Last update: December 10, 2018
1. Who processes personal data?
The controller of personal data is:
If you have any questions or concerns regarding data protection, please contact:
- Barbier Habegger Rödl Rechtsanwälte AG
- Alex Barbier
- Theaterstrasse 17
- CH-8400 Winterthur
2. What personal data do we process?
2.1. If you visit our website:
When you visit our website (www.bhr.law) our server stores a logfile. In the logfile, we collect and process the following data:
- The IP address from which our website was accessed. This is a number used on the Internet to communicate on the network.
- The date and time of access to our website.
- HTTP protocol information, such as protocol type, protocol version, http requests, status codes, information on the transferred data. This is technical data that is generated when network traffic on the Internet occurs.
- Error messages that occurred during access.
- The type and version of the browser utilized by the user, the operating system and the model of the computer or mobile device.
- The website from which the user accesses our website.
If you use our contact form, we collect and process the following data:
- First and last name
- Telephone number
- E-mail address
- The date and time when the message was sent
- The message you send to us including subject
Our contact page uses a plugin from Google Maps. Google Maps is a map service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, California 94043, USA. When you access the contact page, your browser establishes a direct connection to the Google server and Google transmits the map content directly to the browser. Personal data (including IP address, date and time of the access, location data) may be transmitted to Google. We have no control over the further processing of personal data by Google.
2.2. When we provide our services:
In connection with the offering and the provision of our legal services, we collect and process in particular the following data in our systems:
- Name and industry of our customers
- Contact information of our customers: Address, email address, landline number, mobile number, fax number, website, etc.
- Contact information of the contact persons at our customers: Name, address, e-mail address, landline number, mobile number, fax number, website, etc.
- Contact information of third parties involved in mandates (other consultants, counterparties, etc.): name, address, e-mail address, landline number, mobile number, fax number, Skype name, website, etc.
- Mandate information, such as mandate description, mandate budget, mandate tasks, mandate schedule, etc.
- Billing information, such as invoiced services, invoice amount, billing address, VAT information, etc.
- Data which, in the course of fulfilling our mandate, we receive from you, your employees and consultants, your employer or from third parties, or which we collect ourselves, such as:
- Contact information
- Court and administrative files
- Contracts, correspondence, e-mails, fact statements
- Data from public registers (e.g. commercial register, land register, debt collection register)
- Details about yourself and your background
- Public data available from the media and the Internet
- Data that we collect and process in order to comply with regulatory requirements (e.g. Professional Conduct requirements, anti-money laundering regulations)
- Bank and insurance data
3. For what purposes do we process your personal data?
3.1. If you visit our website:
We use this information to track and resolve technical issues, troubleshoot problems, prevent attacks on our infrastructure, support analysis in the event of hacker attacks, and compile visitor statistics for our website. We do not use this data for direct marketing, profiling or automated individual decision making.
3.2. When we provide our services:
We collect and process personal data in order to offer and provide legal services to our customers and to invoice them for the respective services. We do not use this data for direct marketing, profiling or automated individual decision-making.
4. What are the legal bases on which we process your personal data?
If the GDPR is applicable to the processing of your personal data, we must at this point inform you about the so-called legal basis for data processing.
4.1. If you visit our website:
We collect and process personal data according to the following legal bases: With respect to log files, we may process the data as we have a legitimate interest according to Article 6(1)(f) GDPR. This consists of understanding and solving technical problems, finding errors, averting attacks on our infrastructure, carrying out analyses in the event of a hacker attack and producing visitor statistics.
4.2. When we provide our services:
We collect and process the personal data according to the following legal bases:
- If the data in our systems refer to the customer. We may process the data as permitted by Article 6(1)(b) GDPR for the performance of a contract or for the implementation of pre-contractual measures taken at the request of the data subject.
- If the data in our systems do not refer to the customer. We may process the data because we and our customers have a legitimate interest in accordance with Article 6(1)(f) GDPR. This consists of the offering, providing and invoicing our clients' legal services.
5. To whom do we disclose your personal data?
We disclose personal data to the following persons:
- to data processors who process personal data on our behalf, in particular IT service providers. For the purpose of Professional Conduct, these processors are considered auxiliary persons within the meaning of Article 321 of the Swiss Criminal Code;
- only with the customer's consent to authorities, courts and arbitral tribunals;
- only with the customer's consent to counterparties and their lawyers and advisors as well as other parties involved in a mandate and their lawyers and advisors; and
- only with the customer's consent to the media and the public.
6. Do we transfer your personal data to third countries?
All our data processors (e.g. IT service providers) process personal data in Switzerland. The Swiss Data Protection Act offers an appropriate level of data protection. The transfer to third countries in the context of the use of social plugins is reserved (see Section 2.1). Google is covered by the so-called Privacy Shield and thus offer an appropriate level of data protection in accordance with the GDPR and Article 6(1) of the Swiss Data Protection Act.
7. How long do we store your personal data?
7.1. If you visit our website:
We store the personal data with respect to log files as follows. The data will remain on our systems until the operational necessity ceases and the statutory or contractual deadlines expire and will then be deleted automatically. For most data, the maximum storage period is six months.
7.2. When we provide our services:
We store data that we process in the course of providing our services for a period of ten years from the conclusion of the last mandate for the respective customer. Data that we have collected without subsequently establishing a customer relationship will be stored for three years from the date of collection.
8. What are your rights as a data subject in the European Union?
If your personal data is processed and the GDPR is applicable, you have the following rights towards us:
- Right of access. You have the right to obtain a confirmation as to whether personal data concerning you is being processed.
- Right to rectification. You have the right to obtain the rectification of inaccurate personal data. We must effect the rectification without delay.
- Right to restriction of processing. You have the right to obtain restriction of processing where one of the following applies:
- you contest the accuracy of the personal data, for a period enabling us to verify the accuracy of the personal data;
- the processing is unlawful, and you oppose the erasure of the personal data and request the restriction of their use instead;
- we no longer need the personal data for the purposes of the processing, but you require them for the establishment, exercise or defense of legal claims; or
- you have objected to processing pending the verification whether our legitimate grounds override those of you.
- Right to erasure. You have the right to obtain the erasure of personal data without undue delay and we shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
- The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- the data subject objects to the processing and there are no overriding legitimate grounds for the processing; or
- the personal data have been unlawfully processed.
- Right to notification. If you have exercised your right of rectification, erasure or restriction, we shall communicate such rectification, erasure of data or restriction of processing to each recipient to whom personal data have been disclosed, unless this proves impossible or involves disproportionate efforts.
- Right to object. You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on the legal basis of legitimate interest.
- Right to lodge a complaint with the supervisory authority. Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes the GDPR.