we also keep access logs or visitor lists in relation to our premises and use surveillance systems (e.g. security cameras). We draw your attention to surveillance systems at the relevant locations by means of appropriate signs.

- Compliance with laws, directives and recommendations of authorities and internal regulations ("Compliance"): We obtain and process personal data to comply with applicable laws (e.g., anti-money laundering, tax obligations or our professional duties), self-regulations, certifications, industry standards, our corporate governance, as well as for internal and external investigations to which we are a party (e.g., by a law enforcement or regulatory agency or an appointed private entity).

- Risk management and corporate governance: We obtain and process personal data as part of risk management (e.g., to protect against tortious activities) and corporate governance. This includes, among other things, our operational organization (e.g., resource planning) and corporate development (e.g., acquisition and sale of operating units or companies).

- Job application: If you apply for a job with us, we obtain and process the relevant data for the purpose of reviewing the application, carrying out the application process and, in the case of successful applications, for the preparation and conclusion of a corresponding contract. For this purpose, in addition to your contact data and the information from the corresponding communication, we also process in particular the data contained in your application documents and the data as we can additionally obtain about you, for example from job-related social networks, the Internet, the media and from references, if you consent to us obtaining references. Data processing in connection with the employment relationship is the subject of a separate privacy policy.

Other purposes: Other purposes include, for example, training and educational purposes and administrative purposes (e.g., accounting). We may listen to or record telephone or video conferences for training, evidence, and quality assurance purposes. In such cases, we will notify you separately (e.g., by displaying a notice during the video conference in question) and you are free to tell us if you do not want to be recorded or to stop the communication (if you just do not want your image recorded, please turn off your camera). In addition, we may process personal data for the organization, implementation and follow-up of events, such as, in particular, lists of participants and the content of presentations and discussions, but also image and audio recordings made during these events. The protection of other legitimate interests is also one of the further purposes, which cannot be named exhaustively.

2.4 Processing of personal data by third parties, also abroad

We may have personal data processed by commissioned third parties or process it jointly with third parties or with the help of third parties or transmit it to third parties. Such third parties are in particular providers whose services we use. We also ensure appropriate data protection for such third parties.

Specifically, we transfer your personal data to the categories of recipients listed below in connection with the purposes listed in section 2.3. Where necessary, we obtain your consent for this or have our supervisory authority release us from our professional duty of confidentiality.

- Associated law firms: These may use your data for themselves for the same purposes as we do, as described in this Privacy Policy (see Section 3). As a rule, the recipients process the data under their own responsibility.

- Service providers: We work with service providers in Germany and abroad who (i) on our behalf (e.g., IT providers), (ii) under joint responsibility with us, or (iii) under their own responsibility, process data that they have received from us or collected on our behalf. (These service providers include, for example, IT providers, banks, insurance companies, debt collection agencies, credit reporting agencies, address checkers, other law firms or consulting firms.) We generally agree on contracts with these third parties regarding the use and protection of personal data.

- Clients and other contractual partners: First of all, this refers to clients and other contractual partners of ours for whom a transfer of your data results from the contract (e.g., because you work for a contractual partner or he provides services for you). This category of recipients also includes entities with which we cooperate, such as other law firms in Germany and abroad or legal expenses insurers. The recipients process the data under their own responsibility.

- Authorities and courts: We may disclose personal data to offices, courts and other authorities in Switzerland and abroad if this is necessary for the fulfillment of our contractual obligations and in particular for the conduct of our mandate, or if we are legally obliged or entitled to do so, or if this appears necessary to protect our interests. These recipients process the data under their own responsibility.

- Counterparties and persons involved: If necessary for the fulfillment of our contractual obligations, in particular for the management of the mandate, we also disclose your personal data to counterparties and other involved persons (e.g. guarantors, financiers, affiliated companies, other law firms, respondents or experts, etc.).

- Other persons: This refers to other cases where the inclusion of third parties results from the purposes according to section 3. This concerns, for example, delivery addressees or payment recipients specified by you, third parties in the context of agency relationships (e.g. your lawyer or your bank) or persons involved in official or legal proceedings. We may also disclose your personal data to our supervisory authority, in particular if this is necessary in individual cases to release you from our professional duty of confidentiality. If we cooperate with the media and transmit material to them (e.g. photos), you may also be affected. In the course of business development, we may sell or acquire businesses, parts of businesses, assets or companies, or enter into partnerships, which may also result in the disclosure of data (including data about you, e.g. as a client or supplier or as their representative) to the persons involved in these transactions. Communications with our competitors, industry organizations, associations and other bodies may also involve the exchange of data relating to you.

All these categories of recipients may in turn involve third parties, so that your data may also become accessible to them. We can restrict processing by certain third parties (e.g. IT providers), but not by other third parties (e.g. authorities, banks, etc.).

We process and store personal data mainly in Switzerland and the European Economic Area (EEA), but potentially in any country in the world, depending on the case - for example, via subcontractors of our service providers or in proceedings before foreign courts or authorities. In the course of our activities for clients, your personal data may also end up in any country in the world.

If a recipient is located in a country without adequate data protection, we contractually oblige the recipient to comply with an adequate level of data protection (for this purpose, we use the revised standard contractual clauses of the European Commission, which can be accessed here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?, including the supplements necessary for Switzerland), unless the recipient is already subject to a legally recognized set of rules to ensure data protection. We may also disclose personal data to a country without adequate data protection without entering into a separate contract for this purpose if we can rely on an exemption provision for this purpose. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interests or if the performance of a contract that is in your interest requires such disclosure (e.g., if we disclose data to our correspondence law firms), if you have given your consent or it is not possible to obtain your consent within a reasonable period of time and the disclosure is necessary to protect your life or physical integrity or that of a third party, or if it is data that you have made generally available and you have not objected to its processing. We may also rely on the exception for data from a register provided for by law (e.g. HR) to which we have been legitimately given access. We may also rely on the exception for data from a register provided for by law (e.g. HR) to which we have been legitimately given access.

3. Your rights

You have certain rights in connection with our data processing. In accordance with applicable law, you can, in particular, request information about the processing of your personal data, have incorrect personal data corrected, request the deletion of personal data, object to data processing, request the release of certain personal data in a standard electronic format or its transfer to other data controllers.

If you wish to exercise your rights towards us, please contact us; you will find our contact details in section 1. In order for us to exclude any misuse, we must identify you (e.g. with a copy of your ID card, if necessary).

Please note that conditions, exceptions or limitations apply to these rights (e.g. to protect third parties or trade secrets or due to our professional duty of confidentiality). We reserve the right to black out copies or to supply only excerpts for reasons of data protection or confidentiality.

4. Data security

We take appropriate and suitable technical and organizational measures to ensure data protection and, in particular, data security. However, despite such measures, the processing of personal data on the Internet can always have security gaps. We can therefore not guarantee absolute data security.

Access to our online offer takes place via transport encryption (SSL / TLS, in particular with the Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers mark transport encryption with a padlock in the address bar.

5. Use of the website

When using our website (including any newsletters and other digital offers), data is generated that is stored in logs (in particular technical data). In addition, we may use cookies and similar techniques (e.g. pixel tags or fingerprints) to recognize website visitors, evaluate their behavior and recognize preferences. A cookie is a small file that is transmitted between the server and your system and enables the recognition of a specific device or browser.

You can set your browser to automatically reject, accept or delete cookies. You can also disable or delete cookies on a case-by-case basis. You can find out how to manage cookies in your browser in the help menu of your browser.

Both the technical data we collect and cookies generally do not contain any personal data.

Some of the third-party providers we use may be located outside of Switzerland. Information on the disclosure of data abroad can be found under point 6. In terms of data protection law, they are partly "only" order processors of us and partly responsible parties. Further information on this can be found in the data protection declarations.

5.1 Cookies

We may use cookies for our website. Cookies - both our own cookies (first-party cookies) and cookies from third parties whose services we use (third-party cookies) - are data that are stored in your browser. Such stored data need not be limited to traditional cookies in text form.

Cookies can be stored in your browser temporarily as "session cookies" when you visit our website or for a certain period of time as so-called permanent cookies. "Session cookies" are automatically deleted when you close your browser. Permanent cookies have a specific storage period. In particular, they allow us to recognize your browser the next time you visit our website and thus, for example, to measure the reach of our website. However, permanent cookies can also be used for online marketing, for example.

You can disable cookies in your browser settings at any time, in whole or in part, as well as delete them. Without cookies, our website may no longer be fully available. We actively request - if and to the extent necessary - your express consent for the use of cookies.

5.2 Server log files

We may record the following information for each access to our website, provided that this information is transmitted by your browser to our server infrastructure or can be determined by our web server: Date and time including time zone, Internet Protocol (IP) address, access status (HTTP status code), operating system including user interface and version, browser including language and version, individual sub-page of our website accessed including amount of data transferred, website last accessed in the same browser window (referer or referrer).

We store such information, which may also constitute personal data, in server log files. The information is necessary to provide our online offer permanently, user-friendly and reliably, as well as to ensure data security and thus in particular the protection of personal data - also by third parties or with the help of third parties.

5.3 Tracking pixel

We may use tracking pixels on our website. Tracking pixels are also referred to as web beacons. Tracking pixels - also from third parties whose services we use - are small, usually invisible images that are automatically retrieved when you visit our website. With pixel counters, the same information can be collected as in server log files.

5.4 Google Analytics

schaller.law uses Google Analytics, a web analytics service provided by Google (Google Inc., Google LLC, Google Limited Ireland; hereinafter "Google"). Google Analytics uses "cookies", which are text files placed on the computer of the visitor or user of schaller.law, to help the website analyze how users use the site. The information generated by the cookie about the use of this website (including the IP address) will be transmitted to and stored by Google on servers in the United States and/or other (foreign) countries. Google will use this information, namely (not conclusively), (i) to evaluate the use of the website, (ii) to compile reports on website activities for the website operators, (iii) to provide further services associated with the use of the website and the Internet (or similar). Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf.

6. Services from third parties

We use services of third parties to provide our offer permanently, user-friendly, secure and reliable. Such services are also used to embed content on our website. Such services - for example, web/content development, hosting and storage services, video services and payment services - require your Internet Protocol (IP) address, as such services cannot otherwise transmit the corresponding content. Such services may be located outside of Switzerland, provided that adequate data protection is guaranteed.

For their own security-related, statistical and technical purposes, third parties whose services we use may also process data in connection with our offer as well as from other sources - including cookies, log files and counting pixels - in aggregated, anonymized or pseudonymized form.

We use third-party services in order to be able to make use of required digital infrastructure for our offer. These include, for example, hosting and storage services from specialized providers.

7. GDPR (if applicable)

We do not assume that the EU General Data Protection Regulation ("GDPR") is applicable in our case. However, if this should exceptionally be the case for certain data processing, then exclusively for the purposes of the GDPR and the data processing subject to it, this Section 7 shall additionally apply.

We base the processing of your personal data in particular on the fact that

- it is necessary, as described in Section 2, for the initiation and conclusion of contracts and their administration and enforcement (Art. 6 para. 1 lit. b GDPR;

- it is necessary for the protection of legitimate interests of us or of third parties as described in section 2, namely for communication with you or third parties, to operate our website, to improve our electronic offers and registration for certain offers and services, for security purposes, for compliance with Swiss law and internal regulations for our risk management and corporate governance and for other purposes such as training and education, administration, evidence and quality assurance, organization, implementation and follow-up of events and to protect other legitimate interests (Art. 6 para. 1 lit. f DSGVO);

- it is required or permitted by law on the basis of our mandate or position under the law of the EEA or a member state (Art. 6 para. 1 lit. c DSGVO) or is necessary to protect your vital interests or those of other natural persons (Art. 6 para. 1 lit. d DSGVO);

- you have separately consented to the processing, e.g. via a corresponding declaration on our website (Art. 6 para. 1 lit. a and Art. 9 para. 2 lit. a DSGVO).

We would like to point out that we generally process your data for as long as our processing purposes (cf. Section 2), the legal retention periods and our legitimate interests, in particular for documentation and evidence purposes, require or storage is technically necessary (e.g. in the case of backups or document management systems). If there are no legal or contractual obligations or technical reasons to the contrary, we will generally delete or anonymize your data after the storage or processing period has expired as part of our normal processes and in accordance with our retention policy.

If you do not disclose certain personal data, this may mean that it is not possible to provide the related services or conclude a contract. We generally disclose where personal data requested by us is mandatory.

The right to object to the processing of your data as set out in section 3 applies in particular to data processing for the purpose of direct marketing.

If you do not agree with our handling of your rights or data protection, please let us know (see contact details in section 1). If you are in the EEA, you also have the right to complain to the data protection supervisory authority in your country. You can find a list of authorities in the EEA here: https://edpb.europa.eu/about-edpb/board/members_de.dd

8. Final terms

This privacy policy is not part of any contract. We can adapt and supplement this data protection declaration at any time. We will inform about such adaptations and amendments in an appropriate form, in particular by publishing the respective current data protection declaration on our website. The version published on this website is the current version.