If you provide us with data about other persons (e.g. family members, representatives, counterparties or other associated persons), we assume that you are authorized to do so and that this data is correct and that you have ensured that these persons are informed about this disclosure, insofar as a legal obligation to provide information applies (e.g. by bringing this data protection declaration to their attention in advance).
2. Who is responsible for processing your data?
T + 41 44 288 37 37
If you have any questions, please contact us at the above address.
3. For what purposes do we process which of your data?
If you make use of our services, use www.pontinova.law (hereinafter "Website") or otherwise have dealings with us, we obtain and process various categories of your personal data. In principle, we may obtain and otherwise process this data for the following purposes in particular:
- Communication: We process personal data so that we can communicate with you and with third parties, such as parties to proceedings, courts or authorities, by e-mail, telephone, letter or otherwise (e.g. to answer inquiries, in the context of legal advice and representation as well as the initiation or execution of contracts). This also includes providing our clients, contractual partners and other interested parties with information about events, changes to the law, news about our Law Firm or similar. This may take the form of newsletters and other regular contact (electronically, by post, by telephone). You can reject such communication at any time or refuse or revoke your consent to such communication. For this purpose, we process in particular the content of the communication, your contact details and the marginal data of the communication, but also image and audio recordings of (video) telephone calls. In the event of an audio or video recording, we will inform you separately and you are free to inform us if you do not wish to be recorded or to terminate the communication. If we need or want to establish your identity, we will collect additional data (e.g. a copy of an identity document).
- Initiation and conclusion of contracts: With regard to the conclusion of a contract, such as in particular a contract to establish a client relationship, with you or your client or employer, which also includes the clarification of any conflicts of interest, we may in particular obtain your name, contact details, powers of attorney, declarations of consent, information about third parties (e.g. contact persons, family details and counterparties, contract contents, date of conclusion, creditworthiness data and all other data which you provide to us or which we process. contact persons, family details and counterparties), contract contents, date of conclusion, creditworthiness data and all other data that you provide to us or that we collect from public sources or from third parties (e.g. commercial register, credit agencies, sanctions lists, media, legal expenses insurance or from the Internet).
- Administration and processing of contracts: We obtain and process personal data so that we can comply with our contractual obligations towards our clients and other contractual partners (e.g. suppliers, service providers, correspondence law firms, project partners) and, in particular, provide and demand the contractual services. This also includes data processing for client management (e.g. legal advice and representation of our clients before courts and authorities and correspondence) as well as data processing for the enforcement of contracts (debt collection, legal proceedings, etc.), accounting and public communication (if permitted). For this purpose, we process in particular the data that we receive or have collected as part of the initiation, conclusion and execution of the contract as well as data that we create as part of our contractual services or that we collect from public sources or from other third parties (e.g. courts, authorities, counterparties, information services, media, detective agencies or from the Internet). This data may include, in particular, minutes of meetings and consultations, notes, internal and external correspondence, contractual documents, documents that we prepare and receive in the context of proceedings before courts and authorities (e.g. statements of claim, appeals and complaints, judgments and decisions), background information about you, counterparties or other persons as well as other mandate-related information, proof of performance, invoices and financial and payment information.
- Improvement of our electronic offers: In order to continuously improve our website and other electronic offerings, we collect data about your behavior and preferences, for example by analyzing how you navigate through our website.
- Security purposes and access controls: We obtain and process personal data in order to ensure and continuously improve the appropriate security of our IT and other infrastructure. This includes, for example, monitoring and controlling electronic access to our IT systems and physical access to our premises, analyzing and testing our IT infrastructures, system and error checks and creating backup copies. For documentation and security purposes (preventive and to investigate incidents), we also keep access logs and visitor lists for our premises and use surveillance systems (e.g. security cameras). Surveillance systems are indicated by appropriate signs at the relevant locations.
- Compliance with laws, directives and recommendations from authorities and internal regulations ("compliance"): We obtain and process personal data to comply with applicable laws (e.g. to combat money laundering, tax obligations or our professional obligations), self-regulation, certifications, industry standards, our corporate governance and for internal and external investigations in which we are a party (to proceedings) (e.g. by a law enforcement or supervisory authority or a commissioned private body).
- Risk management and corporate governance: We obtain and process personal data as part of risk management (e.g. to protect against criminal activities) and corporate governance. This includes our business organization (e.g. resource planning) and corporate development (e.g. acquisition and sale of business units or companies).
- Job application: If you apply for a job with us, we obtain and process the relevant data for the purpose of reviewing the application, carrying out the application process and, in the case of successful applications, for the preparation and conclusion of a corresponding contract. In addition to your contact details and the information from the corresponding communication, we also process the data contained in your application documents and the data that we can additionally obtain about you, e.g. from job-related social networks, the Internet, the media and from references, if you consent to us obtaining references.
4. Where does the data come from?
- From you: You (or your end device) provide us with the majority of the data we process yourself (e.g. in connection with our services, the use of our website or communication with us). You are not obliged to disclose your data, with exceptions in individual cases (e.g. legal obligations). However, if you wish to conclude contracts with us or make use of our services, for example, you must provide us with certain data. The use of our website is also not possible without data processing.
- From third parties: We may also obtain data from publicly accessible sources (e.g. debt collection registers, land registers, commercial registers, media or the Internet incl. social media) or receive such data from (i) authorities, (ii) your employer or client who either has a business relationship with us or is otherwise involved with us, and from (iii) other third parties (e.g. clients, counterparties, legal expenses insurers, credit reference agencies, address dealers, associations, contractual partners, Internet analysis services). This includes, in particular, the data that we process in the context of the initiation, conclusion and execution of contracts as well as data from correspondence and discussions with third parties, but also all other categories of data.
5. To whom do we disclose your data?
In connection with the purposes listed in section 3, we transfer your personal data in particular to the categories of recipients listed below. If necessary, we will obtain your consent for this or have our supervisory authority release us from our professional duty of confidentiality.
- Service providers: We work with service providers in Germany and abroad who (i) process data on our behalf (e.g. IT providers), (ii) in joint responsibility with us or (iii) on their own responsibility, which they have received from us or collected for us. These service providers include, for example, IT providers, banks, insurance companies, debt collection agencies, credit agencies, address verifiers, other law firms or consulting firms. We generally agree contracts with these third parties on the use and protection of personal data.
- Clients and other contractual partners: This initially refers to clients and other contractual partners of ours for whom the transfer of your data arises from the contract (e.g. because you work for a contractual partner or they provide services for you). This category of recipients also includes entities with which we cooperate, such as other law firms in Switzerland and abroad or legal expenses insurance companies. The recipients generally process the data under their own responsibility.
- Authorities and courts: We may disclose personal data to offices, courts and other authorities in Switzerland and abroad if this is necessary for the fulfillment of our contractual obligations and in particular for the performance of our mandate, or if we are legally obliged or entitled to do so or if this appears necessary to protect our interests. These recipients process the data under their own responsibility.
- Counterparties and persons involved: Insofar as this is necessary for the fulfillment of our contractual obligations, in particular for the management of the mandate, we also pass on your personal data to counterparties and other persons involved (e.g. guarantors, financiers, affiliated companies, other law firms, persons providing information or experts, etc.).
- Other persons: This refers to other cases where the inclusion of third parties arises from the purposes set out in section 3. This applies, for example, to delivery recipients or payment recipients specified by you, third parties in the context of representation relationships (e.g. your lawyer or your bank) or persons involved in official or court proceedings. We may also pass on your personal data to our supervisory authority, in particular if this is necessary in individual cases to release you from our professional confidentiality obligation. If we cooperate with the media and transmit material to them (e.g. photos), you may also be affected. As part of our corporate development, we may sell or acquire businesses, business units, assets or companies or enter into partnerships, which may also result in the disclosure of data (including your data, e.g. as a client or supplier or as their representative) to the persons involved in these transactions. In the course of communication with our competitors, industry organizations, associations and other bodies, data relating to you may also be exchanged.All these categories of recipients may in turn involve third parties, so that your data may also become accessible to them. We can restrict the processing by certain third parties (e.g. IT providers), but not by other third parties (e.g. authorities, banks, etc.).We also enable certain third parties to collect personal data from you on our website on their own responsibility (e.g. providers of tools that we have integrated on our website). Insofar as we are not decisively involved in this data collection, these third parties are solely responsible for it. If you have any concerns and wish to assert your data protection rights, please contact these third parties directly.
6. Will your personal data also be sent abroad?
We process and store personal data mainly in Switzerland and the European Economic Area (EEA), but potentially in any country in the world, depending on the case - for example via subcontractors of our service providers or in proceedings before foreign courts or authorities. Your personal data may also be transferred to any country in the world as part of our work for clients.
If a recipient is located in a country without adequate data protection, we contractually oblige the recipient to comply with an adequate level of data protection (we use the revised standard contractual clauses of the European Commission, which are available here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?, including the supplements required for Switzerland), unless the recipient is already subject to a legally recognized set of rules to ensure data protection. We may also disclose personal data to a country without adequate data protection without concluding a separate contract if we can rely on an exemption clause for this. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interests or if the performance of a contract that is in your interest requires such disclosure (e.g, if we disclose data to our correspondence offices), if you have given your consent, or if it is not possible to obtain your consent within a reasonable period of time and the disclosure is necessary to protect your life or physical integrity or that of a third party, or if it concerns data that you have made generally accessible and whose processing you have not objected to. We may also rely on the exception for data from a legally prescribed register (e.g. HR) which we have legitimately obtained access to. We may also rely on the exception for data from a register provided for by law (e.g. HR), which we have legitimately obtained access to.
7 How are cookies and similar technologies used on our website?
7.1. What are cookies and similar technologies?
Our website may use "cookies" and similar technologies. These are small text files that are automatically stored on your computer or mobile device with the help of your browser when you visit our website. Cookies contain a unique identification number (ID) that enables us to distinguish individual visitors from one another. The distinction is usually made without directly identifying the individual persons. We may use the following categories of cookies:
- Session cookies: These are automatically deleted when the browser is closed.
- Persistent cookies: These are stored for a specified period after the browser is closed (usually between a few days and two years). Persistent cookies enable us to recognize visitors on subsequent visits.As a rule, technical data and cookies do not contain any personal information. However, if you have a user account, your personal data may be linked to the technical data and cookies.Some of our third-party providers may be located outside Switzerland. These third-party providers act partly as processors and partly as independent controllers. Further information can be found in their privacy policies.
7.3. What cookies and similar technologies do we use?
We may use the following types of cookies and similar technologies:
- Strictly necessary cookies: These are like basic building blocks and enable you to use the website, e.g. by saving your details in forms.
- Performance cookies: These cookies help the website to understand how you use it. They collect information about which pages are popular and how you move around the website to make the website faster and more user-friendly.
- Functional cookies: These cookies offer additional functions and personalized content. They store information such as language selection or show you products that you might like based on your previous interests.
- Marketing cookies: These cookies are used to show you personalized advertising tailored to your interests.
7.4. Which cookies and comparable technologies from other companies are used by us?
Provider: Google Ireland Ltd, Ireland
Data protection information: https://www.google.com/policies/privacy/7
7.5. Which social media plug-ins do we use?
We use social media plug-ins, small software components that establish a connection between your website visit and third-party providers. These plug-ins inform the third-party provider that you have visited our website and can transmit cookies that were previously placed in your web browser. Details on the use of your personal data by these third-party providers can be found in their privacy policies.
7.6. Which third-party services are integrated by us?
Provider: Webflow Inc., USA
Data protection information: https://webflow.com/legal/eu-privacy-policy
7.7. What else?
Some of the third-party providers we use may be located outside Switzerland. Information on the disclosure of data abroad can be found in section 6. In terms of data protection law, some of them are "only" processors on our behalf and some are controllers. Further information on this can be found in the data protection declarations.
8. How do we process personal data on our pages in social networks?
Provider: LinkedIn Ireland Unlimited Company, Ireland
Data protection information: https://de.linkedin.com/legal/privacy-policy
We are entitled, but not obliged, to check third-party content before or after its publication on our online presences, to delete content without notice and, if necessary, to report it to the provider of the platform in question.Some of the platform operators may be located outside Switzerland. Information on data disclosure abroad can be found in section 6.
9. What rights do you have?
Provided you meet the applicable requirements, you have the right to:
- Information about your personal data stored by us
- Correction of incorrect or incomplete personal data
- Deletion/anonymization of your personal data
- Restriction/revocation of the processing of your personal data
- Objection to our data processing
- Release of certain personal data in a structured, commonly used and machine-readable format.
Please note that there are legal provisions that oblige or entitle us to retain your data due to legal or contractual obligations. In these cases, we can only restrict or block your data to the extent necessary. If you are of the opinion that the processing of your data violates legal requirements, you can lodge a complaint with the competent supervisory authority. In Switzerland, this is the Federal Data Protection and Information Commissioner, Feldeggweg 1, 3003 Bern, Switzerland.
10. What else needs to be considered?
Please note that we will generally process your data for as long as required by our processing purposes, the statutory retention periods and our legitimate interests, in particular for documentation and evidence purposes, or for as long as storage is technically necessary (e.g. in the case of backups or document management systems). If there are no legal or contractual obligations or technical reasons to the contrary, we generally delete or anonymize your data after the storage or processing period has expired as part of our normal processes and in accordance with our retention policy.
If you do not provide certain personal data, this may mean that it is not possible to provide the associated services or conclude a contract. As a matter of principle, we indicate where personal data requested by us is mandatory.
If you do not agree with our handling of your rights or data protection, please let us know (see contact details in section 2). If you are located in the EEA, you also have the right to lodge a complaint with the data protection supervisory authority in your country. A list of authorities in the EEA can be found here: https://edpb.europa.eu/about-edpb/board/members_de.