Data Protection

Data Protection Statement of schochauer ag

1. What is the scope of this Data Protection Statement?

The schochauer ag (hereinafter also referred to as “schochauer,” “we,” or “us”) is a law firm based in St. Gallen. Within the scope of our business activities, we collect and process personal data, in particular personal data concerning our clients, associated persons, counterparties, courts and authorities, correspondent law firms, professional and other associations, visitors to our website, event participants, newsletter recipients, and other entities, or their respective contact persons and employees (hereinafter also referred to as “you”). “Personal data” is defined as all details and information relating to an identified or identifiable natural person. In this Data Protection Statement, we inform you about this data processing. In addition to this Data Protection Statement, we may inform you separately about the processing of your data (e.g., in forms, in the mandate agreement, or in other contractual terms). If you disclose data about other persons to us (e.g., family members, employers or employees, representatives, counterparties, or other associated persons), we assume that you are authorised to do so and that this data is accurate, and that you have ensured that these persons have been informed about this disclosure, insofar as a legal duty to inform applies (e.g., by bringing this Data Protection Statement to their attention beforehand).

2. Who is responsible for processing your data?

The entity responsible for data protection for the processing described in this Data Protection Statement is:

schochauer ag
Marktplatz 4, Postfach, 9004 St. Gallen,
info@schochauer.ch

3. For which purposes do we process which of your data?

If you use our services, use our website schochauer.ch (hereinafter “Website”), or otherwise interact with us, we collect and process various categories of your personal data. In principle, we may collect and otherwise process this data for the following purposes in particular:

Communication: We process personal data to enable us to communicate with you and with third parties, such as litigation parties, courts, or authorities, via email, telephone, letter, or otherwise (e.g., for answering enquiries, within the scope of legal advice and representation, and contract initiation or execution, for customer service and customer care). This also includes the ability to send our clients, contractual partners, and other interested persons information about events, changes in law, news about our firm, or similar matters. This may take the form of newsletters and other regular contacts (electronic, by post, by telephone). You may refuse such communication at any time or refuse or withdraw consent to such communication. For this purpose, we primarily process the contents of the communication, your contact details, and the metadata of the communication, as well as image and audio recordings of (video) phone calls. In the event of an audio or video recording, we will notify you separately, and you are free to inform us if you do not wish a recording or to terminate the communication. Should we need or wish to establish your identity, we collect additional data (e.g., a copy of an ID document).

Contract Initiation and Conclusion: With regard to the conclusion of a contract, such as a contract establishing a client relationship, with you or your principal or employer—which also includes checking for potential conflicts of interest—we may in particular collect and otherwise process your name, contact details, other personal details, authorisations, declarations of consent, information about third parties (e.g., contact persons, family details and counterparties), contract contents, date of conclusion, creditworthiness data, and all other data that you provide to us or that we collect from public sources or third parties (e.g., commercial registers, credit rating agencies, sanctions lists, media, legal expense insurers, or the internet).

Contract Management and Execution: We collect and process personal data so that we can comply with our contractual obligations towards our clients and other contractual partners (e.g., suppliers, service providers, correspondent law firms, project partners), and in particular can perform and claim the contractual services. This includes data processing for mandate management (e.g., legal advice and representation of our clients before courts and authorities and correspondence), as well as data processing for the enforcement of contracts (debt collection, court proceedings, etc.), data processing within the scope of our notarial activities, accounting, public communication (if permitted), and the retention and archiving of data. For this purpose, we process, in particular, the data that we have received or collected during the initiation, conclusion, and execution of the contract, as well as data that we create in the course of our contractual services or that we collect from public sources or from other third parties (e.g., courts, authorities, counterparties, information services, media, detective agencies, or the internet). This data may include, in particular, conversation and consultation minutes, notes, internal and external correspondence, contract documents, documents that we create and receive in the context of proceedings before courts and authorities (e.g., statements of claim, appeals, and complaints, judgments and decisions), background information about you, counterparties or other persons, as well as further mandate-related information, proofs of performance, invoices, and financial and payment information.

Operation of our Website: To be able to operate our website securely and stably, we collect technical data, such as the IP address, details about the operating system and settings of your device, the region, the time, and the type of use. We also use cookies and similar technologies. For further information, see section 8.

Improvement of our Services and Digital Offerings: To continuously improve our services and our digital offerings (e.g., website), we collect data about your behaviour and your preferences, for example, by gathering feedback on our services or analysing how you navigate through our website and how you interact with our social media profiles.

Security Purposes and Access Controls: We collect and process personal data to ensure and continuously improve the appropriate security of our IT and our other infrastructure (e.g., buildings). This includes, for example, the monitoring and control of electronic access to our IT systems and physical access to our premises, analyses and tests of our IT infrastructures, system and error checks, network and email scanners, and the creation of security copies. For documentation and security purposes (preventive and for the investigation of incidents), we also maintain access logs or visitor lists relating to our premises.

Compliance with Laws, Directives and Recommendations of Authorities, and Internal Regulations (“Compliance”): We collect and process personal data to comply with applicable laws (e.g., combating money laundering, tax law obligations, or our professional duties), self-regulations, certifications, industry standards, our “Corporate Governance,” and for internal and external investigations in which we are a (procedural) party (e.g., by a law enforcement or supervisory authority or a commissioned private entity).

Risk Management and Corporate Governance: We collect and process personal data within the framework of risk management (e.g., protection against illegal activities) and corporate governance. This includes, among other things, our operational organisation (e.g., resource planning) and corporate development (e.g., purchase and sale of business units or companies).

Job Applications: If you apply for a position with us, we collect and process the corresponding data for the purpose of reviewing the application, conducting the application process, and, for successful applications, for the preparation and conclusion of a corresponding contract. In addition to your contact details and the information from the corresponding communication, we process in particular the data contained in your application documents and the data that we may additionally collect about you, for example, from professional social networks, the internet, the media, and references, if you consent to us obtaining references.

Further Purposes: Further purposes include, for example, training and educational purposes, as well as administrative purposes (e.g., accounting). We may listen to or record telephone or video conferences for training, evidentiary, and quality assurance purposes. In such cases, we will inform you separately (e.g., by a notice during the video conference concerned), and you are free to inform us if you do not wish a recording, or to terminate the communication (if you only do not wish a recording of your image, please turn off your camera). Furthermore, we may process personal data for the organisation, execution, and follow-up of events, such as participant lists and contents of presentations and discussions, as well as image and audio recordings created during these events. The safeguarding of other legitimate interests is also among the further purposes, which cannot be listed exhaustively.

4. Where does the data come from?

Primarily from you: The majority of the data we process is disclosed to us by you (or your device) yourself (e.g., in connection with our services, the use of our website or any other programs, or communication with us). You are not obliged to disclose your data, except in individual cases (e.g., legal obligations). However, if you want to conclude contracts with us or use our services, for example, you must disclose certain data to us. The use of our website is also not possible without data processing.

Possibly also from third parties: We may also obtain data from publicly accessible sources (e.g., debt collection registers, land registers, commercial registers, media, or the internet including social media) or receive it from (i) authorities, (ii) your employer or principal, who is either in a business relationship with us or otherwise interacts with us, and from (iii) other third parties (e.g., clients, counterparties, legal expense insurers, credit agencies, address dealers, associations, contractual partners, internet analysis services). This includes, in particular, the data that we process in the context of the initiation, conclusion, and execution of contracts, as well as data from correspondence and meetings with third parties, but also all other categories of data according to section 3.

5. To whom do we disclose your data?

In connection with the purposes listed in section 3, we transmit your personal data in particular to the categories of recipients listed below. If necessary, we obtain your consent for this or are released from our professional duty of confidentiality by our supervisory authority.

Service Providers: We work with service providers in Switzerland and abroad who process data (i) on our behalf (e.g., IT providers), (ii) under joint responsibility with us, or (iii) under their own responsibility, which they have received from us or collected for us. These service providers include, for example, IT providers, banks, insurers, debt collection agencies, credit agencies, address verification services, other law firms or consulting companies. We generally conclude contracts with these third parties regarding the use and protection of personal data.

Clients and other Contractual Partners: This primarily refers to our clients and other contractual partners for whom a transmission of your data results from the contract (e.g., because you work for a contractual partner or they provide services for you). This category of recipients also includes entities with whom we cooperate, such as other law firms in Switzerland and abroad, or legal expense insurers. The recipients generally process the data under their own responsibility.

Authorities and Courts: We may pass on personal data to offices, courts, and other authorities in Switzerland and abroad if this is necessary for the fulfilment of our contractual obligations and in particular for mandate management, or if we are legally obliged or entitled to do so, or if this appears necessary to safeguard our interests. These recipients process the data under their own responsibility.

Counterparties and Involved Persons: Insofar as this is necessary for the fulfilment of our contractual obligations, in particular for mandate management, we also pass on your personal data to counterparties and other involved persons (e.g., guarantors, financiers, associated companies, other law firms, informers, or experts, etc.).

Other Persons: This refers to other cases where the involvement of third parties arises from the purposes according to section 3. This concerns, for example, delivery addressees or payment recipients specified by you, third parties in the context of representation relationships (e.g., your lawyer or your bank), or persons involved in official or court proceedings. We may also pass on your personal data to our supervisory authority, in particular if this is necessary in the individual case for the release from our professional duty of confidentiality. If we cooperate with the media and transmit material to them (e.g., photos), you may also be affected. In the context of corporate development, we may sell or acquire businesses, business units, assets, or companies, or enter into partnerships, which may also result in the disclosure of data (including yours, e.g., as a client or supplier or their representative) to the persons involved in these transactions. Data concerning you may also be exchanged in the context of communication with our competitors, industry organisations, associations, and other bodies. All these categories of recipients may in turn use third parties, so that your data may also become accessible to them. We can restrict the processing by certain third parties (e.g., IT providers), but not that of other third parties (e.g., authorities, banks, etc.). We also enable certain third parties, for example at our events, to also collect personal data from you on their own responsibility (e.g., media photographers, speakers, etc.). Insofar as we are not crucially involved in these data collections, these third parties are solely responsible for them. For concerns and to assert your data protection rights, please contact these third parties directly. Your rights are listed in section 7. Information on the activities on our website can be found in section 8.

6. Is your personal data also transferred abroad?

We process and store personal data mainly in Switzerland and the European Economic Area (EEA), but potentially in every country in the world, depending on the case—for example, via sub-processors of our service providers or in proceedings before foreign courts or authorities. Your personal data may also be transferred to any country in the world in the context of our work for clients. If a recipient is located in a country without an adequate level of data protection, we contractually oblige the recipient to comply with an adequate level of data protection (for this purpose, we use the revised standard contractual clauses of the European Commission, which can be viewed here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj? , including the necessary additions for Switzerland), unless they are already subject to a legally recognised framework for ensuring data protection. We may also disclose personal data to a country without an adequate level of data protection without concluding a separate contract for this purpose if we can rely on an exception clause. An exception may apply, in particular, in the case of legal proceedings abroad, but also in cases of overriding public interests or if the execution of a contract in your interest requires such disclosure (e.g., when we disclose data to our correspondent law firms), if you have consented, or if obtaining your consent within a reasonable period is not possible and the disclosure is necessary to protect your life or physical integrity or that of a third party, or if the data has been generally made accessible by you and you have not objected to its processing. We may also rely on the exception for data from a legally provided register (e.g., commercial register) into which we have legitimately gained insight.

7. What are your rights?

You have certain rights in connection with our data processing. According to applicable law, you can, in particular, request information about the processing of your personal data, have inaccurate personal data corrected, request the erasure of personal data, object to data processing, or request the provision of certain personal data in a standard electronic format or its transfer to other controllers. If you wish to exercise your rights against us, please contact us; our contact details can be found in section 2. To exclude misuse, we will identify you accordingly (e.g., with a copy of an ID document, if necessary). Please note that these rights are subject to conditions, exceptions, or restrictions (e.g., to protect third parties or trade secrets or due to our professional duty of confidentiality). We reserve the right to black out copies or only provide extracts for reasons of data protection law or confidentiality.

8. How are cookies, similar technologies, and social media plug-ins used on our website and other digital services?

When using our website (incl. newsletter and other digital offerings), data is generated and stored in logs (in particular technical data). In addition, we may use cookies and similar technologies (e.g., pixel tags or fingerprints) to recognise website visitors, evaluate their behaviour, and identify preferences. A cookie is a small file that is transmitted between the server and your system and enables the recognition of a specific device or browser. You can set your browser to automatically reject, accept, or delete cookies. You can also deactivate or delete cookies individually. You can find out how to manage cookies in your browser in your browser’s help menu. Neither the technical data collected by us nor cookies generally contain personal data. However, personal data that we or third-party providers commissioned by us store about you (e.g., if you have a user account with these providers) may be linked to the technical data or to the information stored in and obtained from cookies and thus potentially to you as a person. We also use social media plug-ins, which are small software components that establish a connection between your visit to our website and a third-party provider. The social media plug-in informs the third-party provider that you have visited our website and can transmit cookies to the third-party provider that the latter has previously placed on your web browser. Further information on how these third-party providers use your personal data collected via their social media plug-ins can be found in their respective data protection statements. In addition, we use our own tools and services from third-party providers (who may in turn use cookies) on our website, in particular to improve the functionality or content of our website (e.g., integration of videos or maps) and to create statistics. The following third-party services are integrated on our website in this regard:

Maps of the service “Google Maps” provided by the third-party provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data Protection Statement: https://www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/.

External fonts from Google, LLC., https://www.google.com/fonts (“Google Fonts”). The Google Fonts are integrated by a server call to Google (usually in the USA). Data Protection Statement: https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated.

We use a so-called “Content Delivery Network” (CDN), offered by priority LLC, Faerberstrasse 9, 8832 Wollerau. A CDN is a service with the help of which contents of our online offering, in particular images, graphics, JavaScripts, etc., are delivered faster with the help of regionally distributed servers connected via the internet. The processing of user data is carried out solely for this purpose and to maintain the security and functionality of the CDN service. The Data Protection Statement of priority LLC can be found at https://www.keycdn.com/privacy.

Some of the third-party providers we use may be located outside Switzerland. Information on data disclosure abroad can be found in section 6. In terms of data protection law, some of them are “only” processors on our behalf and some are controllers. Further information on this can be found in the data protection statements.

9. How do we process personal data on our pages in social networks?

We operate pages and other online presences on social networks and other platforms operated by third parties and process data about you in this context. We receive data from you (e.g., when you communicate with us or comment on our content) and from the platforms (e.g., statistics). The providers of the platforms can analyse your use and process this data together with other data they have about you. They also process this data for their own purposes (e.g., marketing and market research purposes and for the administration of their platforms), and act as their own controllers for this purpose. Further information on the processing by the platform operators can be found in the data protection statements of the respective platforms. We currently use the following platform, whereby the identity and contact details of the platform operator are available in the data protection statement:

LinkedIn
linkedin.com
Data Protection Statement: https://de.linkedin.com/legal/privacy-policy

We are entitled, but not obliged, to check third-party content before or after its publication on our online presences, to delete content without notice, and, if necessary, to report it to the provider of the platform concerned. Some of the platform operators may be located outside Switzerland. Information on data disclosure abroad can be found in section 6.

10. What else should be noted?

We assume that the EU General Data Protection Regulation (“GDPR”) is fundamentally not applicable in our case. However, should this exceptionally be the case for certain data processing activities, then this section 10 shall apply in addition, exclusively for the purposes of the GDPR and the data processing subject to it.

We base the processing of your personal data in particular on the fact that

it is necessary as described in section 3 for the initiation and conclusion of contracts and their management and enforcement (Art. 6 (1) lit. b GDPR);

it is necessary for the safeguarding of legitimate interests of us or third parties as described in section 3, namely for communication with you or third parties, to operate our website, for the improvement of our services and our digital offerings and registration for certain offers and services, for security purposes, for compliance with Swiss law and internal regulations, for our risk management and corporate governance, and for other purposes such as training and education, administration, evidence and quality assurance, organisation, execution and follow-up of events, and for safeguarding other legitimate interests (see section 3) (Art. 6 (1) lit. f GDPR);

it is legally required or permitted based on our mandate or our position under the law of the EEA or a Member State (Art. 6 (1) lit. c GDPR) or is necessary to protect your vital interests or those of other natural persons (Art. 6 (1) lit. d GDPR);

you have separately consented to the processing (Art. 6 (1) lit. a and Art. 9 (2) lit. a GDPR).

We point out that we generally process your data for as long as our processing purposes (cf. section 3), statutory retention periods, and our legitimate interests, in particular for documentation and evidence purposes, require it, or storage is technically conditional (e.g., in the case of backups or document management systems). Unless legal or contractual obligations or technical reasons prevent it, we generally delete or anonymise your data after the storage or processing period has expired within the scope of our usual procedures and in accordance with our retention policy. If you do not provide certain personal data, this may lead to the associated services not being provided or a contract not being concluded. We generally indicate where personal data requested by us is mandatory. The right to object to the processing of your data, as set out in section 7, applies in particular to data processing for the purpose of direct marketing. If you are not satisfied with how we handle your rights or data protection, please let us know (cf. contact details in section 2). If you are located in the EEA, you also have the right to complain to the data protection supervisory authority of your country. A list of the authorities in the EEA can be found here: https://edpb.europa.eu/about-edpb/board/members_de.

11. Can this Data Protection Statement be amended?

This Data Protection Statement is not part of a contract with you. We may adjust this Data Protection Statement at any time. The version published on this website is the current version.