General Privacy Statement
Introduction
With this privacy statement, Blum&Grob Attorneys at law Ltd would like to inform you about how Blum&Grob processes personal data in the course of its business and inform you about your rights. Please read our privacy statement carefully.
A. Controller and Responsibility
The responsible for the processing of personal data and therefore the controller in accordance with this privacy statement is Blum & Grob Attorneys at law Ltd, Neumühlenquai 6, 8001 Zürich, Switzerland ("Blum & Grob"). The data protection officer at our company can be reached at the aforementioned postal address, by e-mail to datenschutz@blumgrob.ch or by telephone at +41 (0)58 320 00 00.
B. Personal data and terminology
Personal data is all information relating to a specific or identifiable (i.e., identified or identifiable) natural person such as name, address, telephone number, e-mail address, date of birth, etc. ("personal data").
Processing means any operation with personal data, irrespective of the means applied and the procedure, and in particular the collection, storage, use, revision, disclosure, archiving or destruction of data (“processing” or processed”).
Any natural or legal person, public authority, agency or other entity which processes personal data on behalf of the controller is a processor.
C. Collection of personal data
You or the persons concerned provide us with some of the personal data yourself by making it available to us, using our services or contacting us by e-mail or telephone. This includes, for example, name, contact data, date of birth, professional function, etc. We also process personal data that we receive from applicants for jobs. We may also collect personal data ourselves, e.g., if you or the company for which you work use our services, or we obtain data (e.g., information from media and Internet, credit information, your addresses and possibly interests and other socio-demographic data) from publicly accessible sources (e.g., debt enforcement registers, land registers, commercial registers, press, internet, media, social media). Furthermore, we may collect data from other companies , our clients and opposing parties in a legal dispute, from authorities and other third parties (credit agencies, address dealers) or your personal surroundings, or if you use our website (see section J). We collect this data for the purposes laid down in section D, unless otherwise referred to.
If you have given us consent to process your personal data for specific purposes (for example, when you register to receive newsletters), we will collect your personal data within the scope set and based on this consent. We may also base the collecting and processing of personal data on other legal grounds, if at all necessary. These include the fulfillment of a contract, the implementation of pre-contractual measures or the protection of other legitimate interests (see section D).
If you are acting on behalf of a third party or providing us with information about a third party, you declare that you are an authorized representative or agent of that third party and/or that you have obtained all necessary consents from that third party to the collection, processing, use and disclosure of their personal information to us or by us in accordance with the terms of this privacy statement.
D. Purposes of processing
We use personal data in particular to fulfill the purposes of our organization, to provide our services and to initiate and execute agreements with our customers and business partners, as well as to comply with our legal obligations. If you work for or against our clients or business partners, your personal data may also be affected in this function.
In addition, we also process personal data about you and other individuals, to the extent permitted and as we deem appropriate, for the following purposes:
- providing and developing our products, services and websites and other platforms, on which we are active;
- communication with third parties and processing of their inquiries (e.g., job applications, media inquiries);
- purpose of customer acquisition;
- credit or creditworthiness checks
- advertising and marketing (including the organization of events;
- market and opinion research, media monitoring;
- assertion of legal claims and defense in connection with legal disputes and official proceedings;
- prevention and investigation of crime and other misconduct (e.g., conducting internal investigations, data analysis to combat fraud);
- guarantees of our operations, in particular IT, our websites, apps and other platforms.;
- maintaining house rules and other measures for IT, building and facility security and protection of our employees and other persons and assets belonging to or entrusted to us (such as access controls, visitor lists, network and mail scanners, telephone recordings);
- purchase and sale of business units, companies or parts of companies and other transactions under company law and related transfer of personal data.
E. Duration of retention
Unless an explicit retention period is specified at the time of collection or in this privacy statement, we process and store personal data until it is no longer required to fulfill the purpose for which it was collected, unless legal retention obligations (e.g., commercial and tax retention obligations) do not allow deletion. It is possible that personal data will also be retained for the period in which claims can be asserted and insofar as we are otherwise legally obligated to do so, or legitimate business interests require this (e.g., for evidence and documentation purposes).
F. Rights of the Data Subject
Consent given can be revoked at any time, without affecting the lawfulness of the data processing carried out already. In addition, depending on the circumstances and the applicable data protection law you may have the right to Information, correction, deletion, or restriction of the processing of your personal data, the right to object to the processing and the right to data portability. Please note that the exercise of these rights may conflict with contractual agreements and may have consequences such as the premature termination of the contract or cost consequences. We will inform you in advance if this is not already contractually regulated. We are also entitled to make use of the statutory restrictions on your rights, for example if we are obliged to retain or process certain data, have an overriding interest in doing so, or require it for the assertion of claims.
In addition, every data subject has the right to enforce his or her claims in court or to file a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC/EDÖB).
Regarding your rights as well as further questions, suggestions, and comments on the subject of data protection, please contact the person responsible for data protection at the contact data mentioned at the beginning (see section A).
G. Security
We take appropriate measures to protect personal data from loss, misuse, unauthorized access, disclosure, alteration, or destruction. For this purpose, we use appropriate technical and organizational measures. However, we cannot guarantee the absolute security of the data.
Unless otherwise agreed, we do not accept any liability for breaches of these safety regulations unless they are intentional or due to gross negligence.
H. Data transfer
Within the scope of our business activities and the purposes mentioned in section D, we also disclose personal data to third parties, insofar as this is permissible and appears to us to be appropriate, either because they process data for us or because they use the data for their own purposes. This concerns in particular the following entities:
- service providers of us (e.g., banks, insurance companies), including order processors (such as newsletter, cloud or IT providers);
- dealers, suppliers, subcontractors and other business partners;
- domestic and foreign authorities, agencies or courts;
- other parties in possible or actual legal proceedings.
In this context, your personal data may be stored in Switzerland as well as in other countries in Europe and the United States where the service providers we use are located. If personal Data is processed outside of Switzerland or the European Economic Area, we will take the steps required by applicable data protection law to ensure that your personal Data is treated as securely and safely as it is in Switzerland or within the European Economic Area, unless we can rely on an exception clause. An exception may apply in the case of legal proceedings abroad, but also in cases of prevailing public interests, if the performance of a contract requires such disclosure or if you have consented.
I. Data processing through use of the website
During your visit to the website, general information is automatically collected (e.g., date of your visit, time zone, type of web browser and its settings, version and language, your IP address, MAC address of the terminal device (e.g., computer or cell phone), the operating system used, content retrieved and the domain name of your internet service provider). We use this data for marketing and administrative purposes as well as to ensure the functionality of the website. This data is also necessary to correctly operate and optimize the content of the website, to ensure the long-term functionality of our IT systems and the website, and to provide law enforcement authorities with the information they need to prosecute in the event of a cyber-attack.
1. SSL-encryption
This website uses SSL encryption for security reasons and to protect the transmission of confidential content. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://".
2. Server-Log-Files
The provider of this website automatically collects and stores information in so-called "server log files", which your browser automatically transmits to us. In particular, the information listed at the beginning under section J is transmitted.
3. Cookies
3.1 Definition
Cookies are small files that are stored on your terminal device when you use our website.
3.2 Essential and non-essential cookies
Essential cookies are files that are sent to the browser on your computer's hard drive to ensure the functionality of the website and to enable us to provide you with certain features. They do not require the consent of the users of the website.
With the help of non-essential cookies, we collect information about visits to the website. In addition, we use non-essential cookies to improve the user-friendliness of the website, for example, to adapt our offer to customer preferences and to make your browsing experience on the website as comfortable as possible. We also use cookies to optimize our advertising. Non-essential cookies require depending on the applicable law the consent of the users of the website.
3.3 Session-cookies and persisten cookies
So-called "session cookies" are automatically deleted after the end of your visit. For example, we may use session cookies to store already completed online forms or language settings across different pages of an internet session. In addition, we also use persistent cookies. These remain stored on your terminal device after the end of the browser session until you delete them. When you visit our website again, it will then automatically recognize which inputs and settings you prefer. Depending on the type of cookie, these cookies remain stored on your terminal device for a defined period of time (e.g., two years) and are automatically deactivated after the programmed time has expired. They serve to make our website more user-friendly, more effective and more secure. Thanks to these cookies, you will, for example, be shown information on the page that is specifically tailored to your interests.
3.4 Activation, deactivation and deletion of cookies
All web browsers offer the possibility to activate, deactivate or delete the use of cookies by configuring the settings or options of the browser accordingly. If cookies are completely or partially disabled or deleted, not all functions of the website may be available.
3.5 Cookies and personal data
For the cookies we use, no personal data is usually stored. However, personal data that we or third-party providers commissioned by us store from you (e.g., if you have a user account with us or these providers) may be linked to the technical data or to the information stored in and obtained from cookies and thus possibly to your person.
4. Integration of Google services
On our website we use the following services from Google: Maps and Analytics. The Google company in question is based in Ireland. Google Ireland relies on Google LLC (based in the USA) as a sub-processor (both "Google"). Although we can assume that the data Google retrieves and stores when our website is used is not personal data, it is possible that Google may draw conclusions about the identity of visitors from this data in conjunction with data collected by Google itself for its own purposes and may link this data to the Google accounts of these persons. If you have registered with Google yourself, Google may also be able to recognize you. The processing of your personal data by Google then takes place under its responsibility in accordance with its data protection provisions. For further information on data protection (in particular the scope, nature and purpose of data processing), please refer to the relevant Google data protection statement.
When using Google Analytics, we can measure and evaluate the use of the website (not person related). For this purpose, permanent cookies are used, which Google itself sets. For Google Analytics, we have configured the service in a way that the IP addresses of visitors are shortened by Google in Europe before any forwarding to the USA and thus cannot be traced. We have switched off the "Data forwarding" and "Signals" settings. Google only tells us how our respective website is used (no information about you personally).
5. Links to other Websites
The website contains links to other websites. We have no influence on whether their operators comply with the applicable data protection provisions. We exclude any responsibility or liability for websites of third parties that can be accessed via the links.
6. Social-Media-Plugins and -presence
6.1 Plugins
Our website contains at the moment social media plugins from LinkedIn. Social-Media Plugins are usually embedded on the website as a graphic file. We have configured these elements to be disabled by default. If you activate them (by clicking on them), the operators of the respective social networks are able to register that you are on our website and where and may use this information for their own purposes. Such processing of your personal data is then the responsibility of the respective operators in accordance with their data protection provisions. We do not receive any information about you from them.
For further information on data protection (in particular on the scope, type and purpose of data processing), please refer to the data protection statements of each social media provider. In there you will also find further information on your rights and settings options for protecting your privacy.
By logging out of the pages of your social networks (with reference to our website currently LinkedIn) beforehand and deleting cookies that have been set (see section 3.4 above), you can prevent the third-party providers from collecting information about you during your visit.
6.2 Presence
We may operate online presences on social networks and other platforms operated by third parties. We receive data from you and the platforms when you get in contact with us via our online presence on the respective platforms (e.g., when you communicate with us, comment on our content or visit our presence). At the same time, the platforms evaluate your use of our online presences and link this data with other data about you known to the platforms (e.g., about your behavior and preferences). They also process this data for their own purposes under their own responsibility, in particular for branding purposes and to control their platforms (e.g., which content they provide to you).
Content published by you (e.g., comments) may be redistributed by us (e.g., in our advertising on the platform or elsewhere). We or the operators of the platforms may also delete or restrict content from or to you in accordance with the usage guidelines (e.g., inappropriate comments).
For further information on the processing of the platform operators, please refer to the data protection notices of the respective platforms. In there you will also find out in which countries they process your data, what rights you have to information, deletion or other data subject rights and how you can exercise these or obtain further information. We currently use the following platforms:
LinkedIn (https://ch.linkedin.com/)
J. Final provisions
This privacy statement is not part of any contract with you. We reserve the right to change the content of this privacy statement at any time and without notice. The current version published on our website applies. We therefore recommend that you consult this privacy statement regularly. In addition to this data protection statement, we may inform you separately about the processing of your data, for example by means of further separate data protection statements relating to specific relationships (e.g., customer, client, or applicant relationships).