Privacy Policy

We, Thouvenin Rechtsanwälte KLG (Klausstrasse 33, 8024 Zurich, Switzerland, CHE-102.722.211) are the operator of the website www.thouvenin.com (“website“) as well as your contractual partner in client relationships. Unless otherwise specified, we are responsible for the data processing listed in this Privacy Policy.

In order to know what personal data we collect from you and for what purposes we use it, please take note of the following information. Regarding data protection, we are primarily guided by the legal requirements of Swiss data protection law, in particular the Swiss Federal Act on Data Protection (“FADP“), as well as the EU General Data Protection Regulation (“GDPR“), the provisions of which may be applicable in individual cases.

2 Contact person for data protection

If you have any questions about data protection or would like to exercise your rights, please contact our data protection contact by sending an email to the following address: privacy@thouvenin.com

Alternatively, you can use the following address:

Thouvenin Attorneys at Law KLG
Privacy
Klausstrasse 33
8024 Zurich
Switzerland

3 When you visit our website (log file data)

When you visit our website, the servers of our hosting provider (IN4OUT AG, Hintere Bahnhofstrasse 6, Aarau, Switzerland) store each access in a log file for a maximum period of 12 months. The following data is collected and stored by us until it is automatically deleted:

the IP address of the requesting computer
the date and time of access
the name and URL of the retrieved file
the website from which the access was made, with the search term used, if applicable
the operating system of your device and the browser you are using (including type, version and language setting)
Device type in case of access by mobile phones
the city or region from which the access was made, and
The name of your Internet access provider

This data is processed for the purpose of enabling the use of our website, ensuring system security and stability in the long term, as well as for error and performance analysis. It also allows us to optimize our website.

In the event of an attack on the network infrastructure of the website or in the event of suspicion of other unauthorized or abusive use of the website, the IP address and the other data will be evaluated for clarification and defense and, if necessary, used in the context of criminal proceedings for identification and for civil and criminal proceedings against the users concerned.

For the purposes described above, we have a legitimate interest in data processing within the meaning of art. 6 (1) (f) GDPR.

4 Use of one of our contact options

If you contact us via our contact addresses and channels (e.g., by email or telephone), your personal data will be processed. The data that you have provided to us will be processed, e.g., the name of your company, your name, your function, your email address or telephone number and your enquiry.

We process this data exclusively to respond to your enquiry in the best possible way. The legal basis for this data processing is our legitimate interest within the meaning of art. 6 (1) (f) GDPR in the best possible response to your enquiry or, if your enquiry relates to the establishment or performance of a client relationship, the performance of a contract within the meaning of art. 6 (1) (b) GDPR.

5 Applications

You can apply to us spontaneously or in response to a specific job advertisement via an email address. We process the following data:

Name
Surname
Email address
Cover letter
Curriculum Vitae (CV)
Certificates and diplomas

We will use this and any other information you voluntarily provide to us to assess and process your application. Applications from unsuccessful candidates will be deleted at the end of the application process unless you have expressly consented to a longer retention period, or we are not legally obliged to retain them for a longer period. The legal basis for the review of your application and the handling of the application process is the implementation of pre-contractual measures within the meaning of art. 6 (1) (b) GDPR.

6 Processing in the context of an attorney-client relationship

We process personal data in the context of your client relationship with us. Among other things, we process the following data:

Your contact information (e.g., name, address, telephone number, email address)
Information about the company for which you are contacting us and your role within the company
Billing & Payment Information
Identification and background information you provide to us
Information you provide to us in order to deal with your case
More information you provide to us.

We process this data in the context of the provision of our services to interact with you, to process your case in the best possible way for you, to communicate with you, to bill for the services provided, as well as to administer the client relationship with you. When opening a mandate and providing services, we may also obtain information about you from other sources, for example by consulting publicly available sources to update your information. In addition, we process the data when opening a mandate to carry out money laundering, conflict and reputation checks.

For the above-mentioned processing, we use Microsoft 365 and various applications contained therein (e.g., Word, PowerPoint, Excel, Outlook Teams, OneDrive and SharePoint) of Microsoft Corporation (One Microsoft Way Redmond, WA 98052-6399, USA) or Microsoft Ireland Operations Limited (One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland) (“Microsoft“). If we grant you direct access to Microsoft 365, you will also process the following data:

IP address used to access
Access data (e.g., username, data in the context of the so-called multi-factor authentication)
Master data (e.g., surname, first name, contact details, profile pictures)
Metadata of usage (e.g., time of access, date, type of access, details of the data/files/documents accessed and all activities related to use)

According to Microsoft, in this case, the data is primarily stored on servers in the EU. For this data processing, we have concluded a data processing agreement with Microsoft and agreed on extensive technical and organizational measures that correspond to the current state of the art in IT security, as well as the EU standard contractual clauses (with further measures) with Microsoft. Microsoft is committed to adhering to and maintaining professional secrecy

In connection with the use of Microsoft 365, Microsoft also processes certain data as an independent controller. Please note that we have no influence on Microsoft’s data processing. For more information about Microsoft’s data processing, please refer to their privacy policy.

The legal basis for the processing of personal data for the aforementioned purposes lies in the implementation of pre-contractual measures and the fulfilment of a contract within the meaning of art. 6 (1) (b) GDPR, in the fulfilment of legal obligations in accordance with art. 6 (1) (c) GDPR as well as in our legitimate interest in the goal-oriented and efficient management of the mandate within the meaning of art. 6 (1) (f) GDPR.

7 Processing during videoconferencing

To conduct telephone/video conferences, online meetings and webinars (“Teams Meeting“), we use Microsoft Teams from Microsoft. When using Microsoft Teams, various data is processed. As part of a Teams Meeting, the following data can be proceesed:

Information about the user (e.g., display name, email address, profile picture, preferred language)
Metadata of the Teams Meeting (e.g., date, time, meeting ID, phone numbers, location, text, audio, and video)
Authentication data, log files and log data
Content of the Teams Meeting as well as data when using the chat function
Information about incoming and outgoing phone numbers, country name, start and end times, if you dial into the Teams Meeting by phone

If we record Teams Meetings, we’ll let you know in advance and ask for your consent where necessary.

The legal basis for the processing of personal data is the implementation of pre-contractual measures and the fulfilment of a contract within the meaning of art. 6 (1) (b) GDPR, provided that the Teams Meetings takes place within the framework of the client relationship. Outside of the client relationship, the legal basis is our legitimate interest within the meaning of art. 6 (1) (f) GDPR to answer your enquiry in the best possible way.

8 Centralized data storage and marketing

8.1 Central data storage

We will store and link the data described in this privacy policy, in particular your personal data, your contact details and the data relating to the mandate, in a central database if it is possible to make a clear assignment to you. This allows us to manage your information effectively, respond to your requests and provide you with the services you require. The legal basis for this processing is our legitimate interest within the meaning of art. 6 (1) (f) GDPR in the efficient management of data. For this purpose, we use the software Vertec from Vertec AG (Wengistrasse 7, 8004 Zurich, Switzerland). The legal basis for this processing is our legitimate interest within the meaning of art. 6 (1) (f) GDPR in the use of third-party services.

8.2 Newsletter

If you have registered for our email newsletter, we collect the following data, with mandatory information marked accordingly (e.g. with an asterisk):

Email address
Name and surname

By registering, you consent to the processing of this data to receive news from us about our firm, our offers and related products and services. We will use your data to send emails until you withdraw your consent. You can opt-out at any time using the unsubscribe link in all our marketing emails.

Our marketing emails may contain a web beacon or 1×1 pixel or similar technology. A web beacon is an invisible graphic that is linked to the user ID of the respective newsletter subscriber. For each marketing email sent, we receive information about which addresses have not yet received the email, to which addresses it was sent, and to which addresses it failed to be sent. It also shows which addresses opened the email, for how long, and which links they clicked on. Finally, we also receive information about which addresses have unsubscribed. We use this data for statistical purposes and to optimize the marketing emails in terms of frequency, timing, structure and content of the emails. This allows us to better tailor the information in our emails to the individual interests of the recipients.

The web beacon is deleted when you delete the email. To prevent the use of the web beacon in our marketing emails, please set your email program not to display HTML in messages. Refer to the help sections of your email software for information on how to configure this setting, such as: here for Microsoft Outlook.

By subscribing to the newsletter, you also consent to the statistical evaluation of user behavior for the purpose of optimizing and adapting the newsletter. This consent constitutes our legal basis for the processing of the data within the meaning of art. 6 (1) (a) GDPR.

We use the email marketing software Newsletter2Go from Sendinblue GmbH (Köpenicker Strasse 126, 10179 Berlin, Germany) for marketing emails. Therefore, your data will be stored in a database of Sendinblue GmbH, which will allow them to access your data. The legal basis for this processing is our legitimate interest within the meaning of art. 6 (1) (f) GDPR in the use of third-party services.

9 Cookies

Cookies are information files that your web browser stores on your device’s hard drive or memory when you visit our website. Cookies are assigned identification numbers that identify your browser and allow the information contained in the cookie to be read.

Cookies help, among other things, to make your visit to our website easier, more pleasant and more meaningful. We use cookies for various purposes that are technically necessary for you to use the website. For example, cookies perform technical functions necessary for the operation of the website, such as load balancing, i.e., distributing the performance load of the page to different web servers to relieve the servers. Finally, we also use cookies in the design and programming of our website, e.g., to enable the uploading of scripts or code.

The legal basis for this processing is our legitimate interest within the meaning of art. 6 (1) (f) GDPR in providing a user-friendly and up-to-date website.

Most internet browsers automatically accept cookies. Details of the services associated with each cookie and data processing can be found in the following sections of this Privacy Policy.

You may also be able to configure your browser so that no cookies are stored on your device or that a notification always appears when you receive a new cookie. On the following pages you will find explanations on how to configure the processing of cookies on selected browsers.

Disabling cookies may prevent you from using all the features of our website.

10 Tracking & web analytics tools

10.1 General information about tracking

For the purpose of tailoring and continuously optimizing our website, we use the web analysis services listed below. In this context, pseudonymized user profiles are created and cookies are used. The information generated by the cookie about your use of this website is usually stored together with the information set out in section 3 log file data to a server of the service provider, where it is stored and processed. This may also result in a transfer to servers abroad. By processing the data, we obtain the following information, among other things:

Navigation path taken by a visitor on the website (including content viewed and products selected or purchased)
time spent on the website or subpage
the subpage on which the website is exited
the country, region or city from which access is made
device (type, version, color depth, resolution, width and height of the browser window) and
returning or new visitors

On our behalf, the provider will use this information to evaluate the use of the website, to compile evaluations of website activities for us and to provide other services related to website activity and internet usage for the purposes of market research and needs-based design of these websites.

For the further processing of the data by the respective provider as the (sole) controller under data protection law, in particular any disclosure of this information to third parties such as authorities due to national legal regulations, please note the provider’s data protection information.

10.2 Matomo

We use the Matomo tool on our website. Matomo is an open-source project. We use Matomo for statistical evaluations and analyses of our website. This allows us to constantly improve our offer and make it more interesting for you. Cookies are stored on your device for this evaluation. We store the information collected in this way exclusively on our server. We use Matomo with the “AnonymizeIP” extension. As a result, IP addresses are processed in an abbreviated manner, so that a direct personal reference can be excluded. The IP address transmitted by your browser via Matomo will not be merged with other data collected by us.

The legal basis for this processing is our legitimate interest within the meaning of art. 6 (1) (f) GDPR in providing a user-friendly and up-to-date website.

You can prevent the evaluation by deleting existing cookies and preventing the storage of cookies. Further information on Matomo’s data protection can be found in Matomo’s privacy policy.

11 Additional tools

11.1 Google Maps

On our website, we use Google Maps API (Application Programming Interface, “Google Maps“) from Google Ireland Limited (Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) or Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) (“Google“) for the visual presentation of geographic information (location plans). By using Google Maps, information about the use of our website, including your IP address, is transmitted to a Google server in the USA and stored there.

The integration of Google Maps allows us to visualize our location. This option constitutes our legitimate interest within the meaning of art. 6 (1) (f) GDPR.

It is possible to deactivate the Google Maps service and prevent data transfer to Google if you deactivate JavaScript in your browser. However, we would like to point out that in this case you will not be able to use the map display.

You can find more information about the collection, processing and use of your data by Google as well as your rights in this regard in the privacy policy by Google, and the additional terms for Google Maps or Google Earth.

11.2 Unpkg

We use the web service unpkg of Npm, Inc. (1999 Harrison Street #1150, Oakland, CA 94612, USA) (“unpkg“) on our website. We use unpkg as our content delivery network. The files embedded via unpkg are open source, so they can be viewed and checked at any time. Since unpkg uses the hosting provider Cloudflare to provide the data, the requests sent to these servers may be stored for statistical or other usage purposes.

The integration of unpkg offers us a technically secure, maintenance-free and efficient way to integrate external libraries and frameworks. This option constitutes our legitimate interest within the meaning of art. 6 (1) (f) GDPR.

If you have activated Java script in your browser and have not installed a Java script blocker, your browser may transmit personal data to unpkg. You can prevent unpkg from processing your data by disabling the execution of script code in your browser or by installing a script blocker in your browser.

For more information on how to process the data, please refer to the privacy policy of unpkg and the privacy policy by Cloudflare.

12 Social media

12.1 Our social media presence

On our website you will find the link to our presence on LinkedIn of Linkedin Unlimited Company, Wilton Place, Dublin 2, Ireland.

If you click on the LinkedIn icon, you will automatically be redirected to our profile or to the profiles of our employees on LinkedIn. This establishes a direct connection between your browser and LinkedIn’s server. As a result, LinkedIn receives the information that you have visited our website with your IP address and clicked on the link.

If you click on the LinkedIn icon while you are logged into your LinkedIn user account, the content of our website can be linked to your profile so that LinkedIn can assign your visit to our website directly to your account. If you want to prevent this, you should log out before clicking on the icon. In any case, a connection between your access to our website and your user account takes place when you log in to LinkedIn after clicking on the icon. LinkedIn is responsible for the associated data processing under data protection law. Therefore, please refer to the information on LinkedIn’s website.

The legal basis for any processing attributed to us is our legitimate interest within the meaning of art. 6 (1) (f) GDPR in the use and advertising of our social media presence.

12.2 Social plugins

On our website, you can use social plugins from the following providers:

Meta Platforms Inc., 1601 S California Ave, Palo Alto, CA 94304, USA, privacy policy;
X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, privacy policy;
LinkedIn Unlimited Company, Wilton Place, Dublin 2, Irland, privacy policy .

We use social plugins to make it easier for you to share content from our website. The social plugins help us to increase the visibility of our content in social networks and thus contribute to better marketing.

The plugins are deactivated by default on our websites and therefore do not send any data to the social networks when you simply visit our website. Only when you activate the plugins and thus give your consent to the transmission of data and further processing by the providers of the social networks, your browser establishes a direct connection to the servers of the respective social network.

The content of the plugin is transmitted directly from the social network to your browser and integrated into the website. As a result, the respective provider receives the information that your browser has accessed the corresponding page of our website, even if you do not have an account of this social network or are not currently logged in to it. This information (including your IP address) is transmitted by your browser directly to a server of the provider (usually in the USA) and stored there. We have no influence on the scope of data that the provider collects with the plugin, although from a data protection point of view we can be regarded as jointly responsible with the providers to a certain extent.

If you are logged in to the social network, it can assign your visit to our website directly to your user account. When you interact with the plugins, the corresponding information is also transmitted directly to a server of the provider and stored there. The information may also be published on the social network and may be displayed to other users of the social network. The provider of the social network may use this information for the purpose of placing advertising and designing the respective offer in line with demand. For this purpose, usage, interest and relationship profiles could be created, e.g., to evaluate your use of our website with regard to the advertisements displayed to you on the social network, to inform other users about your activities on our website and to provide other services related to the use of the social network. The purpose and scope of the data collection and the further processing and use of the data by the providers of the social networks, as well as your rights in this regard and setting options for the protection of your privacy, can be found directly in the privacy policy of the respective provider.

If you do not want the provider of the social network to assign the data collected via our website to your user account, you must log out of the social network before activating the plugins. In the case of the processing described above, your consent within the meaning of art. 6 (1) (a) GDPR forms the legal basis. You can revoke your consent at any time with effect for the future.

13 Disclosure of data to third parties

Without the support of other companies, we would not be able to provide our services in the desired form and efficiently. In order to be able to use the services of these other companies, it is also necessary to disclose your personal data to a certain extent. Such disclosure takes place, in particular, insofar as this is necessary for the performance of the client relationship. The legal basis for these transfers is the performance of the contract within the meaning of art. 6 (1) (b) GDPR.

The data will also be passed on to selected service providers and only to the extent necessary for the provision of the service. Various third-party service providers are already explicitly mentioned in this Privacy Policy. These are, for example, IT service providers (such as providers of software solutions) or advertising agencies. The legal basis for this data transfer is our legitimate interest within the meaning of art. 6 (1) (f) GDPR in the procurement of third-party services.

In addition, your data may be passed on, to courts, counterparties, authorities or correspondent lawyers, if this is necessary for the performance of the client relationship, if we are legally obliged to do so or if this is necessary to safeguard our rights, in particular to enforce claims arising from the relationship with you. Data may also be shared if another firm intends to acquire our firm or any part of it and such disclosure is necessary to conduct due diligence or to complete the transaction. Our legitimate interest within the meaning of art. 6 (1) (f) GDPR in safeguarding our rights and complying with our obligations or selling our law firm forms the legal basis for this data transfer.

14 Transfer of personal data abroad

We are entitled to transfer your personal data to third parties abroad if this is necessary to carry out the data processing specified in this Privacy Policy. Of course, the legal requirements on the disclosure of personal data to third parties are complied with. If the country in question does not have an adequate level of data protection, we ensure that your data is adequately protected by these companies by means of contractual arrangements.

15 Retention periods

We only store personal data for as long as it is necessary to carry out the processing described in this Privacy Policy within the scope of our legitimate interest. In the case of contract data, storage is prescribed by statutory retention obligations. Requirements that oblige us to retain data result from the provisions on accounting and tax regulations. According to these regulations, business communications, concluded contracts and accounting documents must be retained for up to 10 years. The data will be deleted or anonymized as soon as there is no longer any obligation to retain it and there is no longer a legitimate interest in storing it.

16 Data security

We use appropriate technical and organizational security measures to protect your personal data stored by us against loss and unlawful processing, in particular unauthorized access by third parties. Our employees and service providers are bound by us to maintain confidentiality and privacy. They will only have access to personal data to the extent necessary to perform their duties.

Our security measures are continuously adapted in line with technological developments. However, the transmission of information via the Internet and electronic means of communication always involves certain security risks and we cannot guarantee the security of information transmitted in this way.

17 Your rights

Provided that the legal requirements are met, you as a data subject have the following rights:

Right of access: You have the right to request access to your personal data stored by us at any time, free of charge, when we process it. This gives you the opportunity to verify which personal data we process about you and that we use it in accordance with applicable data protection regulations.
Right to rectification: You have the right to have inaccurate or incomplete personal data rectified and to be informed of the rectification. In this case, we will inform the recipients of the data concerned about the adjustments made, unless this is impossible or involves disproportionate effort.
Right to erasure: You have the right to have your personal data erased under certain circumstances. In individual cases, in particular in the case of statutory retention obligations, the right to deletion may be excluded. In this case, if the conditions are met, the deletion may be replaced by a blocking of the data.
Right to restriction of processing: You have the right to request that the processing of your personal data be restricted.
Right to data portability: You have the right to receive from us personal data that you have provided to us free of charge in a readable format.
Right to object: You can object to data processing at any time.
Right of revocation: In principle, you have the right to revoke your consent at any time. However, processing activities based on your consent in the past do not become unlawful as a result of your revocation.
Right to lodge a complaint: You have the right to lodge a complaint with a competent supervisory authority, e.g., against the way in which your personal data is processed.

To exercise these rights, please use the contact options under Section 2.

Updated: November 2023