1. General

Pachmann AG (hereinafter also referred to as “we“, “us“) is a law firm based in Zurich. As part of our business activities, we obtain and process personal data, in particular personal data about our clients, associated persons, counterparties, courts and authorities, law firms, professional and other associations, participants in events, recipients of newsletters and other bodies or their respective contact persons and employees (hereinafter also referred to as “you“). We provide information about this data processing in this privacy policy. In addition to this privacy policy, we may inform you separately about the processing of your data (e.g. in the case of forms or contractual conditions).

If you provide us with data about other persons (e.g. family members, representatives, counterparties or other associated persons), we assume that you are authorized to do so and that this data is correct and that you have ensured that these persons are informed about this disclosure, insofar as a legal obligation to provide information applies (e.g. by bringing this data protection declaration to their attention in advance).

2. Scope of application

This privacy policy applies to all processing activities relating to personal data:

• Visit of our website
• Client relationship
• Marketing (newsletter, social media, events, rankings, etc.)
• Applications

Depending on the data processing, in addition to the applicable Swiss law (Federal Act on Data Protection (FADP), SR 235.1), European data protection law (Regulation (EU) 2016/679, General Data Protection Regulation) may also or exclusively apply.

3. Person responsible

The data controller is responsible for the processing described in this privacy policy:

Pachmann AG
Dreikönigstrasse 8
8002 Zurich
office@pachmann.law

 

4. Contact details of the Swiss supervisory authority

Federal Data Protection and Information Commissioner
Feldeggweg 1
3003 Berne
Tel. +41 58 462 43 95

5. Processed personal data and processing purposes

When you use our services or otherwise deal with us, we obtain and process various categories of your personal data. In principle, we may obtain and otherwise process this data for the following purposes in particular:

• Communication data and data for mandate management: We process personal data so that we can communicate with you and with third parties, such as parties to proceedings, courts or authorities, by email, telephone, video conference, letter or otherwise (e.g. to respond to inquiries, in the context of legal advice and representation and the initiation or execution of contracts). This also includes providing our clients, contractual partners and other interested parties with information about events, changes to the law, news about our law firm or similar. This may take the form of newsletters and other regular contact (social media, electronically, by post, by telephone), for example. You can refuse such communication at any time or refuse or revoke your consent to such communication. For this purpose, we process in particular the content of the communication, your contact details and the metadata of the communication, but also image and audio recordings of (video) telephone calls. In the event of an audio or video recording, we will inform you separately and you are free to inform us if you do not wish to be recorded or to terminate the communication.
• Initiation and conclusion of contracts: In order to enter into a contract with you or your principal or employer, in particular a contract to establish a client relationship, which also includes the clarification of possible conflicts of interest, we may in particular collect and otherwise process your name, contact details, powers of attorney, declarations of consent, information about third parties (e.g. contact persons, information about family and counterparties) and the content of contracts, the dates of conclusion, creditworthiness data and all other data that you provide to us or that we collect from public sources or from third parties (e.g. commercial register, credit reference agencies, sanction lists, media, legal expenses insurance or from the internet).
• Administration and processing of contracts: We obtain and process personal data so that we can comply with our contractual obligations towards our clients and other contractual partners (e.g. suppliers, service providers, correspondence law firms, project partners) and, in particular, provide and demand contractual services. This also includes data processing for client management (e.g. legal advice and representation of our clients before courts and authorities and correspondence) as well as data processing for the enforcement of contracts (debt collection, court proceedings, etc.), accounting and public communication (if permitted). For this purpose, we process in particular the data that we receive or have collected as part of the initiation, conclusion and execution of the contract as well as data that we create as part of our contractual services or that we collect from public sources or from other third parties (e.g. courts, authorities, counterparties, information services, media, detective agencies or from the Internet). This data may include, in particular, protocols for conversations and consultations, notes, internal and external correspondence, contractual documents, documents that we prepare and receive in the context of proceedings before courts and authorities (e.g. statements of claim, appeals and complaints, judgments and decisions), background information about you, counterparties or other persons as well as other mandate-related information, proof of performance, services rendered and invoiced, invoice data and financial and payment information
• Operation of our website: In order to operate our website securely and stably, we collect technical data, such as IP address, information about the operating system and settings of your end device, the region, the time and type of use
• Improvement of our electronic offers: In order to continuously improve our electronic offerings, we collect data about your behavior and preferences, for example by analyzing how you interact with our social media profiles.
• Registration: In order to use certain offers and services (e.g. free WLAN, newsletter), you must register. For this purpose, we process the data provided during the registration process. We may also collect personal data about you while you are using the offer or service; if necessary, we will provide you with further information about the processing of this data.
• Security purposes and access controls: We obtain and process personal data in order to ensure and continuously improve the appropriate security of our IT and other infrastructure (e.g. buildings). This includes, for example, monitoring and controlling electronic access to our IT systems and physical access to our premises, analyzing and testing our IT infrastructures, system and error checks and creating backup copies. For documentation and security purposes (preventive and to investigate incidents), we use surveillance systems (in particular access controls and security cameras) in relation to our premises.
• Compliance with laws, directives and recommendations from authorities and internal regulations (“compliance”): We obtain and process personal data to comply with applicable laws (e.g. to combat money laundering, tax obligations or our professional obligations), self-regulation, certifications, industry standards, our corporate governance and for internal and external investigations in which we are a party (to proceedings) (e.g. by a law enforcement or supervisory authority or a commissioned private body).
• Risk management and corporate governance: We obtain and process personal data as part of risk management (e.g. to protect against criminal activities) and corporate governance. This includes, among other things, our business organization (e.g. resource planning) and corporate development.
• Job application: If you apply for a job with us, we obtain and process the relevant data for the purpose of reviewing the application, carrying out the application process and, in the case of successful applications, for the preparation and conclusion of a corresponding contract. In addition to your contact details and the information from the corresponding communication, we also process the data contained in your application documents and the data that we can additionally obtain about you, e.g. from job-related social networks, the Internet, the media and from references, if you consent to us obtaining references.
• Marketing: We use your data – in compliance with attorney-client privilege – for various marketing measures. This includes applying for lawyer rankings, sending newsletters and other publications, creating content for social media platforms, academic courses and organizing client events.
• Other purposes: Other purposes include, for example, training and education purposes as well as administrative purposes (e.g. bookkeeping). In addition, we may process personal data for the organization, implementation and follow-up of events, in particular participant lists and the content of presentations and discussions, as well as image and audio recordings made during these events. The protection of other legitimate interests is also one of the other purposes, which cannot be listed exhaustively. We may also pass on personal data to processors, in particular to IT providers and other providers who provide IT applications (e.g. collaboration platforms or support and other services for the purposes described in this privacy policy on our behalf.

6. Origin of the personal data

• From you: You provide us with the majority of the data we process yourself (e.g. in connection with our services, the use of our website or communication with us). You are not obliged to disclose your data, with exceptions in individual cases (e.g. legal obligations). However, if you wish to conclude contracts with us or make use of our services, for example, you must disclose certain data to us.
• From third parties: We may also obtain data from publicly accessible sources (e.g. debt collection registers, land registers, commercial registers, media or the internet including social media) or receive such data from (i) authorities and courts (in the form of orders and decisions), (ii) your employer or client who either has a business relationship with us or is otherwise involved, as well as from (iii) other third parties (e.g. clients, counterparties, legal expenses insurers, associations, contractual partners). This includes, in particular, the data that we process in the context of the initiation, conclusion and execution of contracts as well as data from correspondence and discussions with third parties, but also all other categories of data in accordance with section 4

7. Disclosure of personal data

In connection with the purposes listed in section 5, we transfer your personal data in particular to the categories of recipients listed below. If necessary, we will obtain your consent for this or have our supervisory authority release us from our professional duty of confidentiality.

• Affiliated legal service providers: Immojuristen AG and Advokatur pra AG are affiliated with our law firm. These two legal service providers may use your data for the same purposes as we do, as described in this privacy policy (see section 5 ).
• Partner law firms: If this is necessary for the fulfillment of our contractual obligations, in particular for the management of the mandate, and the involvement of a partner law firm becomes necessary, we will inform you of this separately. These partner law firms may use your data for the same purposes as we do, as described in this Privacy Policy (see section 5). The recipients generally process the data under their own responsibility.
• Service providers: We work with service providers in Germany and abroad who (i) process data on our behalf (e.g. IT providers), (ii) on our joint responsibility or (iii) on their own responsibility, which they have received from us or collected for us. These service providers include, for example, IT providers, banks, insurance companies, other law firms or consulting firms. We usually enter into contracts with these third-party service providers regarding the use and protection of personal data.
• Clients and other contractual partners: This initially refers to clients and other contractual partners of ours for whom the transfer of your data arises from the contract (e.g. because you work for a contractual partner or they provide services for you). This category of recipients also includes entities with which we cooperate, such as other law firms in Switzerland and abroad or legal expenses insurance companies. The recipients generally process the data under their own responsibility.
• Authorities and courts: We may disclose personal data to offices, courts and other authorities in Switzerland and abroad if this is necessary for the fulfillment of our contractual obligations and in particular for the performance of our mandate, or if we are legally obliged or entitled to do so or if this appears necessary to protect our interests. These recipients process the data under their own responsibility.
• Counterparties and persons involved: Insofar as this is necessary for the fulfillment of our contractual obligations, in particular for the management of the mandate, we also pass on your personal data to counterparties and other persons involved (e.g. guarantors, financiers, affiliated companies, other law firms, persons providing information or experts, etc.).
• Other persons: This refers to other cases where the inclusion of third parties arises from the purposes in accordance with section 5. This applies, for example, to delivery recipients or payment recipients specified by you, third parties in the context of representation relationships (e.g. your lawyer or your bank) or persons involved in official or court proceedings. We may also disclose your personal data to our supervisory authority, in particular if this is necessary in individual cases for the release from our professional duty of confidentiality. If we cooperate with the media and transmit material to them (e.g. photos), you may also be affected. As part of our corporate development, we may sell or acquire businesses, parts of businesses, assets or companies or enter into partnerships, which may also result in the disclosure of data (including your data, e.g. as a client or supplier or as their representative) to the persons involved in these transactions. In the course of communication with our competitors, industry organizations, associations and other bodies, data relating to you may also be exchanged.

All these categories of recipients may in turn involve third parties, so that your data may also become accessible to them. We can restrict the processing by certain third parties (e.g. IT providers), but not by other third parties (e.g. authorities, banks, etc.).

We also allow certain third parties to collect personal data from you on their own responsibility at our events (e.g. media photographers). Insofar as we are not decisively involved in this data collection, these third parties are solely responsible for it. If you have any concerns and wish to assert your data protection rights, please contact these third parties directly. We have listed your rights in section 9.

8. Transfer of data abroad

There will be no disclosure to third countries without an adequate level of data protection or only under the following conditions.

A transfer of personal data to third countries only takes place if the data protection requirements of Art. 6 FADP or Art. 44 et seq. EU General Data Protection Regulation (“GDPR“) are met.

If a recipient is located in a country without adequate data protection, we contractually oblige the recipient to comply with an adequate level of data protection (we use the revised standard contractual clauses of the European Commission, which are available here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?, including the supplements required for Switzerland), unless the recipient is already subject to a legally recognized set of rules to ensure data protection. We may also disclose personal data to a country without adequate data protection without concluding a separate contract if we can rely on an exception clause for this. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interests or if the performance of a contract that is in your interest requires such disclosure (e.g., if we disclose data to our correspondence offices), if you have given your consent, or if it is not possible to obtain your consent within a reasonable period of time and the disclosure is necessary to protect your life or physical integrity or that of a third party, or if it concerns data made generally accessible by you, the processing of which you have not objected to. We may also rely on the exception for data from a register provided for by law (e.g. commercial registry), which we have legitimately obtained access to.

9. Your rights

You have certain rights in connection with our data processing. Under applicable law, you may in particular request information about the processing of your personal data, have incorrect personal data corrected, request the erasure of personal data, object to data processing and request the disclosure of certain personal data in a commonly used electronic format or its transfer to other controllers.

If you wish to exercise your rights against us, please contact us; our contact details can be found at section 3. So that we can rule out misuse, we must identify you (e.g. with a copy of your ID, if necessary).

Please note that conditions, exceptions or restrictions apply to these rights (e.g. to protect third parties or business secrets or due to our professional duty of confidentiality). We reserve the right to black out copies for reasons of data protection or confidentiality or to supply only excerpts.

10. Technologies used on our website

When using our website and other digital offerings, data is generated that is stored in logs (in particular technical data).

The technical data we collect does not generally contain any personal data.

We also use social media plug-ins, which are small pieces of software that establish a connection between your visit to our website and a third-party provider. The social media plug-in informs the third-party provider that you have visited our website and may send the third-party provider cookies that it has previously placed on your web browser. For more information on how these third-party providers use your personal data collected via their social media plug-ins, please refer to their respective privacy policies.

We also use our own tools and third-party services (which may themselves use cookies) on our website, in particular to improve the functionality or content of our website (e.g. integration of videos or maps) and to compile statistics.

Some of the third-party providers we use may be located outside Switzerland. Information on data disclosure abroad can be found at section 8. In terms of data protection law, some of them are “only” processors on our behalf and some are controllers. Further information on this can be found in their data protection declarations.

11. Data processing on social networks

We operate pages and other online presences on social networks and other platforms operated by third parties and process data about you in this context. In doing so we receive data from you (e.g. when you communicate with us or comment on our content) and from the platforms (e.g. statistics). The providers of the platforms can analyze your use and process this data together with other data they have about you. They also process this data for their own purposes (e.g. marketing and market research purposes and to manage their platforms), and act as their own controllers for this purpose. For further information on processing by the platform operators, please refer to the privacy policies of the respective platforms.

We currently use the following platform, whereby the identity and contact details of the platform operator can be found in the privacy policy:

• LinkedIn
  linkedin.com
  Privacy policy: https://de.linkedin.com/legal/privacy-policy

Some of the platform operators may be located outside Switzerland. Information on the disclosure of data abroad can be found in section 8.

12. What else to consider

We do not assume that the GDPR is applicable in our case. However, should this be the case in exceptional cases for certain data processing, this section 12 shall also apply exclusively for the purposes of the GDPR and the data processing subject to it.

We base the processing of your personal data in particular on the fact that

• it is necessary as described in section 5 for the initiation and conclusion of contracts and their administration and enforcement (Art. 6 para. 1 lit. b GDPR);
• it is necessary to protect our legitimate interests or those of third parties as described in section 5 described above, in particular for communication with you or third parties, to operate our website, to improve our electronic offers and registration for certain offers and services, for security purposes, for compliance with Swiss law and internal regulations for our risk management and corporate governance and for other purposes such as training and education, administration, evidence and quality assurance, organization, implementation and follow-up of events and to safeguard other legitimate interests (see section 5) (Art. 6 para. 1 lit. f GDPR);
• legally required or allowed based on our mandate or our position under the laws of the EEA or a member state (Art. 6 para. 1 lit. c GDPR) or is necessary to protect your vital interests or those of other natural persons (Art. 6 para. 1 lit. d GDPR);
• you have separately consented to the processing.

Please note that we generally process your data for as long as required by our processing purposes (see section 5), the statutory retention periods and our legitimate interests, in particular for documentation and evidence purposes, or if storage is technically necessary (e.g. in the case of backups or document management systems). If there are no legal or contractual obligations or technical reasons to the contrary, we generally delete or anonymize your data after the storage or processing period has expired as part of our normal processes and in accordance with our retention policy.

If you do not provide certain personal data, this may mean that it is not possible to provide the associated services or conclude a contract. As a matter of principle, we indicate where personal data requested by us is mandatory.

The right to object to the processing of your data set out in section 9 applies in particular to data processing for the purpose of direct marketing.

If you do not agree with our handling of your rights or data protection, please let us know (see contact details in section 3). If you are in the EEA, you also have the right to lodge a complaint with the data protection supervisory authority in your country. A list of authorities in the EEA can be found here: https://www.edpb.europa.eu/about-edpb/about-edpb/members_en.

13. Up-to-dateness and amendment of this privacy policy

We may amend this privacy policy at any time. The version published on the website www.pachmann.law is the current version.