Data Protection Policy of AH4 Ltd.
For our clients:
The protection of your Personal Data that AH4 AG (hereinafter «AH4», «we» or «us») collects and processes in the course of its business activities is important to us. We process Personal Data in accordance with the requirements of the Swiss Data Protection Act and, if and to the extent applicable, in accordance with the EU General Data Protection Regulation.
The following Privacy Policy informs you how and for what purposes we process your Perso-nal Data and what rights you have in connection with this. «Personal Data» means all infor-mation relating to an identified or identifiable natural person.
AH4 is responsible for processing your Personal Data in accordance with this Privacy Policy.
AH4 AG
Seefeldstrasse 301
Postfach
8034 Zürich
Tel: +41 44 552 74 44
E-mail: office@ah4.law
Personal Data processing, purpose of processing
1. General Principles in Connection with our Business Activities
We process the following personal data within the ambit of the mandate:
Client data and data relating to the management of the mandate: first names, surnames and contact details of the contact person, position and title, company / unit of employment, sector, any cross-connections (e.g. member or related person) along with other background information obtained from publicly accessible sources (e.g. Commercial Register), any referring person, the content of enquiries and the mandate, counterparties and their representatives as well as further information for examining any conflicts of interest
Data relating to the mandate: communication with clients, courts, opposing parties’ lawyers and third parties, advisory documentation, information provided to us in relation to our services by or for clients from counterparties, courts, authorities and other participants in proceedings as well as information generated by us in relation to our services (minutes, notes, contractual documents, legal documents for court proceedings, etc.)
Data relating to services and billing data: information concerning the services provided and charged for, invoice data, performance records, invoices, payments, banking information.
We process personal data mainly for the purpose of providing, documenting, billing and improving our services. This includes processing to comply with legal requirements (e.g. examining potential conflicts of interest) and to exercise or defend legal claims. We also process the personal data of our clients to communicate with our clients, to answer their requests as well as to provide them with information concerning our firm and invitations to events, courses, conferences, or presentations.
If you provide us with data about other persons (e.g. family members, representatives, other parties or associated persons), we assume that you are authorised to do so, that this data is correct and that you have ensured that these persons are informed about this disclosure, insofar as a legal obligation to provide information applies (e.g. by bringing this data protection declaration to their attention in advance).
1.1 Disclosure of personal data
We do not disclose any personal data to third parties without the consent of the data subject, except insofar as necessary in relation to the handling of the mandate or for the purposes described in this data protection policy. In particular, information may be disclosed in course of handling this mandate to courts and authorities, opposing parties, corresponding lawyers, legal protection insurers and other experts. In addition, we may share personal data with outsourced data processors, including, in particular, IT providers and other service providers that make IT applications available (e.g. collaboration platforms) or that provide support and other services on our behalf for the purposes described in this data protection policy.
1.2 Duration of storage
We process and store your personal data only for as long as it is necessary in accordance with the relevant purpose of processing, or if there is another legal basis for doing so (e.g. statutory retention periods). We retain personal data that we hold on the basis of a contractual relationship with you for at least the duration of that contractual relationship and the limitation periods for potential claims by us or based on contractual retention obligations. As soon as your personal data are no longer required for the purposes referenced above, they will be deactivated, erased, or anonymised as far as possible.
1.3 Data security
We put technical and organisational measures in place to protect your Personal Data from unauthorised access, misuse, loss and destruction.
2. Use of our website
To use our website, disclose of your personal data is not necessary. However, our server collects a set of user information which is temporarily stored in the server’s log files each time a user accesses our website. The information collected includes, but is not limited to, IP address, date and time of access, time zone difference relative to GMT, name and URL of the downloaded file, website from which the access takes place, browser and operating system used.
The use of this general information does not involve identification of a specific person. The collection of this information or data is technically necessary to display our website to you and to guarantee its stability and security. This information is also collected to improve the website and to analyse its use. The legal basis for the temporary storage of the information and log files is our legitimate interest in being able to offer you our website in sufficient quality and to continuously improve it.
2.1 Liability for links
Any references or links to third party websites are beyond our control. Any liability for such websites is declined. Such websites are accessed and used at the user’s own risk.
2.4 Applications
You can submit your application for a position with us by post or via the e-mail address provided on our website. Your application documents and all Personal Data thereby disclosed to us will be treated in the strictest confidence, will not be disclosed to any third party and will only be processed for the purpose of processing your application for employment with us. Unless you have given consent which provides otherwise, your application file will either be returned to you after the conclusion of the application process or will be deleted/destroyed, unless it is subject to a statutory retention requirement. The legal basis for the processing of your data is your consent, the performance of the contract with you and our legitimate interests.
2.4 Mailings
Any person who does not wish to receive any further emails or invitations from us can unsubscribe at any time by clicking on the corresponding link in the relevant email or by writing to office@ah4.law
2.5 Copyright
Copyright and all other rights over content, images, photographs and other files on the website are vested exclusively in AH4 AG or the specifically mentioned holder of the respective right. The written approval of the copyright holder to the reproduction of any such elements must be obtained in advance.
3. Origin of the data?
· From you: You (or your end device) yourself provide us with most of the data we process (e.g. in connection with our services, the use of our website or communication with us). You are not obliged to disclose your data, with exceptions in individual cases (e.g. legal obligations). However, if you wish to conclude contracts with us or utilise our services, you must disclose certain data to us. The use of our website is also not possible without data processing.
· From third parties: We may also obtain data from publicly accessible sources (e.g. debt collection registers, land registers, commercial registers, media or the internet, including social media) or receive such data from (i) authorities or other third parties (e.g. clients, counterparties). This includes, in particular, data we process in the context of initiation, conclusion and execution of contracts, as well as data from correspondence and discussions with third parties, but also all other categories of data in accordance with section 1 above.
4. To whom do we disclose the data?
In connection with the purposes listed in section 1 above, we transfer your personal data in particular to the categories of recipients listed below. If necessary, we will obtain your consent for this or have our supervisory authority release us from our professional duty of confidentiality.
· Service Providers: We work with service providers in Switzerland and abroad who (i) process data on our behalf (e.g. IT providers), (ii) on our joint responsibility or (iii) on their own responsibility, which they have received from us or collected for us. We generally conclude contracts with these third parties regarding the use and protection of personal data.
· Authorities and Courts: We may disclose personal data to offices, courts, and other authorities in Switzerland and abroad if this is necessary for the fulfilment of our contractual obligations and in particular for the performance of our mandate, or if we are legally obliged or entitled to do so, or if this appears necessary to protect our interests. These recipients process the data under their own responsibility.
· Counterparties and Persons Involved: Insofar as this is necessary for the fulfilment of our contractual obligations, in particular for the handling of the mandate, we also pass on your personal data to counterparties and other persons involved (e.g. other law firms, persons providing information or experts, etc.).
· Other Persons: This refers to other cases where the inclusion of third parties arises from the purposes set out in section 1 above. This applies, for example, to delivery recipients or payment recipients specified by you, third parties in the context of agency relationships (e.g. your lawyer or your bank) or persons involved in official or court proceedings. We may also pass on your personal data to our supervisory authority, in particular if this is necessary in particular cases to release you from our professional confidentiality obligation. As part of our corporate development, we may enter into partnerships, which may also result in the disclosure of data (including from you, e.g. as a client or supplier or as their representative) to the persons involved in these transactions.
All these categories of recipients may in turn involve third parties, so that your data may also become accessible to them. We can restrict processing by certain third parties (e.g. IT providers), but not by other third parties (e.g. authorities, banks, etc.).
5. Will your Personal Data be transferred abroad?
We process and store personal data mainly in Switzerland and the European Economic Area (EEA), but potentially in any country in the world, depending on the case - for example via subcontractors of our service providers or in proceedings before foreign courts or authorities. Your personal data may also be transferred to any country in the world in the course of our work for clients.
We may also disclose personal data to a country without adequate data protection without concluding a separate contract if we can rely on an exemption clause for this. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interests or if the fulfilment of a contract that is in your interest requires such disclosure (e.g. if we disclose data to our correspondence offices), if you have given your consent, or if it is not possible to obtain your consent within a reasonable period of time and the disclosure is necessary to protect your life or physical integrity or that of a third party, or if it concerns data that you have made generally accessible and whose processing you have not objected to. We may also rely on the exception for data from a register provided for by law (e.g. Commercial Register), which we have legitimately obtained access to.
6. Your Rights
You have certain rights in connection with our data processing. In accordance with applicable law, you may, in particular, request information about the processing of your personal data, have incorrect personal data corrected, request the erasure of personal data, object to data processing, request the disclosure of certain personal data in a commonly used electronic format or its transfer to other controllers.
If you wish to exercise your rights, please contact office@ah4.law. To rule out misuse, we will have to identify you (e.g. with a copy of your ID, if necessary).
Please note that conditions, exceptions, or restrictions apply to these rights (e.g. for the protection of third parties or business secrets, or due to our professional duty of confidentiality). We reserve the right to black out copies for reasons of data protection or confidentiality or to supply only extracts.
7. How do we process Personal Data on our Social Network Platforms?
We operate pages and other online presences on social networks and other platforms operated by third parties and process data about you in this context. In doing so, we receive data from you (e.g. when you communicate with us or comment on our content) and from the platforms (e.g. statistics). The providers of the platforms can analyse your use and process this data together with other data that they have about you. They also process this data for their own purposes (e.g. marketing and market research purposes and to manage their platforms), and act as their own data controllers for this purpose. For more information on processing by the platform operators, please refer to the data protection policies of the respective platforms.
We currently use the following platforms, whereby the identity and contact details of the platform operator can be found in the data protection policy in each case:
· LinkedIn:
www.linkedin.com
Data protection policy: https://www.linkedin.com/legal/data protection-policy?
We are authorised, but not obliged, to check third-party content before or after it is published on our online presences, to delete content without notice and, if necessary, to report it to the provider of the platform in question.
Some of the platform operators may be located outside Switzerland. Information on the disclosure of data abroad can be found in section 5 above.
8. What else needs to be considered?
We do not assume that the EU General Data Protection Regulation ("GDPR") is applicable in our case. However, should this be the case in exceptional cases for certain data processing, this Section 8 shall also apply exclusively for the purposes of the GDPR and the data processing subject to it.
We base the processing of your personal data in particular on the fact that,
· it is necessary as described in section 1 above for the initiation and conclusion of contracts and their administration and enforcement (Art. 6 para. 1 lit. b GDPR);
· it is necessary for the purposes of the legitimate interests pursued by us or by third parties as described in para. 1, in particular for communication with you or third parties, to operate our website, to improve our electronic offers and registration for certain offers and services, for security purposes, for compliance with Swiss law and internal regulations for our risk management and corporate governance and for other purposes such as training and education, administration, evidence and quality assurance, organisation, implementation and follow-up of events and to safeguard other legitimate interests (see section 1 above) (Art. 6 para. 1 lit. f GDPR);
· it is required or permitted by law, on the basis of our mandate or our position under the law of the EEA or a member state (Art. 6 para. 1 lit. c GDPR) or is necessary to protect your vital interests or those of other natural persons (Art. 6 para. 1 lit. d GDPR);
· you have separately consented to the processing.
Please note that we will generally process your data for as long as required by our processing purposes (see section 1 above), the statutory retention periods and our legitimate interests, in particular for documentation and evidence purposes, or if storage is technically necessary (e.g. in the case of backups or document management systems). If there are no legal or contractual obligations or technical reasons to the contrary, we will generally delete or anonymise your data after the storage or processing period has expired as part of our normal processes and in accordance with our retention policy.
If you do not provide certain personal data, this may mean that it is not possible to provide the associated services or conclude a contract. We always indicate where personal data requested by us is mandatory.
The right to object to the processing of your data set out in section 6 above applies in particular to data processing for the purpose of direct marketing.
If you do not agree with our handling of your rights or data protection, please let us know (see contact details in section 2). If you are located in the EEA, you also have the right to lodge a complaint with the data protection supervisory authority in your country. A list of authorities in the EEA can be found here: https://edpb.europa.eu/about-edpb/board/members_en.
9. Amendments to this Data Protection Policy
We expressly reserve the right to amend this data protection policy at any time. If amendments are made, we will immediately publish the amended data protection policy on our website. The data protection policy published on our website shall apply.