In this data protection statement we (comtexto AG) explain how we collect and process personal data. This description is not exhaustive; other data protection statements govern specific issues as required. Personal data is defined as any information relating to an identified or identifiable person. When you provide us with the personal data of other persons (e.g. family members or colleagues), please ensure that these persons are aware of this data protection statement, and only share their personal data with us if you are allowed to do so, and if such personal data is correct. This data protection statement is based on the EU General Data Protection Regulation (GDPR). Although the GDPR is a regulation of the European Union (EU), it is of importance to us. The Swiss Federal Act on Data Protection (FADP) is strongly influenced by EU law, and enterprises outside the European Union or the European Economic Area (EEA) must comply with the GDPR under certain circumstances. We have therefore based this data protection statement on the standards of the GDPR.
1. Responsible party
comtexto is responsible for data processing as described here, unless otherwise agreed in specific cases. If you have any questions regarding data protection, please contact us at the following address: comtexto AG, Dufourstrasse 107, 8008 Zurich, Switzerland, tel.: +41 (44) 885 08 08, e-mail: email@example.com
2. Collection and processing of personal data
We mainly process personal data received in the course of relationships with our clients or other contractual relationships with their business partners or additional persons involved. We also process personal data collected from users during the operation of our websites and other applications. Insofar as this is allowed, we also obtain certain types of data from sources in the public domain (e.g. debt collection registers, land registries, commercial registers, press, Internet) or receive such data from our clients and their employees, from statutory authorities, courts (of arbitration) and other third parties (e.g. opposing parties, business and contractual partners of our clients). In addition to the data that you give us directly, the categories of personal data that we receive about you from third parties include but are not limited to information from public registers, information which we find in relation to official and legal proceedings, information relating to your professional function and activities (for example so that transactions with your employer can be carried out and handled with your assistance), information about you in correspondence and discussions with third parties, credit checks (if we handle transactions with you personally), information about you provided by people close to you (family, advisors, legal representatives, etc.) so that we can conclude or handle contracts with you or with your involvement (e.g. references, your address for deliveries, powers of attorney), information for compliance with legal requirements such as anti-money laundering legislation or export restrictions, information from banks, insurers, sales agents and our other contractual partners so that you can claim or render services (e.g. payments and purchases made), information from the media and Internet which relates to you (where appropriate in each specific case, e.g. in an advertisement, press review, marketing/sales material, etc.), your address and possibly your interests or other socio-demographic data (for marketing), data relating to use of the website (e.g. IP address, MAC address of the smartphone or computer, details of your device and settings, cookies, date and time of the visit, pages and content accessed, functions used, referring website, location details).
3. Purpose of data processing and legal framework
We mainly use the personal data we collect to conclude and handle our contracts with our clients and business partners, in particular for the rendering of legal services for our clients and the purchase of products and services from our suppliers and auxiliary agents (in particular solicitors, legal chambers or experts consulted both in Switzerland and abroad), and to meet our legal obligations in Switzerland and abroad. If you work for one of these clients or business partners, you may also become a data subject within this function. Furthermore, we also process your personal data and that of other data subjects, insofar as this is allowed and seems appropriate to us, for the following purposes in which we (and at times, third parties) have a legitimate interest in accordance with the purpose: provision and further development of our offers, services and websites and other platforms on which we are present; communication with third parties and processing of their enquiries (e.g. applications, media enquiries); advertising and marketing (including the execution of events), provided that you have not objected to the use of your data (if we send you advertising from us as an existing customer, you can object to this at any time, we will then put you on a blacklist against further advertising); market and opinion research, media monitoring; assertion of legal claims and defence in connection with legal disputes and official procedures; prevention and clarification of criminal offences and other misconduct (for example, conducting internal investigations, data analyses to combat fraud); warranties of our operations, in particular of IT, our websites and other platforms; video surveillance to protect property rights and other measures for IT, building and investment security and the protection of our employees and other persons and assets entrusted to us (e.g. access controls, visitor lists, network and mail scanners, telephone records); any transactions under company law and the associated transfer of personal data as well as measures for business management and to the extent necessary to comply with legal and regulatory obligations and internal regulations of SwissLegal. If you have given us your consent to process your personal data for specific purposes, we will process your personal data within the context of and based upon this consent, unless we have another legitimate basis or require such a basis for doing so. Once consent has been granted, it may be withdrawn at any time. This will not affect data processing which has already been completed. Contract performance will serve as a legitimate basis for the processing of personal data which is required for the performance of a contract (in particular for client relationships) where the data subject is a contractual party. This also applies to processing operations which are required for the performance of steps prior to entering into a contract. If the processing of personal data is required in order to comply with a legal obligation to which comtexto AG is subject, this fulfilment obligation serves as a legitimate basis. If data processing is required to safeguard a legitimate interest of comtexto AG or of a third party, and the interests, fundamental rights and freedoms of the data subject do not override the interest of the former, these legitimate interests will serve as a legitimate basis for data processing.
4. Cookies | Tracking and other technologies related to the use of our website
5. Disclosure and transfer of data abroad
If authorised and appropriate, we also disclose data to third parties in the course of our business activities and for the purposes set out in section 3, whether they process the data for us or want to use it for their own purposes. This relates to the following bodies in particular: Our service providers (e.g. banks, insurance companies), including contractors (e.g. IT providers); retailers, suppliers, auxiliary persons (such as, in particular, lawyers and law firms and experts commissioned in Switzerland and abroad) and other business partners; clients as well as companies associated with them and their counterparties in Switzerland and abroad; domestic and foreign authorities, offices or courts as well as arbitration courts; media, the public, including visitors to websites and social media; competitors, industry organisations, associations, organisations and other bodies; any counterparties or interested parties in the context of corporate transactions; other parties in possible or actual legal proceedings; all recipients in general. Some of these recipients are in Switzerland, but may be in any country of the world. The data can be transmitted in particular to the country of domicile of our clients, their affiliated companies, counterparties or business partners as well as to that of any service providers or experts consulted, or to a country in which our clients and their corporate groups are involved in proceedings. If we transmit data to a country without reasonable statutory data protection, we will provide an appropriate level of protection, as prescribed by law, through use of the appropriate contracts (based on the standard contract clauses of the European Commission), use of the Swiss-US Privacy Shield or Binding Corporate Rules, or will base our actions on the statutory exceptions of consent, contract execution, the establishment, exercise or enforcement of legal claims, overriding public interest, published personal data, or because such protection is required to protect the integrity of the data subjects. You can source a copy of the contractual safeguards mentioned above at any time from the contact person named in section 1. However, we reserve the right to redact copies for data protection reasons or on grounds of confidentiality, or to supply extracts only.
6. Duration of retention of personal data
We process and store your personal data for as long as it is required to meet our contractual and legal obligations or for the purposes pursued by its processing, i.e. for the full duration of the business relationship, for example (from the drafting and processing of a contract until its termination) and beyond, as set out by the statutory retention and documentation obligations. It is possible that personal data may be stored throughout the period during which claims may be asserted against our enterprise (i.e. during the statutory limitation period in particular), or for as long as we are required to do so by law or due to legitimate business interests (e.g. for evidentiary and documentation purposes). In principle we delete your personal data or render data anonymous wherever possible as soon as it is no longer required for the purposes stated above. Much shorter retention periods of twelve months or less apply to operating data (e.g. system protocols or logs).
7. Data security
We take technical and organisational security measures to protect your personal data against unauthorised access and misuse.
8. Obligation to provide personal data
In the course of our business relationship, you must provide personal data which is required for the establishment and implementation of a business relationship and the performance of the related contractual obligations (as a rule, you do not have a statutory obligation to provide us with data). Without this data, we will generally be unable to conclude or carry out a contract with you (or with the body or person you represent). In addition, the website cannot be used if certain information is not disclosed to ensure movement of data (e.g. IP address).
9. Rights of the data subject
Within the scope of the data protection law which applies to you, and insofar as the law provides for it (as in the case of the GDPR), you have the right to access, rectification, erasure, the right of restriction of data processing, and also the right to object to our data processing and to the provision of certain personal data for the purposes of transmission to another body (data portability). Please be aware however that we reserve the right to exercise the statutory restrictions applicable to us if we are obliged to retain or process certain data, have an overriding interest in such data (insofar as we are allowed to invoke this interest), or need it to assert claims. We will inform you of any costs incurred in advance. We have already notified you of the option to withdraw your consent in section 3. Please note that the exercising of these rights may conflict with contractual agreements, and could lead to early termination of the contract or result in costs, for example. We will inform you in advance in cases in which this is not already governed by the contract. The exercising of such rights generally requires that you provide clear proof of your identity (e.g. by submitting a copy of your ID if your identity is otherwise unclear or cannot be verified). To assert your rights, you may contact us at the address given in section 1. Moreover, every data subject has the right to assert their claims in a court of law or to lodge a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (https://www.edoeb.admin.ch/edoeb/en/home.html).
10. Inspectlet User Analytics
This website uses “inspectlet”, a web analytics service provided by Inspectlet. Inspectlet uses “cookies”, which are text files placed on your computer to help the website analyse how you use the site (for example, what site content is clicked on). No personal data is collected from you, processed or used for this purpose. User profiles are simply created with aliases. If you disagree with the collection and processing of your data by the Inspectlet analysis service, you may opt out at any time by following the instructions on their website: www.inspectlet.com/optout.
We may amend this data protection statement at any time without prior notice. The applicable version is the latest version as published on our website. Insofar as the data protection statement forms part of an agreement with you, we will inform you of any updates by e-mail or other suitable means (e.g. via the legal notice on our website).