Privacy Policy

The protection of your personal data, which Hestra Law (hereinafter also “we” or “us”) collects and processes in the course of its business activities, is important to us. We process personal data in accordance with the provisions of the Swiss Data Protection Act (hereinafter “DSG”) and, if and to the extent applicable, the EU General Data Protection Regulation (hereinafter “DSGVO”). 

The following data protection declaration provides information on how and for what purposes we process your personal data and what rights you have in this regard. “Personal data” means any information relating to an identified or identifiable natural person. 

The following data protection declaration provides information on how and for what purposes we process your personal data and what rights you have in this regard. “Personal data” means any information relating to an identified or identifiable natural person. 

The name and address of the data controller are as follows: 

Hestra Law
RA MLaw Melissa V. Weissmann
Metallstrasse 9A
P.O. Box 7307
6302 Zug

Tel: +41(0)41 562 30 80
E-Mail: info@hestralaw.ch

1. Personal data and purposes of processing

1.1. General in the context of our business activities

We process only the personal data that we receive or collect in the course of our business activities with our clients, prospective clients, event participants and website visitors. In the context of a client relationship, we process the following personal data:

Client data and data for mandate administration: personal and contact data (such as first and last name, date of birth and place of citizenship, private residential address, telephone number and e-mail address), identification and background information (e.g. AHV number, signature samples, language) as well as contact details of contact persons, position and title, associated company/position, industry, any cross-connections (e.g. shareholder or related parties), transaction data, financial data, tax data, information on child and adult protection measures (e.g. guardianships) and other background information from publicly accessible sources (e.g. commercial register), any referring person, the content of the request and mandate, counterparties and their representatives, as well as further information for checking any conflicts of interest .

Mandate data: Communication with clients, Courts, counter-counsel and third parties, documentation relating to advice provided, information disclosed to us in the course of providing our services by or on behalf of clients, opposing parties, courts, authorities and other parties involved in proceedings or that we create in the course of providing our services (minutes, notes, contractual documents, legal documents for court proceedings, etc.)

Service and billing data: Information about the services provided and billed, billing data, service records, invoices, payments, bank details 

We process personal data primarily to provide, document, bill and improve our services. This includes processing to fulfil legal requirements (e.g. to check for any conflicts of interest) and to enforce or defend against legal claims. We also process our clients' personal data in order to communicate with them, answer inquiries and provide them with information about our firm and invitations to events, courses, conferences or lectures.

If you provide us with information about other persons (e.g. family members, representatives, opposing parties or other related persons), we assume that you are authorized to do so and that this information is correct, and that you have ensured that these persons are aware of this disclosure, insofar as a legal duty to provide information applies (e.g. by bringing this data protection declaration to their attention in advance).

1.2 Disclosure of personal data

We do not pass on any personal data to third parties without the consent of the data subject, unless this is done in connection with the processing of the mandate or is necessary for the purposes described in this data protection declaration. In particular, information may be passed on to Courts and authorities, opposing parties, correspondence lawyers, legal expenses insurance companies and other experts in the course of processing the mandate. 

In addition, we may pass on personal data to contract data processors, in particular to IT providers and other providers that provide IT applications or support and other services for the purposes listed in this data protection declaration on our behalf.

1.3. Storage period

We process and store your personal data only for as long as is necessary for the relevant processing purpose or as long as another legal basis (e.g. statutory retention periods) exists. We retain personal data that we possess on the basis of a contractual relationship with you for at least as long as the contractual relationship exists and the limitation periods for possible claims by us have expired or contractual retention obligations exist. As soon as your personal data is no longer required for the above-mentioned purposes, it will, as a matter of principle and as far as possible, be set to passive, deleted or anonymized.

1.4. Data security

We take technical and organizational measures to protect your personal data from unauthorized access, misuse, loss and destruction.

2. Use of our website

2.1. General

You do not have to disclose any personal data to use our website. However, the server collects a range of user information with each visit, which is stored temporarily in the server's log files. The information collected includes, among other things, the IP address, the date and time of access, the time zone difference to GMT, the name and URL of the accessed file, the website from which access occurs, the browser used, and the operating system used. 

When using this general information, it is not assigned to a specific person. The collection of this information or data is technically necessary to display our website to you and to ensure its stability and security. This information is also collected to improve the website and analyse its use. The legal basis for the temporary storage of the information and log files is our legitimate interest in offering you our website in sufficient quality and being able to continuously improve it.

Our website uses Google Analytics, a service provided by Google LLC, USA, which monitors and records how our website is used. Google Analytics does this by placing small text files called cookies on your computer or other devices. Cookies collect information about the number of visitors to this website, the visits to the individual pages and the duration for which these websites are visited. This information is available in aggregated form and is not identifiable with respect to the individual. This integration of Google Analytics is carried out in principle via anonymized IP addresses by shortening them within the EU/EEA. Google is subject to the CH-US and EU-US Privacy Shield.

We also use Google Maps to embed maps into our website. When such embedding is carried out, the services used collect the Internet Protocol (IP) addresses of users at least temporarily for technically compelling reasons and set cookies independently.

2.2 Contact form

You can contact us using the contact form provided on our website. The mandatory information for using the contact form is your name, email address and subject. The personal data you provide to us is stored by us and processed to deal with your request. The legal basis for this personal data processing is your consent and our legitimate interest in dealing with your request.

2.3 Liability for links

References and links to third-party websites are outside our area of responsibility. We do not accept any responsibility for such websites. Access to and use of such websites is at the user's own risk.

2.4 Job applications

You can submit your application for a job with us by post or via the e-mail address provided on our website. The application documents and all personal data disclosed to us with them will be treated in strict confidence, will not be disclosed to third parties and will only be processed for the purpose of considering your application for employment with us. Unless you have given your consent to the contrary, your application file will either be returned to you or deleted/destroyed after the application process has been completed, unless it is subject to a legal obligation to retain it. The legal basis for the processing of your data is your consent, the performance of the contract with you and our legitimate interests.

2.5. Copyrights

The copyrights and all other rights to content, images, photos or other files on the website belong exclusively to Hestra Law, RA MLaw Melissa V. Weissmann or the specifically named holders of the rights. The written consent of the copyright holder must be obtained in advance for the reproduction of any elements.

3. Where does the data come from?

From you: You (or your device) provide us with most of the data we process (e.g. in connection with our services, the use of our website or communication with us). You are not obliged to disclose your data, with exceptions in individual cases (e.g. legal obligations). However, if, for example, you wish to conclude contracts with us or use our services, you must provide us with certain data. It is also not possible to use our website without data processing.

From third parties: We may also obtain data from publicly accessible sources (e.g. debt collection registers, land registers, commercial registers, media or the internet, including social media) or receive it from (i) authorities or other third parties (e.g. clients, counterparties). This includes, in particular, data that we process in the context of the initiation, conclusion and execution of contracts, as well as data from correspondence and meetings with third parties, but also all other categories of data in accordance with Section 1.

4. To whom can personal data be passed on?

In connection with the purposes listed in Section 1, we transmit your personal data in particular to the categories of recipients listed below. If necessary, we will obtain your consent for this or have our professional duty of confidentiality waived by our supervisory authority.

Service providers in Switzerland and abroad that process data that they have received from us or collected for us (e.g. accountants/fiduciaries, IT providers, cloud providers, banks, insurance companies, collection agencies, address verifiers, other law firms or consulting firms) (i) on our behalf (e.g. IT providers), (ii) under joint responsibility with us or (iii) under their own responsibility. We generally enter into contracts with these third parties regarding the use and protection of personal data.

Authorities, offices and courts in Switzerland and abroad, if this is necessary for the fulfilment of our contractual obligations and in particular for the conduct of the mandate, or if we are legally or regulatory obliged or entitled to do so, or if this appears necessary to protect our interests. These recipients process the data under their own responsibility.

Counterparties and persons involved (e.g. other law firms, respondents or experts, etc.), provided that this is necessary for the fulfilment of our contractual obligations, in particular for the conduct of the mandate.

Other personswhose inclusion arises from the purposes set out in Section 1.

All these categories of recipients may in turn involve third parties, so that your data may also be accessible to them. We can restrict the processing of certain third parties (e.g. IT providers), but not that of other third parties (e.g. authorities, banks, etc.).

We use certain IT services and means of communication that may be associated with data security risks (e.g. e-mail, video conferencing). It is your responsibility to inform us if you require special security measures.

5. Your rights

Persons about whom we process data have the right to request information in accordance with Art. 25 of the Federal Data Protection Act of September 25, 2020. You also have the following rights with regard to your data:

• Right of access
• Right of rectification
• Right of erasure, subject to regulatory restrictions
• Objection to or restriction of processing
• Portability of personal data
• Provision of instructions for posthumous processing of personal data (depending on applicable law)

The exercise of these rights is not absolute and is subject to the restrictions provided by applicable law. Depending on the applicable law, the data subject may have the right to file a complaint with the relevant regulatory authority in their jurisdiction if they are not satisfied with the company's response.

Insofar as our processing is based on consent, each data subject has the right to revoke this consent at any time with effect for the future. 

To exercise such rights, data subjects can contact info@hestralaw.ch wenden. Wir werden diese Gesuche im Einklang mit dem anwendbaren schweizerischen Datenschutzgesetz bearbeiten und können diese gemäss den gesetzlichen Regelungen auch ablehnen oder nur eingeschränkt erfüllen. 

A data subject also has the option, as provided in the Data Protection Act, of contacting the Federal Data Protection and Information Commissioner (www.edoeb.admin.ch).

6. Amendments to this data protection declaration

We expressly reserve the right to amend this data protection declaration at any time. If such amendments are made, we will immediately publish the amended data protection declaration on our website. The data protection declaration published on our website is the valid one.