Privacy Policy

1. What is the purpose of this Privacy Policy?

BÜHLMANN KOENIG & PARTNER AG (“BKP”, “we” or “us”) is a law firm with its registered seat in Zurich, Switzerland. As part of our business activities, we obtain and process Personal Data, in particular Personal Data about our clients, associated persons, counterparties, courts and authorities, law firms, professional and other associations, visitors to our Website, participants in events, recipients of newsletters and other bodies or their contact persons and employees (hereinafter referred to as “you”). We provide information about this data processing in this privacy policy. In addition to this privacy policy, we may inform you separately about the processing of your data (e.g., in the case of forms or contractual conditions).

Personal Data means any information relating to an identified or identifiable natural person, e.g., name, address, e-mail address, online identifier, or telephone number (“Personal Data”). This is not an exhaustive description; other data protection declarations, general terms and conditions, conditions of participation or similar documents may regulate specific circumstances.

If you disclose Personal Data about other persons (e.g. family members, representatives, counterparties or other associated persons) to us, we assume that you are authorized to do so and that this Personal Data is correct and that you have ensured that these persons are informed about this disclosure, insofar as a legal obligation to inform applies (e.g. by bringing this data protection declaration to their attention in advance).

This privacy policy is designed to meet the requirements of the Swiss Data Protection Act (“DPA”) and the EU General Data Protection Regulation (“GDPR”). However, whether and to what extent these laws are applicable depends on the individual case.

By using our services, you consent to the collection and processing of your Personal Data in accordance with this privacy policy.

2. Who is responsible for the processing of your data?

The data controller responsible for the processing described in this privacy policy is:

BÜHLMANN KOENIG & PARTNER AG
Alfred-Escher-Strasse 17
8002 Zurich
Switzerland
Phone: +41 44 499 77 88
Email: info@bkp-legal.ch

BKP determines the purposes and means of the processing of your Personal Data and is therefore responsible for its processing and use in accordance with this privacy policy. If you have any questions or concerns regarding this privacy policy or the processing of your Personal Data, please contact us by email at info@bkp-legal.ch.

3. Which of your data is processed for which purpose?

If you use our services, our website https://www.bkp-legal.ch/ (“Website”) or otherwise deal with us, we obtain and process various categories of your Personal Data. In principle, we may collect and otherwise process this data for the following purposes in particular:

(i) Communication:
We process Personal Data so that we can communicate with you and with third parties, such as parties to proceedings, courts or authorities, by email, telephone, mail, social media or otherwise (e.g. to respond to inquiries, in the context of legal advice and representation and the initiation or execution of contracts). This also includes providing our clients, contractual partners, and other interested parties with information about events, changes to the law, news about our law firm or similar. This may be by newsletters and other regular contact (electronically, by mail, by telephone). You can reject such communication at any time or refuse or revoke your consent to such communication. For this purpose, we process, among other, the content of your communication, your contact details, and the metadata of the communication, but also image and audio recordings of (video) calls. In the event of an audio or video recording, we will inform you separately and you are free to inform us if you do not wish being recorded or to end the communication. If we need or want to establish your identity, we will collect additional data (e.g., a copy of an ID card).

(ii) Initiation and conclusion of contracts:
With regard to the conclusion of a contract, in particular a contract for the establishment of a client relationship, with you or your client or employer, which also includes the clarification of any conflicts of interest, we may in particular obtain and otherwise process your name, address, contact details, powers of attorney, declarations of consent, information about third parties (e.g. contact persons, family details and counterparties), contractual contents, date of conclusion, creditworthiness data and all other data which you provide to us or that we collect from public sources or from third parties (e.g. commercial or debt collection registers, credit agencies, sanction lists, media, legal protection insurers or from the Internet).

(iii) Administration and processing of contracts:
We obtain and process Personal Data so that we can comply with our contractual obligations towards our clients and other contractual partners (e.g., suppliers, service providers, correspondence law firms, project partners) and to provide and demand our contractual services. This also includes data processing for client management (e.g., legal advice and representation of our clients before courts and authorities and correspondence) as well as data processing for the enforcement of contracts (debt collection, legal proceedings, etc.), accounting and public communication (if permitted). For this purpose, we process, among other, the data that we receive or have collected as part of the initiation, conclusion and execution of the contract as well as data that we create as part of our contractual services or that we collect from public sources or from other third parties (e.g. courts, authorities, counterparties, information services, media, detective agencies or from the Internet). This data may include, among other, minutes of meetings and consultations, notes, internal and external correspondence, contractual documents, documents that we prepare and receive in the context of proceedings before courts and authorities (e.g. statements of claim, appeals and complaints, judgments and decisions), background information about you, counterparties or other persons as well as other mandate-related information, proof of performance, invoices and financial and payment information.

(iv) Operation of our Website:
To operate our Website securely and stable, we collect technical data (so-called “server log files”), such as IP-address, information about the operating system and settings of your device, the region, time, and type of use, which your device automatically transmits to us. We also use cookies and similar technologies. For further information, see section 9.

(v) Improving our electronic services:
To continuously improve our Website and other electronic services, we collect data about your behavior and preferences, for example by analyzing how you navigate through our Website and how you interact with our social media profiles.

(vi) Security purposes and access controls:
We obtain and process Personal Data to ensure and continuously improve the appropriate security of our IT and other infrastructure (e.g., buildings). This includes, for example, monitoring and controlling electronic access to our IT systems and physical access to our premises, analyzing and testing our IT infrastructure, systems and error checks and creating security backups. For documentation and security purposes (preventive and to investigate incidents), we also keep access logs and visitor lists for our premises and may use surveillance systems (e.g., security cameras). We will inform you of surveillance systems at the relevant locations by means of appropriate signs.

(vii) Compliance with laws, directives and recommendations from authorities and internal regulations (“Compliance”):
We obtain and process Personal Data to comply with applicable laws (e.g. anti-money laundering, tax obligations or our professional obligations), self-regulations, certifications, industry standards, our corporate governance and for internal as well as external investigations to which we are a party (e.g. by a law enforcement or supervisory authority or a mandated private body).

(viii) Risk management and corporate governance:
We obtain and process Personal Data as part of risk management (e.g., to protect against criminal activities) and corporate governance. This includes, among other things, our business organization (e.g., resource planning) and corporate development (e.g., acquisition and sale of business units or companies).

(ix) Job applications:
If you apply for a job with us, we will obtain and process the relevant data for the purpose of reviewing the application, conducting the application process and, in the case of successful applications, for the preparation and conclusion of a corresponding contract. In addition to your contact details and the information from the corresponding communication, we also process the data contained in your application documents and the data that we can additionally obtain about you, e.g. from job-related social networks, the internet, the media and from references, if you consent to us obtaining references.

(x) Processing of employment relationships:
We obtain and process Personal Data in the context of handling employment relationships with our employees, namely to record, calculate and process their salary data, expenses, pension fund and social security contributions as well as other data relating to the financial aspects of their employment relationship, to calculate and process their claims with the relevant insurance providers, to record and process their working hours, vacation credits, sickness absences and all other contractual employment benefits and claims.

(xi) Other purposes:
We obtain and process Personal Data for other purposes, e.g., training and education purposes and administrative purposes (e.g., our accounting). We may listen to or record telephone or video conferences for training, evidence, and quality assurance purposes. In such cases, we will inform you separately (e.g. by displaying a message during the video conference in question) and you are free to inform us if you do not wish to be recorded or to terminate the communication (if you simply do not wish your image to be recorded, please turn off your camera). In addition, we may process Personal Data for the organization, implementation, and follow-up of events, in particular participant lists and the content of presentations and discussions, as well as image and audio recordings made during these events. The protection of other legitimate interests is also one of the other purposes, which cannot be listed exhaustively.

4. Where does the data come from?

(i) From you:
You (or your device) provide us with the majority of the data we process (e.g., in connection with our services, the use of our Website, or communication with us). You are not obliged to disclose your data, except under special circumstances (e.g., if legal obligations apply). However, if you wish to conclude contracts with us or make use of our services you must provide us with certain data. The use of our Website is also not possible without data processing.

(ii) From third parties:
We may also obtain data from publicly accessible sources (e.g. debt collection registers, land registers, commercial registers, media or the Internet incl. social media) or receive such data from (i) authorities, (ii) your employer or client who either has a business relationship with us or is otherwise involved with us, and (iii) other third parties (e.g. clients, counterparties, courts or authorities, legal protection insurers, credit reference agencies, address dealers, associations, contractual partners, Internet analysis services). (iii) from other third parties (e.g., clients, counterparties, courts or authorities, legal expenses insurers, credit reference agencies, address dealers, unions, contractual partners, internet analysis services). This includes the data that we process in the context of the initiation, conclusion and execution of contracts as well as data from correspondence and discussions with third parties, but also all other categories of data in accordance with section 3.

5. On what legal basis do we process the data?

The processing of your Personal Data for the purposes described in section 3 may be based on the following legal bases:

(i)
Your consent, but only to the extent that it can be withdrawn at any time;

(ii)
For the performance of a contract with you or to take steps prior to entering a contract with you (e.g., for our advisory services or participation in an event you are interested in);

(iii)
To comply with a legal obligation (e.g., for tax purposes or for the purposes of legal investigations or proceedings); or

(iv)
For our legitimate interests, e.g. to maintain and improve our internal business administration, organization, operations, protection of systems and premises, prevention of fraud and other crime, for statistical purposes, to ensure an effective, efficient, secure and harmonized service, to comply with legal or other regulatory requirements and internal rules, and to establish, exercise and/or defend actual or potential legal claims, investigations or similar proceedings.

If the processing of Personal Data is based on your consent or our legitimate interests, you can withdraw your consent or object to this processing at any time by contacting us directly by email at info@bkp-legal.ch. Please note, however, that the withdrawal of your consent does not affect the lawfulness of processing based on consent before its withdrawal.

6. To whom do we disclose your data?

In connection with the purposes listed in section 3, we transfer your Personal Data to the categories of recipients listed below. If necessary, we will obtain your consent for this or have our supervisory authority release us from our professional duty of confidentiality.

(i) Service providers:
We work with service providers in Switzerland and abroad who (i) process data on our behalf, (ii) on our joint responsibility or (iii) in their own responsibility, which they have received from us or collected for us. These service providers include, for example, IT providers, banks, insurance companies, debt collection agencies, credit agencies, address auditors, accountants, other law firms or consulting firms.

(ii) Clients and other contractual partners:
This initially refers to clients and other contractual partners of ours for whom the transfer of your data arises from the contract (e.g., because you work for a contractual partner, or they provide services for you). This category of recipients also includes bodies with which we cooperate, such as other law firms in Switzerland and abroad or legal protection insurers. The recipients process the data in their own responsibility.

(iii) Authorities and courts:
We may disclose Personal Data to government agencies, courts and other authorities in Switzerland and abroad if this is necessary for the fulfillment of our contractual obligations and for the performance of mandates, or if we are legally obliged or entitled to do so or if this appears necessary to protect our interests. These recipients process the data in their own responsibility.

(iv) Counterparties and persons involved:
Insofar as this is necessary for the fulfillment of our contractual obligations, particularly for the performance of the mandate, we also pass on your Personal Data to counterparties and other persons involved (e.g. guarantors, financing providers, affiliated companies, other law firms, persons providing information or experts, etc.).

(v) Other persons:
This refers to other cases where the inclusion of third parties arises from the purposes set out in section 3. This concerns, for example, delivery addressees or payment recipients specified by you, third parties in the context of agency relationships (e.g., your lawyer or your bank) or persons involved in official or court proceedings. We may also pass on your Personal Data to our supervisory authority, specifically if this is necessary in individual cases to release us from our professional duty of confidentiality. Should we work with the media and send them material (e.g., photos), you may also be affected. As part of our corporate development, we may sell or acquire businesses, parts of businesses, assets or companies or enter partnerships, which may also result in the disclosure of data (including your Personal Data, e.g., as a client or supplier or as their representative) to the persons involved in these transactions. During communication with our competitors, industry organizations, associations and other bodies, data relating to you may also be exchanged.

All these categories of recipients may in turn involve third parties, so that your data may also become accessible to them. We can restrict the processing by certain third parties (e.g., IT providers), but not by other third parties (e.g., authorities, banks, etc.).

We may also allow certain third parties to collect Personal Data from you on our Website and at our events in their own responsibility (e.g., providers of tools that we have integrated on our Website, etc.). Insofar as we are not decisively involved in this data collection, these third parties are solely responsible for it. If you have any concerns and wish to assert your data protection rights, please contact these third parties directly. We have listed your rights in section 8. Information on the activities on our Website can be found in section 9.

7. Will your personal data also be sent abroad?

The Personal Data we collect is stored in Switzerland. If necessary and legally permitted, we may also transfer, store, and process your Personal Data at locations outside Switzerland, e.g., in countries where our business partners, auxiliary persons, authorities and other bodies are located. This also includes the transfer of Personal Data to countries outside the European Economic Area (EEA) if this is necessary for the data processing described in this privacy policy in accordance with applicable law.

If a recipient is located in a country without adequate data protection, we contractually oblige the recipient to comply with an adequate level of data protection (we use the revised standard contractual clauses of the European Commission, which are available here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj, including the supplements required for Switzerland), unless the recipient is already subject to a legally recognized set of rules to ensure data protection. We may also disclose Personal Data to a country without adequate data protection without concluding a separate contract if we can rely on an exemption clause for this. An exception may apply in particular for legal proceedings abroad, but also if overriding public interests apply or if the performance of a contract that is in your interest requires such disclosure (e.g. if we disclose data to our correspondence law firms), if you have given your consent, or if it is not possible to obtain your consent within a reasonable period of time and the disclosure is necessary to protect your life or physical integrity or that of a third party, or if it concerns data that you have made generally accessible and whose processing you have not objected to. We may also rely on the exception for data from a register provided for by law (e.g., commercial register), which we have legitimately obtained access to.

8. What rights do you have?

You have certain rights in connection with our data processing. In accordance with applicable law, you may request information about the processing of your Personal Data, have incorrect Personal Data corrected, request the deletion of Personal Data, object to data processing, request the disclosure of certain Personal Data in a common electronic format or its transfer to other controllers.

If you wish to exercise your rights against us, please contact us; you will find our contact details in section 2. To rule out misuse, we may be required to identify you (e.g., with a copy of your ID, if necessary).

Please note that conditions, exceptions, or restrictions apply to these rights (e.g., for the protection of third parties or business secrets or due to our professional duty of confidentiality). We reserve the right to black out copies for data protection reasons or due to confidentiality reasons or to supply only excerpts.

9. How do we use cookies, similar technologies, and social media plug-ins on out website?

When using our Website (including newsletters and other digital offers), certain data is collected and stored in logs (in particular technical data). We may also use cookies and similar technologies (e.g., pixel tags or fingerprints) to recognize Website visitors, evaluate their behavior and identify preferences. A cookie is a small file that is transmitted between the server and your system and makes it possible to recognize a specific device or browser.

You can set your browser so that it automatically rejects, accepts, or deletes cookies. You can also deactivate or delete cookies in individual cases. You can find out how to manage cookies in your browser in the help menu of your browser.

Neither the technical data we collect, nor cookies generally contain any Personal Data. However, Personal Data that we or third-party providers commissioned by us store about you (e.g., if you have a user account with us or these providers) may be linked to the technical data or to the information stored in and obtained from cookies and thus possibly to your person.

We also use social media plug-ins, which are small software modules that establish a connection between your visit to our Website and a third-party provider. The social media plug-in informs the third-party provider that you have visited our Website and may send the third-party provider cookies that it has previously placed in your web browser. For more information on how these third-party providers use your Personal Data collected via their social media plug-ins, please refer to their respective privacy policies.

We also use our own tools and third-party services (which may use cookies) on our Website, to improve the functionality or content of our Website (e.g., integration of videos or maps) or to compile statistics. We currently use the services of the following service providers, whereby their contact details and further information on the individual data processing can be found in the respective privacy policy:

(i) Squarespace

Provider: Squarespace Ireland Limited

(ii) LinkedIn

Provider: LinkedIn Ireland Unlimited Company

(iii) Google Analytics

Provider: Google Ireland Limited

Data Protection Information:

https://support.google.com/analytics/answer/6004245?hl=en&sjid=12933033161755497445-EU

(iv) Google Maps

Provider: Google LLC

Some of the third-party providers we use may be located outside of Switzerland. Information on the disclosure of data abroad can be found in section 7. In terms of data protection law, some of them are “only” processors on our behalf and some are data controllers. Further information on this can be found in their data protection declarations.

10. How do we process personal data on out social network pages?

We operate pages and other online presences on social networks and other platforms operated by third parties and may process data about you in this context. In doing so, we receive data from you (e.g., when you communicate with us or comment on our content) and from the platforms (e.g., statistics). The providers of the platforms can analyze your use and process this data together with other data that they have about you. They also process this data for their own purposes (e.g., marketing and market research purposes and to manage their platforms), and act as their own data controllers for this purpose. For further information on processing by the platform operators, please refer to the privacy policies of the respective platforms.

We currently use the following platforms, whereby the identity and contact details of the platform operator can be found in the privacy policy in each case:

(i) LinkedIn

BKP social media profile: https://www.linkedin.com/company/97339840/admin/feed/posts/

We are entitled, but not obliged, to check third-party content before or after it is published on our online presences, to delete content without notice and, if necessary, to report it to the provider of the platform in question.

Some of the platform operators may be located outside of Switzerland. Information on data disclosure abroad can be found in section 7.

11. Security

We have implemented various technical and organizational measures to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized use, disclosure, or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing and misuse.

BKP may use third parties as processors to collect and process your Personal Data. The data processors engaged by us will only process your Personal Data in accordance with our instructions and are legally obliged to take strict security precautions when handling your Personal Data.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your Personal Data, we cannot guarantee the security of your data transmitted to us over the internet; any transmission is at your own risk. For this reason, you are always free to transmit your Personal Data to us by other means.

12. What else needs to be considered?

We do not assume that the GDPR is applicable in our case. However, should this be the case for certain data processing, this section 12 shall apply additionally and exclusively for the purposes of the GDPR and the data processing subject to it.

We base the processing of your Personal Data on the fact that:

(i)
it is necessary as described in section 3 for the initiation and conclusion of contracts and their administration and enforcement (Art. 6 para. 1 lit. b GDPR);

(ii)
it is necessary for the legitimate interests pursued by us or by third parties as described in section 3, in particular for communication with you or third parties, to operate our Website, to improve our electronic offerings and registration for certain offerings and services, for security purposes, for compliance with Swiss law and internal regulations, for our risk management and corporate governance and for other purposes such as training and education, administration, evidence and quality assurance, organization, implementation and follow-up of events and for the protection of other legitimate interests (see section 3) (Art. 6 para. 1 lit. f GDPR);

(iii)
it is required or permitted by law, based on our mandate or our position under the law of the EEA or a member state (Art. 6 para. 1 lit. c GDPR) or is necessary to protect your vital interests or those of other natural persons (Art. 6 para. 1 lit. d GDPR);

(iv)
you have separately consented to the processing.

Please note that we generally process your data for as long as required for our purposes (see section 3), the statutory retention periods and our legitimate interests, in particular for documentation and evidence purposes, or if storage is technically necessary (e.g. in the case of backups or document management systems). If there are no legal or contractual obligations or technical reasons to the contrary, we will always delete or anonymize your data after the storage or processing period has expired as part of our normal processes and in accordance with our retention policy.

If you do not provide certain required Personal Data, it may not be possible to provide the associated services or conclude a contract. We will always indicate where the Personal Data requested by us is mandatory.

The right to object to the processing of your data set out in section 8 applies particularly applies to data processing for the purpose of direct marketing.

If you do not agree with our handling of your rights or data protection, please let us know (see contact details in section 2). If you are in the EEA, you also have the right to lodge a complaint with the data protection supervisory authority in your country.

13. Can this privacy policy be amended?

This privacy policy is not part of a contract with you. We may amend this privacy policy at any time. The version published on our Website is the current version.

Zurich, 1. August 2024