Table of contents
In order to know what personal data we collect from you and for what purposes we use it, please take note of the following information. Regarding data protection, we are primarily guided by the legal requirements of Swiss data protection law, in particular the Swiss Federal Act on Data Protection (“FADP“), as well as the EU General Data Protection Regulation (“GDPR“), the provisions of which may be applicable in individual cases.
If you have any questions about data protection or would like to exercise your rights, please contact our data protection contact by sending an email to the following address: firstname.lastname@example.org
Alternatively, you can use the following address:
Thouvenin Attorneys at Law KLG
When you visit our website, the servers of our hosting provider (IN4OUT AG, Hintere Bahnhofstrasse 6, Aarau, Switzerland) store each access in a log file for a maximum period of 12 months. The following data is collected and stored by us until it is automatically deleted:
- the IP address of the requesting computer
- the date and time of access
- the name and URL of the retrieved file
- the website from which the access was made, with the search term used, if applicable
- the operating system of your device and the browser you are using (including type, version and language setting)
- Device type in case of access by mobile phones
- the city or region from which the access was made, and
- The name of your Internet access provider
This data is processed for the purpose of enabling the use of our website, ensuring system security and stability in the long term, as well as for error and performance analysis. It also allows us to optimize our website.
In the event of an attack on the network infrastructure of the website or in the event of suspicion of other unauthorized or abusive use of the website, the IP address and the other data will be evaluated for clarification and defense and, if necessary, used in the context of criminal proceedings for identification and for civil and criminal proceedings against the users concerned.
For the purposes described above, we have a legitimate interest in data processing within the meaning of art. 6 (1) (f) GDPR.
If you contact us via our contact addresses and channels (e.g., by email or telephone), your personal data will be processed. The data that you have provided to us will be processed, e.g., the name of your company, your name, your function, your email address or telephone number and your enquiry.
We process this data exclusively to respond to your enquiry in the best possible way. The legal basis for this data processing is our legitimate interest within the meaning of art. 6 (1) (f) GDPR in the best possible response to your enquiry or, if your enquiry relates to the establishment or performance of a client relationship, the performance of a contract within the meaning of art. 6 (1) (b) GDPR.
You can apply to us spontaneously or in response to a specific job advertisement via an email address. We process the following data:
- Email address
- Cover letter
- Curriculum Vitae (CV)
- Certificates and diplomas
We will use this and any other information you voluntarily provide to us to assess and process your application. Applications from unsuccessful candidates will be deleted at the end of the application process unless you have expressly consented to a longer retention period, or we are not legally obliged to retain them for a longer period. The legal basis for the review of your application and the handling of the application process is the implementation of pre-contractual measures within the meaning of art. 6 (1) (b) GDPR.
We process personal data in the context of your client relationship with us. Among other things, we process the following data:
- Your contact information (e.g., name, address, telephone number, email address)
- Information about the company for which you are contacting us and your role within the company
- Billing & Payment Information
- Identification and background information you provide to us
- Information you provide to us in order to deal with your case
- More information you provide to us.
We process this data in the context of the provision of our services to interact with you, to process your case in the best possible way for you, to communicate with you, to bill for the services provided, as well as to administer the client relationship with you. When opening a mandate and providing services, we may also obtain information about you from other sources, for example by consulting publicly available sources to update your information. In addition, we process the data when opening a mandate to carry out money laundering, conflict and reputation checks.
For the above-mentioned processing, we use Microsoft 365 and various applications contained therein (e.g., Word, PowerPoint, Excel, Outlook Teams, OneDrive and SharePoint) of Microsoft Corporation (One Microsoft Way Redmond, WA 98052-6399, USA) or Microsoft Ireland Operations Limited (One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland) (“Microsoft“). If we grant you direct access to Microsoft 365, you will also process the following data:
- IP address used to access
- Access data (e.g., username, data in the context of the so-called multi-factor authentication)
- Master data (e.g., surname, first name, contact details, profile pictures)
- Metadata of usage (e.g., time of access, date, type of access, details of the data/files/documents accessed and all activities related to use)
According to Microsoft, in this case, the data is primarily stored on servers in the EU. For this data processing, we have concluded a data processing agreement with Microsoft and agreed on extensive technical and organizational measures that correspond to the current state of the art in IT security, as well as the EU standard contractual clauses (with further measures) with Microsoft. Microsoft is committed to adhering to and maintaining professional secrecy
The legal basis for the processing of personal data for the aforementioned purposes lies in the implementation of pre-contractual measures and the fulfilment of a contract within the meaning of art. 6 (1) (b) GDPR, in the fulfilment of legal obligations in accordance with art. 6 (1) (c) GDPR as well as in our legitimate interest in the goal-oriented and efficient management of the mandate within the meaning of art. 6 (1) (f) GDPR.
To conduct telephone/video conferences, online meetings and webinars (“Teams Meeting“), we use Microsoft Teams from Microsoft. When using Microsoft Teams, various data is processed. As part of a Teams Meeting, the following data can be proceesed:
- Information about the user (e.g., display name, email address, profile picture, preferred language)
- Metadata of the Teams Meeting (e.g., date, time, meeting ID, phone numbers, location, text, audio, and video)
- Authentication data, log files and log data
- Content of the Teams Meeting as well as data when using the chat function
- Information about incoming and outgoing phone numbers, country name, start and end times, if you dial into the Teams Meeting by phone
If we record Teams Meetings, we’ll let you know in advance and ask for your consent where necessary.
The legal basis for the processing of personal data is the implementation of pre-contractual measures and the fulfilment of a contract within the meaning of art. 6 (1) (b) GDPR, provided that the Teams Meetings takes place within the framework of the client relationship. Outside of the client relationship, the legal basis is our legitimate interest within the meaning of art. 6 (1) (f) GDPR to answer your enquiry in the best possible way.
If you have registered for our email newsletter, we collect the following data, with mandatory information marked accordingly (e.g. with an asterisk):
- Email address
- Name and surname
By registering, you consent to the processing of this data to receive news from us about our firm, our offers and related products and services. We will use your data to send emails until you withdraw your consent. You can opt-out at any time using the unsubscribe link in all our marketing emails.
Our marketing emails may contain a web beacon or 1×1 pixel or similar technology. A web beacon is an invisible graphic that is linked to the user ID of the respective newsletter subscriber. For each marketing email sent, we receive information about which addresses have not yet received the email, to which addresses it was sent, and to which addresses it failed to be sent. It also shows which addresses opened the email, for how long, and which links they clicked on. Finally, we also receive information about which addresses have unsubscribed. We use this data for statistical purposes and to optimize the marketing emails in terms of frequency, timing, structure and content of the emails. This allows us to better tailor the information in our emails to the individual interests of the recipients.
The web beacon is deleted when you delete the email. To prevent the use of the web beacon in our marketing emails, please set your email program not to display HTML in messages. Refer to the help sections of your email software for information on how to configure this setting, such as: here for Microsoft Outlook.
By subscribing to the newsletter, you also consent to the statistical evaluation of user behavior for the purpose of optimizing and adapting the newsletter. This consent constitutes our legal basis for the processing of the data within the meaning of art. 6 (1) (a) GDPR.
We use the email marketing software Newsletter2Go from Sendinblue GmbH (Köpenicker Strasse 126, 10179 Berlin, Germany) for marketing emails. Therefore, your data will be stored in a database of Sendinblue GmbH, which will allow them to access your data. The legal basis for this processing is our legitimate interest within the meaning of art. 6 (1) (f) GDPR in the use of third-party services.
Cookies are information files that your web browser stores on your device’s hard drive or memory when you visit our website. Cookies are assigned identification numbers that identify your browser and allow the information contained in the cookie to be read.
The legal basis for this processing is our legitimate interest within the meaning of art. 6 (1) (f) GDPR in providing a user-friendly and up-to-date website.
You may also be able to configure your browser so that no cookies are stored on your device or that a notification always appears when you receive a new cookie. On the following pages you will find explanations on how to configure the processing of cookies on selected browsers.
Disabling cookies may prevent you from using all the features of our website.
For the purpose of tailoring and continuously optimizing our website, we use the web analysis services listed below. In this context, pseudonymized user profiles are created and cookies are used. The information generated by the cookie about your use of this website is usually stored together with the information set out in section 3 log file data to a server of the service provider, where it is stored and processed. This may also result in a transfer to servers abroad. By processing the data, we obtain the following information, among other things:
- Navigation path taken by a visitor on the website (including content viewed and products selected or purchased)
- time spent on the website or subpage
- the subpage on which the website is exited
- the country, region or city from which access is made
- device (type, version, color depth, resolution, width and height of the browser window) and
- returning or new visitors
On our behalf, the provider will use this information to evaluate the use of the website, to compile evaluations of website activities for us and to provide other services related to website activity and internet usage for the purposes of market research and needs-based design of these websites.
For the further processing of the data by the respective provider as the (sole) controller under data protection law, in particular any disclosure of this information to third parties such as authorities due to national legal regulations, please note the provider’s data protection information.
We use the Matomo tool on our website. Matomo is an open-source project. We use Matomo for statistical evaluations and analyses of our website. This allows us to constantly improve our offer and make it more interesting for you. Cookies are stored on your device for this evaluation. We store the information collected in this way exclusively on our server. We use Matomo with the “AnonymizeIP” extension. As a result, IP addresses are processed in an abbreviated manner, so that a direct personal reference can be excluded. The IP address transmitted by your browser via Matomo will not be merged with other data collected by us.
The legal basis for this processing is our legitimate interest within the meaning of art. 6 (1) (f) GDPR in providing a user-friendly and up-to-date website.
On our website, we use Google Maps API (Application Programming Interface, “Google Maps“) from Google Ireland Limited (Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) or Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) (“Google“) for the visual presentation of geographic information (location plans). By using Google Maps, information about the use of our website, including your IP address, is transmitted to a Google server in the USA and stored there.
The integration of Google Maps allows us to visualize our location. This option constitutes our legitimate interest within the meaning of art. 6 (1) (f) GDPR.
We use the web service unpkg of Npm, Inc. (1999 Harrison Street #1150, Oakland, CA 94612, USA) (“unpkg“) on our website. We use unpkg as our content delivery network. The files embedded via unpkg are open source, so they can be viewed and checked at any time. Since unpkg uses the hosting provider Cloudflare to provide the data, the requests sent to these servers may be stored for statistical or other usage purposes.
The integration of unpkg offers us a technically secure, maintenance-free and efficient way to integrate external libraries and frameworks. This option constitutes our legitimate interest within the meaning of art. 6 (1) (f) GDPR.
If you have activated Java script in your browser and have not installed a Java script blocker, your browser may transmit personal data to unpkg. You can prevent unpkg from processing your data by disabling the execution of script code in your browser or by installing a script blocker in your browser.
On our website you will find the link to our presence on LinkedIn of Linkedin Unlimited Company, Wilton Place, Dublin 2, Ireland.
If you click on the LinkedIn icon, you will automatically be redirected to our profile or to the profiles of our employees on LinkedIn. This establishes a direct connection between your browser and LinkedIn’s server. As a result, LinkedIn receives the information that you have visited our website with your IP address and clicked on the link.
If you click on the LinkedIn icon while you are logged into your LinkedIn user account, the content of our website can be linked to your profile so that LinkedIn can assign your visit to our website directly to your account. If you want to prevent this, you should log out before clicking on the icon. In any case, a connection between your access to our website and your user account takes place when you log in to LinkedIn after clicking on the icon. LinkedIn is responsible for the associated data processing under data protection law. Therefore, please refer to the information on LinkedIn’s website.
The legal basis for any processing attributed to us is our legitimate interest within the meaning of art. 6 (1) (f) GDPR in the use and advertising of our social media presence.
On our website, you can use social plugins from the following providers:
We use social plugins to make it easier for you to share content from our website. The social plugins help us to increase the visibility of our content in social networks and thus contribute to better marketing.
The plugins are deactivated by default on our websites and therefore do not send any data to the social networks when you simply visit our website. Only when you activate the plugins and thus give your consent to the transmission of data and further processing by the providers of the social networks, your browser establishes a direct connection to the servers of the respective social network.
The content of the plugin is transmitted directly from the social network to your browser and integrated into the website. As a result, the respective provider receives the information that your browser has accessed the corresponding page of our website, even if you do not have an account of this social network or are not currently logged in to it. This information (including your IP address) is transmitted by your browser directly to a server of the provider (usually in the USA) and stored there. We have no influence on the scope of data that the provider collects with the plugin, although from a data protection point of view we can be regarded as jointly responsible with the providers to a certain extent.
If you do not want the provider of the social network to assign the data collected via our website to your user account, you must log out of the social network before activating the plugins. In the case of the processing described above, your consent within the meaning of art. 6 (1) (a) GDPR forms the legal basis. You can revoke your consent at any time with effect for the future.
Without the support of other companies, we would not be able to provide our services in the desired form and efficiently. In order to be able to use the services of these other companies, it is also necessary to disclose your personal data to a certain extent. Such disclosure takes place, in particular, insofar as this is necessary for the performance of the client relationship. The legal basis for these transfers is the performance of the contract within the meaning of art. 6 (1) (b) GDPR.
In addition, your data may be passed on, to courts, counterparties, authorities or correspondent lawyers, if this is necessary for the performance of the client relationship, if we are legally obliged to do so or if this is necessary to safeguard our rights, in particular to enforce claims arising from the relationship with you. Data may also be shared if another firm intends to acquire our firm or any part of it and such disclosure is necessary to conduct due diligence or to complete the transaction. Our legitimate interest within the meaning of art. 6 (1) (f) GDPR in safeguarding our rights and complying with our obligations or selling our law firm forms the legal basis for this data transfer.
We use appropriate technical and organizational security measures to protect your personal data stored by us against loss and unlawful processing, in particular unauthorized access by third parties. Our employees and service providers are bound by us to maintain confidentiality and privacy. They will only have access to personal data to the extent necessary to perform their duties.
Our security measures are continuously adapted in line with technological developments. However, the transmission of information via the Internet and electronic means of communication always involves certain security risks and we cannot guarantee the security of information transmitted in this way.
Provided that the legal requirements are met, you as a data subject have the following rights:
- Right of access: You have the right to request access to your personal data stored by us at any time, free of charge, when we process it. This gives you the opportunity to verify which personal data we process about you and that we use it in accordance with applicable data protection regulations.
- Right to rectification: You have the right to have inaccurate or incomplete personal data rectified and to be informed of the rectification. In this case, we will inform the recipients of the data concerned about the adjustments made, unless this is impossible or involves disproportionate effort.
- Right to erasure: You have the right to have your personal data erased under certain circumstances. In individual cases, in particular in the case of statutory retention obligations, the right to deletion may be excluded. In this case, if the conditions are met, the deletion may be replaced by a blocking of the data.
- Right to restriction of processing: You have the right to request that the processing of your personal data be restricted.
- Right to data portability: You have the right to receive from us personal data that you have provided to us free of charge in a readable format.
- Right to object: You can object to data processing at any time.
- Right of revocation: In principle, you have the right to revoke your consent at any time. However, processing activities based on your consent in the past do not become unlawful as a result of your revocation.
- Right to lodge a complaint: You have the right to lodge a complaint with a competent supervisory authority, e.g., against the way in which your personal data is processed.
To exercise these rights, please use the contact options under Section 2.
Updated: November 2023