PRIVACY POLICY

1. What is this privacy policy about?

Grunder Rechtsanwälte AG (the “Firm“, hereinafter also “we“, “us“) is a law firm with its registered office in 6340 Baar, Zugerstrasse 32, Switzerland. In the course of our business activities, we obtain and process personal data, in particular personal data about our clients, associated persons, counterparties, courts and authorities, correspondent law firms, professional and other associations, visitors to our website, participants in events, recipients of newsletters and other bodies or their respective contact persons and employees (hereinafter also “you“). In this data protection declaration, we inform you about these data processing operations.

If you disclose data to us about other persons (e.g. family members, agents, counterparties or other connected persons), we will assume that you are authorised to do so and that this data is correct and that you have ensured that these persons have been informed about this disclosure, insofar as a legal duty to inform applies (e.g. by bringing this privacy policy to their attention in advance).

2. Who is responsible for the processing of your data?

The following person is responsible for the processing of your data as described in this policy:

Grunder Rechtsanwälte AG
Zugerstrasse 32
CH-6340 Baar
info@grunder-law.ch

3. For what purposes do we process which of your data?

Within the scope of a client relationship, we process the following personal data:

• Client data and data for the administration of the mandate: first name and surname as well as contact details of the contact persons, position and title, associated company/job, sector, any cross-connections (e.g. partner or related persons) and further background information from publicly accessible sources (e.g. commercial register), any assigning person, contents of the enquiry and mandate, counterparties and their representatives as well as further details for the examination of any conflicts of interest.
• Mandate data: Communication with clients, courts, opposing lawyers and third parties, advisory documentation, information disclosed to us by or on behalf of clients, opposing parties, courts, authorities and other parties to the proceedings or which we compile within the scope of our services.
• Service and billing data: Information about the services provided and billed, billing data, proof of services, invoices, payments, bank details.
• Supplementary information: Information related to the use of our newsletters and participation in our events and other information provided by clients.

We process personal data mainly to provide, document, bill and improve our services. This includes processing to meet legal requirements (e.g. to check for any conflicts of interest) and to enforce or defend legal claims. We also process the personal data of our clients in order to communicate with them, to answer enquiries and to send them newsletters, information about our firm and invitations to events, courses, conferences or lectures.

If you no longer wish to receive newsletters and invitations from us, you can unsubscribe at any time by clicking on the relevant link in the respective e-mails or by notifying the contact point in section 2 above.

Personal data of clients are subject to the professional secrecy of lawyers and, with the exception of our service providers, are not passed on to third parties. In order to ensure the protection of your personal data, the service providers concerned conclude a contract with us. This limits the use of your data by the service provider by way of a disclaimer.

Your personal data will only be passed on to third parties in the event of your express consent, a legal obligation or the enforcement of contractual interests on our part. Unless otherwise agreed, the personal data collected will only be stored for as long as necessary for the conclusion and execution of the contract or contractual or legal obligations or for similar purposes (including legal retention obligations). Personal data that is not required will subsequently be deleted.

4. Where does the data come from?

• From you: The majority of the data we process is provided by you (e.g. in connection with our services, use of our website, or communication with us).
• From third parties: We may also obtain data from publicly accessible sources (e.g. business registers, land registers, commercial registers, the media or the Internet including social media) or receive such data from public authorities, your employer or client who either has a business relationship with us or is otherwise involved with us, as well as from other third parties (e.g. clients, counterparties, legal protection insurers, contractual partners). This includes in particular the data we process in the course of initiating, concluding and executing contracts as well as data from correspondence and discussions with third parties.

5. To whom do we disclose your data?

In order to achieve the purposes described in this privacy policy, it may be necessary for us to disclose personal data to the following categories of recipients: External service providers, clients, counterparties and their legal representatives, business partners with whom we may need to coordinate the provision of legal services, and public authorities and courts.

6. Do your personal data also end up abroad?

We process and store personal data mainly in Switzerland and the European Economic Area (EEA), but potentially in any country in the world, depending on the case – for example, via subcontractors of our service providers or in proceedings before foreign courts or authorities. In the course of our work for clients, your personal data can also be transferred to any country in the world.

If a recipient is located in a country without adequate data protection, we require the recipient to adhere to an appropriate level of data protection. For this purpose, we utilize the revised standard contractual clauses provided by the European Commission, which can be accessed here: [https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?] (and if needed, we include any necessary supplements for compliance with Swiss regulations), unless the recipient is already governed by legally recognized data protection standards. We may also transfer personal data to a country without adequate data protection without concluding a separate contract for this purpose if we can rely on an exemption provision. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interest or if the performance of a contract which is in your interest requires such disclosure (e.g. when we pass on data to our correspondents), if you have given your consent, or if it is not possible to obtain your consent within a reasonable period of time and the disclosure is necessary to protect your life or physical integrity or that of a third party, or if the data in question has been made generally accessible by you and you have not objected to its processing. We may also rely on the exemption for data from a register provided for by law (e.g. HR) to which we have been legitimately given access.

7. What rights do you have?

You have certain rights in connection with our data processing. In accordance with applicable law, you may in particular request information about the processing of your personal data, have incorrect personal data corrected, request the deletion of personal data, object to data processing, request the release of certain personal data in a standard electronic format or their transfer to other data controllers.

If you wish to exercise your rights towards us, please contact us; you will find our contact details in section 2. In order to prevent misuse, we must identify you (e.g. with a copy of your identity card, if necessary).

Please note that these rights are subject to conditions, exceptions or limitations (e.g. to protect third parties or business secrets or due to our professional duty of confidentiality).

8. How are cookies, similar technologies and social media plug-ins used on our website?

When using our website (incl. newsletter), data is collected that is stored in logs (in particular technical data). In addition, we may use cookies and similar technologies (e.g. pixel tags or fingerprints) to recognise website visitors and newsletter users, to evaluate their behaviour and to recognise preferences. A cookie is a small file that is transmitted between the server and your system and enables the recognition of a specific device or browser.

You can set your browser to automatically reject, accept or delete cookies. You can also disable or delete cookies on a case-by-case basis. You can find out how to manage the cookies in your browser, in the help menu of your browser.

Both the technical data we collect and cookies do not usually contain any personal data. However, personal data that we or third-party providers commissioned by us store from you may be linked to the technical data or to the information stored in and obtained from cookies and thus possibly to your person.

We also use social media plug-ins, which are small pieces of software that create a connection between your visit to our website and a third-party provider. The social media plug-in tells the third-party provider that you have visited our website and may send the third-party provider cookies that they have previously placed on your web browser. For more information on how these third-parties use your personal data collected through their social media plug-ins, please refer to their respective privacy statements.

In addition, we use our own tools as well as third-party services (which may in turn use cookies) on our website, in particular to improve the functionality or content of our website (e.g. integration of videos or maps), to compile statistics.

Currently, we may use the services of the following service providers and advertising partners in particular, whereby their contact details and further information on the individual data processing can be found in the respective data protection declaration:

• Google Analytics
  Provider: Google LLC, Amphitheatre Parkway, Mountain View, CA 94043, USA
  Privacy policy: https://policies.google.com/privacy?hl=de
• Google Maps
  Provider: Google LLC, Amphitheatre Parkway, Mountain View, CA 94043, USA
  Privacy policy: https://policies.google.com/privacy?hl=de

Some of the third-party providers we use may be located outside of Switzerland. You can find information on the disclosure of data abroad under point 6. In terms of data protection law, they are partly order processors of us and partly responsible bodies. Further information on this can be found in the data protection declarations of the corresponding service providers.

We would like to point out that we make use of external IT service providers and cloud providers with servers in Switzerland within the scope of our mandate. We then use certain IT services and means of communication which may be associated with data security risks (e.g. e-mail, video conferences). It is up to you to inform us of your wish for special security measures.

9. How do we process personal data on our social networking sites?

We operate sites and other online presences on social networks and other platforms operated by third parties and process data about you in this context. In doing so, we receive data from you (e.g. when you communicate with us or comment on our content) and from the platforms (e.g. statistics). The providers of the platforms may analyse your usage and process this data together with other data they have about you. They also process this data for their own purposes (e.g. marketing and market research purposes and to manage their platforms), and act as their own data controllers for this purpose. For more information on processing by platform operators, please refer to the privacy statements of the respective platforms.

We currently use the following platform, whereby the identity and contact details of the platform operator can be found in the privacy policy in each case:

• LinkedIn
  Data protection notice: https://ch.linkedin.com/company/grunder-rechtsanwälte-ag
  Privacy Policy: https://de.linkedin.com/legal/privacy-policy

We are entitled, but not obliged, to check content before or after it is published on our online presences, to delete content without notice and, if necessary, to report it to the provider of the relevant platform.

The platform provider may be located outside of Switzerland. Information on the disclosure of data abroad can be found under point 6.

10. What else needs to be considered?

We do not believe that the EU General Data Protection Regulation (GDPR) applies to our data processing as a general rule. However, if this should exceptionally be the case for certain data processing operations, this Section 10 shall apply in addition exclusively for the purposes of the GDPR and the data processing operations subject to it.

We base the processing of your personal data in particular on the fact that

• it is necessary for the initiation, conclusion and performance of contracts and their administration and enforcement (Art. 6 Para. 1 lit. b EU General Data Protection Regulation);
• it is necessary for the legitimate interests of us or of third parties, namely for communication with you or third parties, to operate our website, to improve our electronic offers and registration for certain offers and services, for security purposes, for compliance with the law and internal regulations, for our risk management and corporate governance and for other purposes such as training and education, registration, evidence and quality assurance, organisation, implementation and follow-up of events and for the protection of further legitimate interests (Art. 6 para. 1 lit. f EU General Data Protection Regulation);
• it is required or permitted by law on the basis of our mandate or position under the law of the EU or the EEA or an EU member state (Art. 6 para. 1 lit. c EU General Data Protection Regulation) or is necessary to protect your vital interests or those of other natural persons (Art. 6 para. 1 lit. d DSGVO);
• you have separately consented to the processing, e.g. via a corresponding declaration on our website (Art. 6 para. 1 lit. a and Art. 9 para. 2 lit. a EU General Data Protection Regulation).
• If you do not provide certain personal data, this may mean that it is not possible to provide the associated services or conclude a contract. As a matter of principle, we state where personal data requested by us is mandatory.

The right to object to the processing of your data as set out in section 7 applies in particular to data processing for the purpose of direct marketing.

If you do not agree with our handling of your rights or data protection, please let us know (see contact details in section 2). If you are in the EEA, you also have the right to complain to the data protection supervisory authority in your country. A list of the authorities in the EEA can be found here: https://edpb.europa.eu/about-edpb/board/members_de.

11.  Can this privacy policy be changed?

No consent is required from clients, their employees or other contact persons to the privacy policy. The privacy policy merely provides information on the type, scope and purpose of the use of personal data by Grunder Rechtsanwälte AG. Grunder Rechtsanwälte AG reserves the right to unilaterally change the content of the aforementioned privacy policy at any time and without notice. It is therefore recommended that you regularly consult the privacy policy of Grunder Rechtsanwälte AG on our website.

If you have any questions or if you or your employees or other contact persons would like to exercise your or their data protection rights, please contact us at info@grunder-law.ch or write to Grunder Rechtsanwälte AG, Zugerstrasse 32, 6340 Baar.