Privacy Notice
With this privacy notice, Glatthard Advokatur & Notariat AG (Hauptstrasse 95, 3855 Brienz, Switzerland) (hereinafter referred to as we or Glatthard) informs you how we collect, use, disclose and otherwise process personal data. This is not necessarily an exhaustive description; other privacy notices, individual notices or information may apply to specific matters. Personal data is understood to be all information that relates to a specific or identifiable natural person.
Data Controller and Contact Details
The controller of the data processing described in this privacy notice is Glatthard Advokatur & Notariat Ltd., unless we inform you otherwise in certain cases. You can notify us of any data protection-related concerns using the following contact details:
Glatthard Advokatur & Notariat Ltd.
Hauptstrasse 95
3855 Brienz
Switzerland
Tel: +41 (0)33 951 10 10
info@glatthard.law
Collection and Processing of Personal Data
We process personal data that we receive from you, our clients and their employees, business partners, from authorities, courts, arbitral tribunals or other third parties (such as e.g., opposing parties or business partners of our clients), that we receive when participating in training courses, events or competitions, or that we collect from through our websites, apps and other applications and offers. Insofar as it is permitted to us, we may also obtain certain personal data from publicly accessible sources.
The categories of personal data that we collect and process about you may include, in particular, the following data:
- Personal information and contact details, such as name, address, telephone number, e-mail address, date of birth, nationality, gender, pictures, professional functions and activities, education, qualifications, information on family members, relatives and related or affiliated persons, affiliations with third parties.
- Information relating to mandates and other agreements, such as contracts and contractual obligations, scope of work, claims, communication relating to mandates and other agreements.
- Information contained in communication and other interactions with us, such as correspondence by letter or e-mail or through other means of communication with you or with third parties, meetings, call history, notes relating to communication, access logs, inquiries, social media activities.
- Financial information, such as invoicing information, payment details, bank details, information relating to insurance, financial situation, accounting information, creditworthiness, debt enforcement and bankruptcy information.
- Information relating to administrative, court or other proceedings, such as information on claims and defenses, persons involved and the matter at issue, criminal prosecution and conviction.
- Information regarding legal regulations, such as anti-money laundering and export restrictions.
- Data related to marketing activities, such as preferences and interests, newsletter opt-ins and opt-outs, responses to marketing activities, invitations and participation in events and activities.
- Data related to the use of our website and other applications, such as connection data, IP address and other identifiers (e.g. user name in social media, MAC address of the smartphone or computer, data from cookies and similar technologies), date and time of the visit to our website, duration of the visit to the website, requested internet address (URL), referrer URL (i.e. the internet address of the website from which you accessed our website, if applicable with the search term used), browser type and version, operating system used, amount of data sent in bytes, and the search term used, location data, pages and content accessed, functions used.
- Data obtained from public registers and other public sources, such as the debt enforcement register, credit rating directories, land register, commercial register, media and internet.
Purposes of the Data Processing and Possible Legal Bases
We may process personal data in accordance with applicable data protection law for the following purposes and, if necessary under applicable data protection law, on the basis of the following legal bases:
- For the performance of contracts: We process personal data in connection with the conclusion and performance of contracts with our clients and business partners, in particular in the context of providing legal services to our clients and the procurement of products and services from our suppliers and subcontractors (e.g., foreign and domestic lawyers and law firms or experts), as well as in order to comply with our legal obligations relating thereto. You may be affected by our data processing in your capacity as an employee of a client or business partner. The purposes of data processing and any further data protection information may be found in the respective contracts, terms and conditions and/or other applicable terms.
- To fulfill legal obligations: We process personal data in order to comply with our legal or regulatory obligations. Processing purposes include, but are not limited to documenting compliance with legal and regulatory requirements.
- To safeguard legitimate interests: We process personal data for the following purposes if this is necessary to protect the legitimate interests of us or of third parties or to protect legitimate public interests:
a) providing and developing our products, services and websites, applications and other platforms, on which we are active;
b) communication with third parties and the processing of their requests (e.g., job applications, media inquiries);
c) advertising and marketing (including organizing events), provided that you have not objected to the use of your data for this purpose (if you are part of our client base and you receive marketing communication, you may object at any time);
d) market and opinion research, media surveillance;
e) asserting legal claims and defense in legal disputes and official proceedings;
f) prevention and investigation of criminal offences and other misconduct (e.g., conducting internal investigations, data analysis to combat fraud);
g) ensuring our business operations, including our IT, our websites, apps and other appliances;
h) video surveillance to protect the domiciliary rights and other measures to ensure the safety of our premises and facilities as well as protection of our employees and other individuals and assets owned by or entrusted to us (such as e.g., access controls, visitor logs, network and mail scanners, telephone recordings);
g) possible corporate transactions and the transfer of personal data related thereto as well as measures for business management and compliance with legal and regulatory obligations as well as internal regulations of Glatthard. - Based on your consent: If you have given us consent to process your personal data for certain purposes (for example, when you register to receive newsletters), we process your personal data within the scope of and based on this consent, unless we have another legal basis and we require such a basis. Consent given can be revoked at any time, but this has no effect on data processing that has already taken place.
Cookies, Tracking and other Technologies related to the use of our Website
We use cookies and similar technologies on our website and with respect to our marketing communication that allow us to store information on your device and/or access information stored on your device or to receive information on your response to website offerings and other marketing activities. This allows us to better understand user behavior and preferences, e.g. to provide our services in a technically error-free, secure, user-friendly and demand-oriented manner:
- Cookies: These are small text files that are permanently or temporarily stored on your device when you visit our website. Through the use of cookies, your browser receives an identifier and shows it on request to. We use so-called session cookies. These save your entries while you navigate on the website within the same session. Session cookies are automatically deleted after your visit to our website. We also use permanent cookies that remain stored on your device for several sessions over a defined term and allow us to recognize your browser the next time you visit the website (and, for example, to perform an automatic log-in or to display the website in your preferred language and according to your preferences). We use permanent cookies to remember your preferences (e.g., language), to help us understand how you use our services and content. If you block cookies, certain functionalities (such as language selection) may no longer work. Permanent cookies are deleted when their expiration date is reached or if you delete them beforehand. Most browsers are set to accept cookies by default. Further details on the cookies used on this website may be found in the Appendix to this privacy notice.
- Social Media Plug-Ins: You can recognize plug-ins by the corresponding network logo or the «like» or «share» buttons on our website. By clicking on the plug-in, you can share content from our website on the relevant social network. The plug-in reports to the social network that your IP address is visiting our website. This can happen even if you are not logged into the social network or are not a member of the social network. If you are logged into the social network, the social network can assign your surfing behavior directly to your profile there.The social network is responsible for the processing of your personal data transmitted with the plug-in and the data protection provisions of the respective social network apply. We do not obtain precise knowledge of the content and scope of the transmitted data and its use by the social network and do not exercise any influence on it. As a rule, this involves the following data: website visited, data transmitted by your browser (IP address, browser type and version, operating system, time) and your identification number in the social network, provided you are registered there as a user.If you share content via a plug-in, you are not authorized to speak on our behalf. These are your own expressions, for which we are not responsible and liable.
- Tracking of Marketing Communication: We use tracking technology in our marketing communications (e.g., newsletter, invitations) which helps us to appraise whether marketing e-mails or other communication have been opened, replied or forwarded and links followed.
- Website Analytics: We use Pirsch Analytics on our website. This is a service of Emvi Software GmbH (pirsch.io), with which we can measure and evaluate the use of the website (not personal). Pirsch Analytics does not receive any personal data from us (and does not retain any IP addresses), but it can track your use of the website. Further information on Pirsch Analytics and the data processed can be found here: pirsch.io/privacy-friendly-analytics.
Cookies and similar technologies generally do not provide personal data, but only anonymous traffic data related to your device (e.g., your IP address) and statistical data (e.g., number and type of website visits). However, to the extent that the identifiers collected are classified as personal data by applicable law, we treat them as such. In addition, we sometimes combine non-personal data collected using these technologies with other personal data held by Glatthard. When we combine data in this way, we treat the combined data as personal data for the purposes of this privacy notice.
By using our websites, apps and consenting to receive newsletters and other marketing emails, you accept the use of the above mentioned technologies. If you do not wish to do so, you can block or delete the cookies and similar technologies via the privacy settings of your browser and e-mail program, whereby this may under certain circumstances affect the use of our website.
Disclosure of Personal Data to other Persons
We may disclose personal data to the following categories of recipients:
- Clients, their affiliates, opposing parties, transaction parties and other persons involved in matters and proceedings we are working on;
- Courts, arbitral tribunals, public authorities, regulatory bodies, self-regulatory bodies;
- Business partners, service providers and suppliers we work with (e.g., other lawyers and law firms, experts, banks, insurance companies), who may act as independent data controllers or process personal data for our own purposes (e.g., providers of cloud and other IT services);
- The public, including users of our websites and social media;
- Competitors, industry organizations, associations, organizations and other bodies.
Disclosure of Personal Data Abroad
Recipients of personal data may be located in Switzerland or abroad. We may disclose personal data to recipients in the EU/EEA, the UK, the USA or any other country of the world, whereby the location of the recipient depends on the matter at hand and may in particular include countries where our clients are present (such as EU/EEA member states, UK, Brazil, China, Japan, USA) as well as to the countries in which our service providers process their data (such as EU/EEA member states, UK, USA).
If we disclose personal data to a country without adequate data protection legislation, we will ensure that this is done in compliance with applicable date protection law. In particular, we may disclose personal data to such countries in the following circumstances:
- You give your express consent.
- It is necessary for the execution of a contract with you or of a contract in your interest.
- It is necessary for the fulfillment of a legal obligation.
- It is necessary to safeguard overriding public interests, to establish, exercise or enforce legal claims or to protect the life or physical integrity of you or third parties.
- You have made the personal data generally accessible and do not expressly prohibit processing.
- The personal data originate from a register provided for by law, which is public or accessible to persons with an interest worthy of protection, insofar as the legal requirements for inspection are met in the individual case.
We ensure adequate protection, namely by means of sufficient contractual guarantees such as the standard contractual clauses of the European Commission or by relying on another legal transfer tool. You can obtain a copy of the contractual guarantees from the contact point mentioned above or find out from them where such a copy can be obtained.
Duration and Retention of Personal Data
We process and store personal data as long as it is necessary for the processing purpose for which we collected it. Typically, this is for the term of our business relation and thereafter, as long as we have a legitimate interest in retaining the information (e.g., for applicable statute of limitation, for record retention and know-how purposes). In addition, there may be a contractual or legal obligation to retain or document data (e.g. in accordance with the Swiss Code of Obligations, Value Added Tax Act, etc.). It is possible that personal data will be stored for the time during which claims can be asserted against us or and insofar as we are otherwise legally obligated to do so or legitimate business interests require this (e.g. for evidence and documentation purposes). If the personal data is no longer required, it will be deleted or anonymized as far as possible. Subject to an express written agreement, we are under no obligation to you to retain personal data for a specific period of time.
Data Security
We take appropriate technical and organizational security measures to protect your personal data from unauthorized access and misuse, such as the issuance of warnings, training, IT and network security solutions, access controls and restrictions, encryption of data media and transmissions, pseudonymization, controls.
Rights of the Data Subject
In accordance with and as far as provided by applicable law (as is the case where the GDPR is applicable), you have the right to access, rectify and erase of your personal data, the right to restriction of processing or to object to our data processing in addition to right to receive certain personal data for transfer to another controller (data portability). Please note, however, that we reserve the right to enforce statutory restrictions on our part, for example if we are obliged to retain or process certain data, have an overriding interest (insofar as we may invoke such interests), are bound to maintain confidentiality or need the data for asserting claims. If exercising certain rights incurs costs for you, we will notify you thereof in advance. We have already informed you of the possibility to withdraw consent in Section 3 above.
In general, exercising these rights requires that you are able to prove your identity (e.g., by a copy of identification documents when your identity is not evident otherwise or cannot be verified in another way). In order to assert these rights, please contact us at the addresses provided in Section 1 above.
You have the right to enforce your claims in court or to file a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).
Obligations of the Data Subject
In the context of our business relationship, you must provide the personal data that is required for the establishment and implementation of a business relationship and the fulfillment of the associated contractual obligations (you do not usually have a legal obligation to provide us with data). Without this data, we will generally not be able to enter into or perform a contract with you (or the entity or person you represent). Also, the Website cannot be used if certain traffic-securing information (such as IP address) is not disclosed.
If you provide us with personal data of other persons (e.g. data of work colleagues), please make sure that these persons are aware of this privacy notice and only share their personal data with us if you are allowed to do so and if this personal data is correct.
Please note that the Internet is generally not a secure environment because it is an open network that can be accessed by anyone. Therefore, we also appeal to your personal responsibility with regard to the handling of your personal data. To the extent permitted by law, we exclude liability for the security of data that you transmit to us via the Internet (e.g. by e-mail) or other electronic channels and for any direct or indirect damage. We ask you to choose other communication channels, should this appear necessary or reasonable for security reasons.
Modification of the Pricacy Notice
We may amend this privacy notice at any time without prior notice. The current version published on our website (https://www.glatthard.law/privacy) shall apply.
Version effective as of 1 October 2023.