In the course of providing our services, we process personal data, in particular of our clients, of third parties in connection with the mandate (e.g. members of authorities or courts) as well as of business and contractual partners. Furthermore, we process personal data when you apply for a job with us and in connection with the use of our website, the mailing of our newsletter or the registration for an event organised by us.
Personal data (data) is any information relating to an identified or identifiable natural person. Processing includes any operation with personal data, such as collecting, storing or destroying personal data.
We comply with applicable laws when processing personal data. Your personal data is therefore processed in accordance with Swiss data protection law and - if and to the extent applicable - with the European Data Protection Regulation ("GDPR").
1. Controller
The data protection controller is and you can contact with any questions or comments regarding this privacy policy:
Suter Howald Attorneys at Law
Räffelstrasse 26
8045 Zurich
E-mail: privacy@suterhowald.ch
2. Collection of personal data and purpose of processing
a. Provision of legal services
We first process the personal data that is provided to us directly by you in your capacity as client, counterparty, involved third party or member of an authority or court or by third parties that we receive in this context. This regularly includes personal data such as personal details, contact details and other data relating to the mandate, e.g. concerning your professional, family or financial situation.
Furthermore, it may be necessary for us to collect your personal data by consulting publicly accessible registers or platforms (e.g. commercial registers, sanctions lists) or by obtaining personal data from third parties (e.g. legal protection insurance). This typically includes data that you have made publicly available or that you have explicitly agreed to obtain.
We primarily process your personal data in order to provide our legal services in accordance with our contractual and legal obligations. In addition to advising and representing you and communicating with you, this includes the initiation and conclusion of a mandate agreement, the necessary documentation in connection with the mandate and the billing of our services. Furthermore, we process your personal data for the purpose of complying with legal and professional requirements (e.g. combating money laundering, checking conflicts of interest) and, if necessary, for the enforcement of legal claims (e.g. debt collection).
b. Cooperation with business and contractual partners
Principally, we only process the personal data that you or your employer provide to us (e.g. personal details, contact details, role in the organisation, if applicable). However, it may be necessary for us to consult publicly accessible registers (e.g. commercial register) or contact third parties to collect data about you. This typically includes data that you have made publicly available.
We process your personal data only insofar as this is necessary within the scope of our cooperation, in particular for the conclusion or execution of contracts or within the scope of the provision of services by you. Furthermore, the processing of your personal data may be necessary for the fulfilment of legal obligations and/or the enforcement of legal claims.
c. Job application
We process the personal data that you provide to us with your application. This regularly includes your personal details, contact information, your CV and other information about your qualifications. Furthermore, we may obtain references if you have consented to this.
We process this data only for the purpose of assessing your suitability for an employment with us and, in the case of successful applications, for the preparation and conclusion of the employment contract.
d. Visit of our website
When visiting our website, server log files are collected and stored as standard, in particular your IP address, the operating system used (including user interface and version), the browser used (including language and version), the access status (HTTP status code), the website last accessed in the same browser window (referer or referrer) and the date and time of your visit. We may also use cookies or similar technologies (e.g. LocalStorage). This data is also available to our web hosting provider with headquarters and server in Switzerland.
The data collected via the website or the use of cookies (similar technologies) serves to permanently ensure the functionality and reliability of the website, in particular to further develop our website or to make it as user-friendly as possible. Cookies can be completely or partially deactivated and deleted at any time via the browser settings. Without cookies, however, our website may no longer be fully available.
e. Sign up for our newsletter
If you register for our newsletter, the data from the input mask and the date of your registration are transmitted to us.
For sending our newsletter, we use the system of CleverReach GmbH & Co KG (based in Germany and with servers in the EU), which is equipped with functions for statistical analysis and tracking. By means of the newsletters sent via this system, it is in particular possible to register on a personal basis whether and which newsletters are opened. Although we do not actively use this, the system also automatically registers by means of link tracking from where (approximate location determination based on the IP address used) and via which client you open our newsletter.
We use the data collected in this way for advertising purposes, such as sending e-mails of an advertising nature (newsletters), sending customer-specific advertising and for statistical purposes, in particular to optimise our newsletter.
You can unsubscribe from the newsletter at any time.
f. Registration for an event
If you register for an event organised by us, we process the personal data that you provide to us via the online input mask or the physical reply form. Possibly we take the liberty of contacting you after the event in order to send you documents or invite you to further events.
3. Disclosure of personal data of third parties to us
If you disclose personal data of a third party (e.g. employees or a counterparty) to us, it is up to you to inform them about the disclosure (e.g. in a privacy statement), provided you have a duty to inform.
4. Disclosure of personal data
For the purposes described in section 2, we may disclose personal data to the following categories of recipients: Clients, courts, authorities, associated law firms, legal protection insurances, counterparties and their legal representatives, in individual cases to the Supervisory Commission for Lawyers for the purpose of releasing us from our professional duty of confidentiality or to other third parties involved in the mandate (e.g. domicile providers, experts or banks).
Furthermore, we may disclose personal data to the following categories of processors or they may have access to personal data: Service providers in the field of IT (e.g. IT service providers; cloud service providers; hosting providers), service providers in the field of translations, service providers for accounting, telecommunications and archiving and destruction of files. In addition, we may be required to disclose your personal data to comply with legal or regulatory requirements.
Within our field of responsibility, personal data is only processed in Switzerland. The processors engaged by us also only process your personal data in Switzerland or in the European Economic Area (EEA). However, it cannot be ruled out that personal data disclosed by us to processors can be accessed from any country in the world. In addition, it is possible that we may have to disclose your personal data in individual cases to third parties in any country in the world whose local legislation does not guarantee a level of data protection comparable to Swiss law.
If, exceptionally, we disclose your personal data to a country without an adequate level of data protection, we will only do so if (alternatively):
- you have consented;
- the disclosure is directly related to the conclusion or performance of a contract with you or a third party, but in your interest;
- the disclosure is necessary for the protection of an overriding public interest or the establishment, exercise or enforcement of legal claims before a court or another competent foreign authority;
- you have made the personal data generally accessible and have not expressly prohibited its processing; or
- the data originates from a register provided for by law to which we have access.
Disclosure to a country without an adequate level of data protection is also permitted if the recipient contractually undertakes to comply with an adequate level of data protection (e.g. by means of standard contractual clauses of the European Commission).
5. Duration of retention
Principally, personal data is deleted or made anonymous as soon as it is no longer required to achieve the purpose for which it was collected (unless there are legal retention obligations or private overriding interests). We destroy the application documents of not employed applicants after the application process has been completed.
6. Rights of the data subject
You can request information about personal data processed about you at any time. Furthermore, you have the right to correction, deletion, restriction of processing, objection and data portability. However, you can only exercise these rights if the relevant legal requirements are met.
If individual data processing is carried out on the basis of your consent, you can revoke this consent at any time with effect for the future.
The competent supervisory authority in Switzerland is the Federal Data Protection and Information Commissioner.
7. Data security
We take reasonable and proportionate technical and organisational precautions to protect your personal data from loss, unauthorised modification or unauthorised access by third parties.
In the course of providing our services, we may make use of external IT service providers and cloud providers with servers in Switzerland and use certain IT services and means of communication which may be associated with data security risks (e.g. e-mail, MS Teams, Zoom, Webex, etc.). It is your responsibility to inform us of your wish for special security measures.
Please note that personal data which you transmit via the Internet or by e-mail may possibly be viewed by third parties or its content changed.
8. Legal basis
If and to the extent that the GDPR applies, we process personal data only on the basis of your consent (Art. 6 para. 1 let. a) GDPR), for the performance of a contract or the implementation of pre-contractual measures (Art. 6 para. 1 let. b) GDPR), in compliance with a legal obligation or to safeguard our or a third party’s legitimate interest (Art. 6 para. 1 let. f) GDPR). Legitimate interests are in particular: Ensuring the functionality and further development of the website, information security and optimisation as well as measuring the reach and success (statistics) of the newsletter.
9. Third party services
a. Share Plug-Ins
On our website you will find "Share Plug-Ins" from X (formerly Twitter) and LinkedIn. These plug-ins are provided by the respective providers. As soon as you click on the respective icon, you will be connected to the server of the corresponding provider. If you are registered with the respective service, you can directly recommend or share certain contents of our website.
We have no knowledge of what data these providers collect by means of the plug-in, nor do we have any influence on the collection of this data. You can find more information on this in the data protection declarations of the individual providers.
b. Google Maps
We use Google Maps to embed maps on our website. Cookies are also used in this process. Google Maps is a service of the American Google LLC. For users in the EEA and Switzerland, the Irish company Google Ireland Limited is responsible. Further information on the nature, scope and purpose of data processing can be found in Google's privacy and security policy and data protection statement, in the guide to data protection in Google products (including Google Maps), in the information on how Google uses data from websites on which Google services are used and in the information on cookies at Google. Furthermore, there is the possibility to object to personalised advertising.
c. Google reCAPTCHA
We use Google reCAPTCHA to protect input masks from bots and spam, but at the same time to enable reliable human input. Cookies are also used in the process. This is a service of the American Google LLC. For users in the EEA and Switzerland, the Irish company Google Ireland Limited is responsible. Further information on the type, scope and purpose of data processing can be found in Google's Privacy and Security Policy and Privacy Statement, as well as in the information on cookies at Google.
10. Adjustments to the privacy policy
This privacy policy is adapted from time to time, which is why we recommend that you consult it regularly.
Last updated: 31 August 2023
