Status: 1 September 2023
Table of contents
- What is this Privacy Statement about?
- Who is responsible for processing your data?
- For what purposes do we process which of your data?
- Where does the data come from?
- Who do we disclose your data to?
- Does your personal data also end up abroad?
- What rights do you have?
- How do we process personal data on our social network pages?
- What else needs to be considered?
- Can this Privacy Statement be amended?
When you use our services, https://www.hol-law.ch/ (hereinafter referred to as the “website”), or otherwise deal with us, we obtain and process various categories of your personal data. In principle, we may obtain and otherwise process this data in particular for the following purposes:
- Communication: We process personal data so that we can communicate with you as well as with third parties, such as parties to proceedings, courts or authorities, by e-mail, telephone, letter or otherwise (e.g. to answer enquiries, in the context of legal advice and representation as well as the initiation or execution of contracts). This also includes that we may send our clients, contractual partners and other interested persons information about events, changes in the law, news about our law firm or similar. This may take the form of newsletters and other regular contacts (electronically, by post, by telephone). You can refuse such communication at any time or refuse or revoke consent to such communication.
- Initiation and conclusion of contracts: With regard to the conclusion of a contract, in particular a contract for the establishment of a mandate relationship, with you or your client or employer, which also includes the clarification of any conflicts of interest, we may in particular obtain and otherwise process your name, contact details, powers of attorney, declarations of consent, information about third parties (e.g. contact persons, details of family and counterparties) and all other data which you provide to us or which we obtain from public sources or counterparties. (e.g. contact persons, family details and counterparties), contract contents, date of conclusion, creditworthiness data and all other data which you make available to us or which we collect from public sources or third parties (e.g. commercial register, credit agencies, sanctions lists, media, legal protection insurance companies or the Internet).
- Administration and processing of contracts: We obtain and process personal data so that we can comply with our contractual obligations towards our clients and other contractual partners (e.g. suppliers, service providers, correspondence law firms, project partners) and, in particular, so that we can provide and demand contractual services. This also includes data processing for client management (e.g. legal advice and representation of our clients before courts and authorities and correspondence) as well as data processing for the enforcement of contracts (debt collection, legal proceedings, etc.), accounting and public communication (if permitted). For this purpose, we process in particular the data which we receive or have collected in the course of the initiation, conclusion and execution of the contract as well as data which we compile in the course of our contractual services or which we collect from public sources or other third parties (e.g. courts, authorities, counterparties, information services, media, detective agencies or from the Internet). This data may include, in particular, minutes of meetings and consultations, notes, internal and external correspondence, contractual documents, documents that we prepare and receive in the course of proceedings before courts and authorities (e.g. complaints, appeals and complaints, judgements and decisions), background information about you, opposing parties or other persons, as well as other mandate-related information, proof of services, invoices and other documents.
- Improving our digital offerings: In order to continuously improve our website and other electronic offers, we collect data about your behaviour and preferences, for example by analysing how you navigate through our website and how you interact with our social media profiles and other linked information offers.
- Security purposes and access control: We obtain and process personal data to ensure and continuously improve the appropriate security of our IT and other infrastructure. This includes, for example, monitoring and controlling electronic access to our IT systems as well as physical access to our premises, analyses and tests of our IT infrastructures, system and error checks and the creation of security copies. For documentation and security purposes (preventive and incident investigation), we conduct.
- Compliance with laws, directives and recommendations of authorities and internal regulations (“Compliance”): We obtain and process personal data to comply with applicable laws (e.g. anti-money laundering, tax obligations or our professional duties), self-regulations, certifications, industry standards, our corporate governance and for internal and external investigations to which we are a party (e.g. by a law enforcement or regulatory authority or a mandated private body).
- Risk management and corporate governance: We obtain and process personal data in the context of risk management (e.g. to protect against tortious activities) and corporate governance. This includes, among other things, our business organisation (e.g. resource planning) and business development (e.g. acquisition and sale of business units or companies)..
- Job application: If you apply for a job with us, we obtain and process the relevant data for the purpose of checking the application, carrying out the application procedure and, in the case of successful applications, for the preparation and conclusion of a corresponding contract. In addition to your contact data and the information from the corresponding communication, we also process in particular the data contained in your application documents and the data that we can additionally obtain about you, for example from job-related social networks, the Internet, the media and from references, if you consent to us obtaining references.
- Other purposes: Other purposes include, for example, training and educational purposes as well as administrative purposes (e.g. bookkeeping). In addition, we may process personal data for the organisation, implementation and follow-up of events, such as in particular lists of participants and the content of presentations and discussions, but also image and audio recordings made during these events. The protection of other legitimate interests is also one of the other purposes, which cannot be named exhaustively.
- From you: The majority of the data we process is provided by you (or your terminal device) (e.g. in connection with our services, the use of our website or communication with us). You are not obliged to disclose your data, with exceptions in individual cases (e.g. legal obligations). However, if you wish to conclude contracts with us or use our services, for example, you must provide us with certain data. The use of our website is also not possible without data processing.
- From third parties: We may also obtain data from publicly accessible sources (e.g. debt collection registers, land registers, commercial registers, the media or the Internet including social media) or receive such data from (i) public authorities, (ii) your employer or client who either has a business relationship with us or is otherwise involved with us, as well as from (iii) other third parties (e.g. clients, counterparties, legal protection insurers, credit agencies, address dealers, associations, contractual partners, Internet analysis services). This includes in particular the data that we process in the context of the initiation, conclusion and execution of contracts as well as data from correspondence and discussions with third parties, but also all other categories of data.
In connection with the purposes listed in section 3, we transfer your personal data in particular to the categories of recipients listed below. If necessary, we obtain your consent for this or have our supervisory authority release us from our professional duty of confidentiality.
- Service provider: We work with service providers in Germany and abroad who (i) process data on our behalf (e.g. IT providers), (ii) process data jointly with us or (iii) process data on their own responsibility which they have received from us or collected on our behalf. (These service providers include, for example, IT providers, banks, insurance companies, debt collection companies, credit reference agencies, address checkers, other law firms or consulting companies).
- Clients and other contractual partners: First of all, this refers to clients and other contractual partners of ours for whom the transfer of your data arises from the contract (e.g. because you work for a contractual partner or because he provides services for you). This category of recipients also includes bodies with which we cooperate, such as other law firms in Germany and abroad or legal expenses insurers. The recipients process the data under their own responsibility as a matter of principle.
- Authorities and courts: We may pass on personal data to offices, courts and other authorities in Switzerland and abroad if this is necessary for the fulfilment of our contractual obligations and, in particular, for the conduct of our mandate, or if we are legally obliged or entitled to do so, or if this appears necessary to protect our interests. These recipients process the data under their own responsibility.
- Counterparties and persons involved: If this is necessary for the fulfilment of our contractual obligations, in particular for the management of the data, we will also disclose your personal data to counterparties and other persons involved (e.g. guarantors, financiers, affiliated companies, other law firms, information providers or experts, etc.).
- Other persons: This refers to other cases where the inclusion of third parties results from the purposes according to section 3. This concerns, for example, delivery addressees or payment recipients specified by you, third parties within the framework of representative relationships (e.g. your lawyer or your bank) or persons involved in official or legal proceedings. We may also disclose your personal data to our supervisory authority, in particular if this is necessary in individual cases to release you from our professional duty of confidentiality. If we work with the media and provide them with material (e.g. photographs), you may also be affected. In the course of developing our business, we may sell or acquire businesses, parts of businesses, assets or companies or enter into partnerships, which may also result in the disclosure of data (including data about you, e.g. as a client or supplier or as their representative) to the persons involved in these transactions. Communications with our competitors, industry organisations, associations and other bodies may also involve the exchange of data relating to you.
All these categories of recipients may in turn involve third parties, so that your data may also become accessible to them. We can restrict processing by certain third parties (e.g. IT providers), but not by other third parties (e.g. authorities, banks, etc.).
We process and store personal data mainly in Switzerland and the European Economic Area (EEA), but potentially in any country in the world, depending on the case – for example via subcontractors of our service providers or in proceedings before foreign courts or authorities. In the course of our work for clients, your personal data can also be transferred to any country in the world.
If a recipient is located in a country without adequate data protection, we contractually oblige the recipient to comply with an adequate level of data protection (for this purpose, we use the revised standard contractual clauses of the European Commission, which can be accessed here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?, including the additions necessary for Switzerland), insofar as the recipient is not already subject to a legally recognised set of rules to ensure data protection. We may also transfer personal data to a country without adequate data protection without concluding a separate contract for this purpose if we can rely on an exemption provision. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interests or if the performance of a contract which is in your interest requires such disclosure (e.g. if we disclose data to our correspondence offices), if we disclose data to our correspondence offices), if you have consented, or if it is not possible to obtain your consent within a reasonable period of time and the disclosure is necessary to protect your life or physical integrity or that of a third party, or if it concerns data which you have made generally accessible and the processing of which you have not objected to. We may also rely on the exemption for data from a register provided for by law (e.g. HR) to which we have been legitimately given access. We may also rely on the exception for data from a register provided for by law (e.g. HR) to which we have been legitimately given access.
You have certain rights in connection with our data processing. In accordance with applicable law, you can in particular request information about the processing of your personal data, have incorrect personal data corrected, request the deletion of personal data, object to data processing, request the release of certain personal data in a standard electronic format or their transfer to other persons responsible.
If you wish to exercise your rights towards us, please contact us; you will find our contact details in section 2. In order to prevent misuse, we must identify you (e.g. with a copy of your identity card, if necessary).
Please note that conditions, exceptions or restrictions apply to these rights (e.g. for the protection of third parties or business secrets or due to our professional duty of confidentiality). We reserve the right to black out copies for data protection or confidentiality reasons or to supply only excerpts.
You can set your browser to automatically reject, accept or delete cookies. You can also disable or delete cookies on a case-by-case basis. You can find out how to manage the Cookies in your browser in the help menu of your browser.
Both the technical data collected by us and cookies do not generally contain any personal data. However, personal data that we or third-party providers commissioned by us store from you (e.g. if you have a user account with these providers) may be linked to the technical data or to the information stored in and obtained from cookies and thus possibly to your person.
We also use social media plug-ins, which are small pieces of software that create a connection between your visit to our website and a third-party provider. The social media plug-in tells the third party provider that you have visited our website and may send the third party provider cookies that they have previously placed on your web browser. For more information about how these third parties use your personal data collected through their social media plug-ins, please refer to their respective privacy statements.
Some of the third-party providers we use may be located outside of Switzerland. Information on the disclosure of data abroad can be found under point 6. In terms of data protection law, they are in part “only” order processors of us and in part responsible bodies. Further information on this can be found in the data protection declarations.
We operate sites and other online presences on social networks and other platforms operated by third parties and process data about you in this context. In doing so, we receive data from you (e.g. when you communicate with us or comment on our content) and from the platforms (e.g. statistics). The providers of the platforms may analyse your usage and process this data together with other data they have about you. They also process this data for their own purposes (e.g. marketing and market research purposes and to manage their platforms), and act as their own data controllers for this purpose. For more information on processing by platform operators, please refer to the privacy statements of the respective platforms.
We are entitled, but not obliged, to check third-party content before or after it is published on our online presences, to delete content without notice and, if necessary, to report it to the provider of the platform concerned.
Some of the platform providers may be located outside of Switzerland. Information on data disclosure abroad can be found under section 6.
We do not assume that the EU General Data Protection Regulation (“GDPR”) is applicable in our case. However, if this should exceptionally be the case for certain data processing operations, this Section 10 shall apply additionally exclusively for the purposes of the GDPR and the data processing operations subject to it.
We base the processing of your personal data in particular on the fact that
- it is necessary for the initiation and conclusion of contracts and their administration and enforcement as described in section 3 (Art. 6 para. 1 lit. b DSGVO);
- it is necessary for the protection of legitimate interests of us or of third parties as described in para. 3, namely to communicate with you or third parties, to operate our website, to improve our electronic offers and registration for certain offers and services, for security purposes, to comply with Swiss law and internal regulations for our risk management and corporate governance and for other purposes such as training and education, administration, evidence and quality assurance, organisation, implementation and follow-up of events and to protect other legitimate interests (see section 3) (Art. 6 para. 1 lit. f DSGVO);
- it is required or permitted by law on the basis of our mandate or our position under the law of the EEA or a member state (Art. 6 para. 1 lit. c DSGVO) or is necessary to protect your vital interests or those of other natural persons (Art. 6 para. 1 lit. d DSGVO);
- you have consented to the processing separately.
We would like to point out that we generally process your data for as long as our processing purposes (cf. section 3), the legal retention periods and our legitimate interests, in particular for documentation and evidence purposes, require or storage is technically necessary (e.g. in the case of backups or document management systems). If there are no legal or contractual obligations or technical reasons to the contrary, we generally delete or anonymise your data after the storage or processing period has expired within the framework of our usual processes and in accordance with our storage policy.
If you do not provide certain personal data, this may mean that it is not possible to provide the associated services or conclude a contract. We generally state where personal data requested by us is mandatory.
The right to object to the processing of your data as set out in section 7 applies in particular to data processing for the purpose of direct marketing.
If you do not agree with our handling of your rights or data protection, please let us know (see contact details in section 2). If you are in the EEA, you also have the right to complain to the data protection supervisory authority in your country. You can find a list of the authorities in the EEA here: https://edpb.europa.eu/about-edpb/about-edpb/members_en.