Privacy Policy - Rechtsanwalt Zürich

1. What is this privacy policy about?

The Heller Rechtsanwalts AG (hereinafter also «we», «us») obtains and processes personal data relating to you or also to other persons (so-called «third parties»). We use the term «data» here synonymously with «personal data». Personal data means data relating to specific or identifiable persons (i.e. conclusions about their identity are possible on the basis of the data itself or with corresponding additional data). «Processing» means any handling of personal data, e.g. obtaining, storing, using, adapting, disclosing and deleting.

In this privacy policy we describe what we do with your data when you visit our website www.rechtsanwalt-zuerich.ch (the «Website»), obtain our services or products, otherwise interact with us under a contract, communicate with us or otherwise deal with us. Where appropriate, we will inform you of additional processing activities not mentioned in this privacy policy.

If you transmit or disclose data about other persons such as family members, work colleagues, etc., we assume that you are authorised to do so and that this data is correct. By submitting data about third parties, you confirm this. Please also ensure that these third parties are informed about this privacy policy.
This privacy policy is designed to meet the requirements of the EU General Data Protection Regulation («GDPR»), the Swiss Data Protection Act («DPA») and the revised Swiss Data Protection Act («revDSG»). However, whether and to what extent these laws are applicable depends on the individual case.

2. Who is responsible for processing your data?

Responsible for the data processing described in this privacy policy is:

Heller Rechtsanwalts AG
Dr Heinz Heller
Orchard road 7
PO Box 1503
8021 Zurich
info@rechtsanwalt-zuerich.ch

If you have any questions about this privacy policy or other data protection concerns and/or wish to exercise your rights under para. 9, you can contact us at the above address.

3. What data do we process?

We process different categories of data about you. The main categories are as follows:

Technical data: When you use our website, we collect the IP address of your terminal device and other technical data to ensure the functionality and security of this offer. This data also includes logs recording the use of our systems. We generally retain technical data for 24 months. In order to ensure the functionality of these offers, we may also assign an individual code to you or your end device (e.g. in the form of a cookie, see para. 10). The technical data in itself does not allow any conclusions to be drawn about your identity. However, in the context of user accounts, registrations, access controls or the processing of contracts, they can be linked to other data categories (and thus possibly to your person).
Communication data: If you are in contact with us by email, telephone, letter or other means of communication, we collect the data exchanged between you and us, including your contact details and the boundary data of the communication. If we want or need to establish your identity, we collect data to identify you (e.g. a copy of an identity document). We usually keep this data for 24 months from the last exchange with you. This period may be longer where this is necessary for reasons of proof or to comply with legal or contractual requirements, or for technical reasons. E‑mails in personal mailboxes and written correspondence are generally kept for at least 10 years.
Contract data: This is data that arises in connection with the conclusion or execution of a contract, e.g. information about contracts and the services to be provided or provided, as well as data from the run-up to the conclusion of a contract, the information required or used for the execution and information about reactions. We generally collect this data from you, from contractual partners and from third parties involved in the processing of the contract, but also from third party sources (e.g. providers of creditworthiness data) and from publicly accessible sources. We generally keep this data for 10 years from the last contractual activity, but at least from the end of the contract. This period may be longer if this is necessary for reasons of evidence or to comply with legal or contractual requirements or for technical reasons.

Many of the measures described in this para. 3 you disclose to us yourself (e.g. in the course of communication with us, in connection with contracts, when using the website, etc.). You are not obliged to do so, subject to individual cases, e.g. in the context of binding protection concepts (legal obligations). If you wish to conclude contracts with us or claim services, you must also provide us with data, in particular master data, contract data and registration data, as part of your contractual obligation under the relevant contract. When using our website, the processing of technical data is unavoidable. If you wish to gain access to certain systems, you must provide us with registration data.

4. For what purposes do we process your data?

First and foremost, we process your data in connection with the provision of our services, communication with you and the conclusion, administration and processing of contractual relationships with our customers and other business partners as well as the operation of our website. We then process your data for marketing purposes and to maintain relationships, e.g. to send our customers and other contractual partners personalised advertising about our products and services. This may take the form of newsletters and other regular contacts (electronically, by post, by telephone), via other channels for which we have contact information from you, but also as part of individual marketing campaigns (e.g. events etc.) and may also include free services (e.g. invitations etc.). You can refuse such contacts at any time (see at the end of this para. 4) or refuse or revoke your consent to be contacted for advertising purposes.

We may also process your data for other purposes insofar as this is permitted by law and we have a legitimate interest in the corresponding data processing (e.g. market and opinion research, offering and further developing our services, guaranteeing our operation, in particular of the IT and our website, and asserting legal claims).

We may use certain of your personal attributes for the purposes set out in this para. 4, if we want to determine preference data, but also to determine abuse and security risks, to carry out statistical evaluations or for operational planning purposes. For the same purposes, we can also create profiles, i.e. we can combine behavioural and preference data, but also master and contract data and technical data assigned to you, in order to better understand you as a person with your different interests and other characteristics.

In both cases, we pay attention to the proportionality and reliability of the results and take measures against misuse of these profiles or profiling. If these can have legal effects or significant disadvantages for you, we generally provide for a manual review.

5. On what basis do we process your data?

Insofar as you have given us consent to process your data for certain purposes (e.g. registration to receive newsletters or consent to other regular contacts, consent to automated data processing, where applicable), we process your data within the scope of and based on this consent, insofar as we have no other legal basis and we require such a basis. Consent that has been given can be revoked at any time, but this has no effect on data processing that has already taken place (see also para. 9).

Where we do not ask for your consent to process your personal data, we base the processing of your personal data on the fact that the processing is necessary for the initiation or performance of a contract with you (or the entity you represent) or that we or third parties have a legitimate interest in doing so, in particular in order to fulfil the obligations set out in para. 4 above and related objectives described above and to be able to take appropriate action. Our legitimate interests also include compliance with legal regulations, insofar as this is not already recognised as a legal basis by the respective applicable data protection law (e.g. in the case of the GDPR, the law in the EEA and in Switzerland). However, this also includes the marketing of our products and services, the interest in better understanding our markets and in managing and further developing our company, including operations, safely and efficiently.

6. Who do we disclose your data to?

In connection with our contracts, the website, our services and products, our legal obligations or otherwise in order to protect our legitimate interests and the other interests set out in para. 4. we also transfer your personal data to third parties, in particular to the following categories of recipients:

Service providers: We work with service providers in Switzerland and abroad who process data about you on our behalf or in joint responsibility with us or who receive data about you from us in their own responsibility (see para. 10).
Contractual partners including customers: This initially refers to customers and other contractual partners of ours, because this data transfer results from these contracts. For example, they receive registration data on issued and redeemed vouchers, invitations, etc. If you work for such a contractual partner yourself, we may also transfer data about you to them in this context. The recipients also include contractual partners with whom we cooperate.
Authorities: We may pass on personal data to offices, courts and other authorities in Switzerland and abroad if we are legally obliged or entitled to do so or if this appears necessary to protect our interests. The authorities process data about you that they receive from us on their own responsibility.
Other persons: This refers to other cases where the inclusion of third parties arises from the purposes pursuant to para. 4 results.

All these categories of recipients may in turn involve third parties, so that your data may also become accessible to them. We can restrict processing by certain third parties (e.g. IT providers), but not by other third parties (e.g. authorities, banks, etc.).

7. How long do we process your data?

We process your data for as long as our processing purposes, the statutory retention periods and our legitimate interests in processing for documentation and evidence purposes or practical reasons require or storage is technically necessary. Further information on the respective storage and processing duration can be found under the individual data categories in para. 3 or for the cookie categories in para. 10. If there are no legal or contractual obligations to the contrary, we will delete or anonymise your data after the storage or processing period has expired as part of our normal processes.

Documentation and evidence purposes include our interest in documenting processes, interactions and other facts in case of legal claims, discrepancies, IT and infrastructure security purposes and evidence of good corporate governance and compliance. Retention may be technically necessary if certain data cannot be separated from other data and we therefore need to retain it with them (e.g. in the case of backups or document management systems).

8. How do we protect your data?

We take appropriate technical and organisational security measures to maintain the confidentiality, integrity and availability of your data, to protect it against unauthorised or unlawful processing and to protect against the risks of loss, accidental alteration, unauthorised disclosure or access.

9. What rights do you have?

Applicable data protection law grants you the right to object to or request restriction of the processing of your data in certain circumstances, in particular that for direct marketing purposes, direct marketing profiling and other legitimate processing interests.
To help you control the processing of your personal data, you also have the following rights in connection with our data processing, depending on the applicable data protection law:

The right to request information from us as to whether and what data we process from you
The right to have us correct data if it is inaccurate
The right to request the deletion of data
The right to request that we provide certain personal data in a commonly used electronic format or transfer it to another controller
The right to withdraw consent insofar as our processing is based on your consent
The right to obtain, on request, further information necessary for the exercise of these rights

If you wish to exercise any of the above rights against us, please contact us in writing; you will find our contact details in para. 2. In order for us to be able to exclude misuse, we must normally identify you (e.g. with a copy of your identity card, if this is not otherwise possible).
Please note that conditions, exceptions or restrictions apply to these rights under applicable data protection law (e.g. to protect third parties or trade secrets). We will inform you accordingly if necessary.

10. Do we use online tracking?

We do not use any online tracking techniques on our website.

11. Can this privacy policy be changed?

This Privacy Policy does not form part of any contract with you. We may amend this privacy policy at any time. The version published on this website is the current version.

Last updated: August 2023