This website is operated by CONSAVO.
The contents of this website are for information purposes only. It does not constitute legal advice. Any liability for possible damages resulting from the use of this website or the information contained therein is excluded. In particular, no liability is assumed for the timeliness, completeness and accuracy of the information provided. Liability for links to third-party websites and their contents is also excluded.
Neither the transmission of information from this website nor the retrieval of such information shall constitute an attorney-client relationship between the recipient and CONSAVO
Please note that email communication is neither safe nor confidential and may be subject to technical or operational interferences. CONSAVO cannot guarantee a timely reaction to instructions received via email and does not assume any liability for the infringement of the attorney-client privilege due to email communication. We therefore ask you to send us urgent or important messages by mail (with confirmation of receipt) or by courier. If you use e-mails, we recommend that you ask the recipient for confirmation of receipt. If in doubt, you should contact the recipient by telephone.
Unless otherwise stated, CONSAVO reserves all rights to all content (images, text, trademarks, etc.) on this website. The use of the contents without the prior express consent of CONSAVO is prohibited. The automated retrieval, distribution or display of the content or parts of the content of this website by technical means (such as web crawler or spider programs, meta search engines, framing) is also prohibited.
For our company, it is important to point out that we are 3 independent legal entities (disclaimer).
Data Protection Notice: CONSAVO
Status: 1 October 2023
- What is this privacy statement about?
CONSAVO (hereinafter also “we”, “us”) is an association based in Zurich, Switzerland, with offices in Zürich and Tokyo. In the course of our business, we collect and process personal data (hereinafter also “data”), in particular personal data about our clients, related parties, counterparties, courts and authorities, correspondent law firms, professional and other associations, visitors to our websites, participants in events, job applicants, recipients of newsletters and other legal entities or, in each case, their contact persons and employees (hereinafter also “you”). In this privacy notice, we inform you about the processing of this personal data. In addition to this privacy notice, we may provide you with further information about the processing of your data (e.g. in forms or contract terms).
If you provide us with data about other persons (e.g. family members, representatives, business partners or other related persons), we will assume that you are authorized to do so, that this data is correct and that you have ensured that these persons are aware of the communication, insofar as an obligation to inform exists (e.g. by drawing their attention to this data protection notice in advance).
- Who is responsible for processing your data?
The following company is the data controller, i.e. the party primarily responsible for compliance with data protection laws:
- For which purposes do we process your data?
In the course of our business, we may process different categories of personal data for different purposes. In particular, we process the following personal data from you for the following purposes:
Communication: we process personal data in order to be able to communicate with you as well as with third parties, such as parties to proceedings, courts or authorities, by e-mail, telephone, letter or other means (e.g. to answer inquiries, in the context of legal advice and representation as well as pre-contractual measures or the execution of contracts). This also includes sending information about events, legal changes, news about our law firm or similar to our clients, contractual partners and other interested parties. This may take place, for example, in the form of newsletters and other regular communication (in particular electronically, by mail and by telephone). You have the option to refuse or revoke your consent to such communications at any time. In the course of the communication, we process in particular the content and metadata of the communication as well as your contact data, but also image and audio recordings of video or telephone conversations. In case of audio or video recording of the communication, we will inform you separately and you are free to tell us if you do not wish to be recorded or if you wish to terminate the communication. If we need or want to confirm your identity, we may collect additional data (e.g. a copy of an ID card).
Pre-contractual measures and conclusion of contracts: With regard to the conclusion of a contract, such as in particular a contract to establish a client-lawyer relationship with you or your client or employer, which includes checking for any conflicts of interest, we may in particular collect your name, contact details, powers of attorney, declarations of consent, information about third parties (e.g.., Contact details, powers of attorney, declarations of consent, information about third parties (e.g., contact persons, family members, as well as contractual partners), contract contents, completion date, creditworthiness data, as well as all other data that you provide to us or that we obtain from public sources or third parties (e.g., commercial register, credit agencies, sanctions lists, media, legal protection insurance companies or the Internet).
Administration and performance of contracts: We process personal data in order to fulfill our contractual obligations to our customers and other contractual partners (e.g. suppliers, service providers, correspondence law firms, project partners) and in particular to provide and collect contractual services. This also includes data processing for client management (e.g. legal advice to our clients, representation of our clients before courts and authorities, correspondence) as well as data processing for the enforcement of contracts (debt collection, legal proceedings, etc.), accounting and public communication. For this purpose, we process in particular the data that we receive or have collected in the course of initiating and concluding contracts, as well as data that we create in the course of our contractual services or that we receive from public sources or other third parties (e.g. courts, authorities, counterparties, information services, media, detective agencies or the Internet). Such data may include, in particular, interview and consultation transcripts, notes, internal and external correspondence, contractual documents, documents that we create and receive in the course of proceedings before courts and authorities (e.g., deeds, judgments and notices), background information about you, counterparties or other persons, image and sound recordings, and other mandate-related information, documents, transcripts of files, invoices, and financial and payment information. In this context, we may also process sensitive personal data.
Improving our electronic offerings: In order to continuously improve our websites and other electronic offerings (e.g., newsletters), we collect data about your behavior and preferences by, for example, analyzing how you navigate through our websites and how you interact with our social media profiles and other electronic offerings (e.g., newsletters).
Registration: Certain offers and services (e.g. newsletters) require registration. For this purpose, we process the data provided during the respective registration. In addition, we may also collect personal data about you during the use of the offer or service. If required, we will provide you with further information about the processing of this data.
Security purposes and access controls: We process personal data to ensure and continuously improve the appropriate security of our IT and other infrastructure (e.g. buildings). This includes, for example, monitoring and controlling electronic access to our IT systems as well as physical access to our premises, analyzing and auditing our IT infrastructures, performing system and error checks, and creating backup copies. For documentation and security purposes (preventive measures and analysis of incidents), we also maintain access logs or visitor lists for our premises, may process criminal records and use surveillance systems (e.g., surveillance cameras). Signs indicating the presence of surveillance systems are posted in appropriate locations.
Compliance with laws, policies and recommendations of public authorities and internal regulations (“Compliance”): We process personal data to comply with applicable domestic and foreign laws (e.g., to combat money laundering or to comply with tax or professional obligations), self-regulations, certifications, industry standards, our corporate governance, and for internal and external investigations in which we are involved (e.g., by a law enforcement or regulatory agency or an appointed private entity).
Risk Management and Corporate Governance: We process personal data as part of our risk management (e.g., to protect against criminal activity) and corporate governance. This includes, among other things, our operational organization (e.g., resource planning) and corporate development (e.g., acquisition and sale of business or business units).
Other purposes: Other purposes include, for example, training and educational purposes and administrative purposes (e.g., accounting). For training, verification and quality assurance purposes, we may listen to or record telephone or video conferences. In such cases, we will notify you separately (e.g., by posting a notice during the relevant video conference), and you are free to let us know if you do not want to be recorded or to end the communication (if you do not want your image recorded, please turn off your camera). In addition, we may process personal data for the organization, implementation and follow-up of events, such as, in particular, lists of participants and the content of presentations and discussions, but also image and sound recordings made during these events. The protection of other legitimate interests is also among the other purposes, which cannot be listed exhaustively.
- Where does the data come from?
From you: Much of the data we process comes from you (for example, as part of our services, your use of our websites, and your communications with us). In some cases, this data is also automatically transmitted to us by your terminal device. With certain exceptions (e.g., legal obligations), you are not required to disclose your data. For example, you must provide us with certain data in order to enter into contracts with us or to use our services. Also, the use of our websites is not possible without data processing.
From third parties: We may collect data from publicly available sources (e.g. debt enforcement registers, land registers, commercial registers, media or internet, including social media) or receive such data from public authorities, your employer or client who has a business relationship with us or otherwise deals with us, as well as from other third parties (e.g. customers, counterparties, legal protection insurers, credit agencies, address brokers, associations, contractual partners, internet analysis services). This includes, in particular, data that we process in the course of initiating, concluding and executing contracts, as well as data from correspondence and other communication with third parties, but also all other categories of data pursuant to Section 3.
- To whom do we pass on your data?
In connection with the provisions in Clause 3, we transfer your personal data in particular to the categories of recipients listed below. To the extent necessary, we obtain your consent for this or have the relevant supervisory authorities release us from the obligation of professional secrecy.
Service providers: We work with service providers in Germany and abroad who (i) process data on our behalf (e.g. IT providers), (ii) process data under joint responsibility with us, or (iii) process data under their own responsibility that they have received from us or collected on our behalf (e.g. IT providers, banks, insurance companies, debt collection companies, credit agencies, list brokers, other law firms or consulting companies).
Customers and other contractual partners: This primarily includes our customers and our other contractual partners where a transfer of your data arises from the contract (e.g. because you work for a contractual partner or they provide services to you). This category of recipients also includes entities with which we cooperate, such as other law firms in Switzerland and abroad or legal expenses insurers. The recipients themselves are responsible for processing the data.
Authorities and courts: We may disclose personal data to offices, courts and other authorities in Switzerland and abroad if this is necessary for the fulfillment of our contractual obligations, in particular for the exercise of our mandate, if we are legally obliged or entitled to do so, or if this appears necessary to protect our interests. The recipients are responsible for the processing of the data themselves.
Counterparties and persons involved: To the extent necessary for the performance of our contractual obligations, in particular for the management of mandates, we also disclose your personal data to counterparties and other involved persons (e.g. guarantors, financiers, affiliated companies, other law firms, respondents or experts).
Other Persons: This refers to other instances where the involvement of third parties arises from the purposes set forth in Section 3. This includes, for example, addressees of service or payees named by you, third parties in the context of agency relationships (e.g. your lawyer or your bank) or persons involved in official or judicial proceedings. We may also disclose your personal data to our supervisory authority, in particular if this is necessary to release us from our professional duty of confidentiality. You may also be affected if we cooperate with media and provide them with content (e.g. photos). In the course of business development, we may sell or acquire operations, parts of operations, assets or businesses, or enter into partnerships, which may also result in the disclosure of data (including data about you, e.g., as a customer or supplier or as their agent) to parties involved in those transactions. Communications with our competitors, industry organizations, associations and other entities may also involve sharing your information.
All of these categories of recipients may involve third parties, so your data may also become available to them. We may restrict processing by certain third parties (e.g., IT vendors), but not by others (e.g., government agencies, banks, etc.).
We also allow certain third parties to collect personal data from you on our websites and at events we organize, including under their own responsibility (e.g. media photographers, providers of tools we have embedded on our websites, etc.). These third parties are solely responsible for the data processing, unless we are significantly involved in these data collections. If you have any concerns or wish to exercise your data protection rights, please contact these third parties directly. We have outlined your rights in Section 7. For information about activities on our website, please see Section 8.
- Is your personal data also transferred across borders?
We process and store personal data primarily in Switzerland and the European Economic Area (EEA). However, depending on the circumstances, personal data may potentially be processed in any country in the world, for example by subcontractors of our service providers or in proceedings before foreign courts or authorities. In the course of our work for our customers, your personal data may also end up in any country in the world.
If a recipient is located in a country without adequate data protection, we contractually oblige the recipient to comply with an adequate level of data protection (for this purpose, we use the revised standard contractual clauses of the European Commission, which are available at https://eur-lex.europa.eu/eli/…. where applicable with the necessary adaptations for Switzerland), unless the recipient is already subject to a legally recognized set of rules to ensure data protection. We may also transfer personal data to a country without adequate data protection without entering into a separate contract for this purpose if we can rely on an exception provision. An exception may apply in particular in the case of legal proceedings abroad, but also in the case of overriding public interests or if the performance of a contract which is in your interest requires such a transfer (e.g. if we pass on data to our correspondence offices), if you have consented or if it is not possible to obtain your consent within a reasonable period of time and the transfer is necessary to protect your life or physical integrity or that of a third party, or if it concerns data which you have made publicly available and the processing of which you have not objected to. We may also rely on the exception for data from a register provided for by law (e.g. commercial register) to which we have lawfully obtained access.
- What rights do you have?
You have certain rights in connection with our data processing. In particular, under applicable law, you may request information about the processing of your personal data, have inaccurate personal data corrected, request the deletion of personal data, object to data processing, request the release of certain personal data in a commonly used electronic format or its transfer to other data controllers.
If you wish to exercise your rights against us, please contact us; our contact details can be found in Section 2. To prevent misuse, we will need to verify your identity (e.g. with a copy of your ID card, if required).
Please note that conditions, exceptions or limitations apply to these rights (e.g., to protect third parties or trade secrets, or due to our professional confidentiality obligations).
- How are cookies, similar technologies and social media plug-ins used on our websites?
You can set your browser to automatically reject, accept or delete cookies. You can also disable or delete cookies on a case-by-case basis. You can find out how to manage cookies in your browser in the help menu of your browser.
Both the technical data we collect and the cookies generally do not contain any personal data. However, personal data that we or third-party providers commissioned by us store about you (e.g. if you have a user account with us or these providers) may be linked to the technical data or to the information stored in and derived from cookies and thus possibly to your identity.
We also use social media plug-ins, which are small pieces of software that create a connection between your visit to our websites and a third-party provider. The social media plug-in tells the third-party provider that you have visited our websites and may send the third-party provider cookies that the third-party provider has previously placed in your web browser. For more information about how these third-party providers use your personal data collected via their social media plug-ins, please see their respective privacy notices.
In particular, we currently use offers from the following service providers and advertising partners, whereby their contact details and further information on the individual data processing can be found in the respective data protection notices:
Provider: Google Ireland
Data protection notice: https://support.google.com/ana…
Information for Google accounts: https://policies.google.com/te…
Some of the third-party providers we use may be located outside of Switzerland. Information on cross-border data transfers can be found under point 6. For the purposes of data protection law, they may either be data processors of us or (independent) data controllers. For more information, please refer to the data protection notices of the respective service providers.
- How do we process personal data on our social media sites?
We maintain pages and other online presences on social networks and other platforms operated by third parties. In this context, we may process data about you. We may receive data from you (e.g., when you communicate with us or comment on our content) and from the platforms (e.g., statistics). The platform providers may analyze your usage and process this data together with other data they have about you. They also process this data for their own purposes (e.g., for marketing and market research purposes and to manage their platforms) and act as individual data controllers for this purpose. For more information on processing by platform operators, please refer to the privacy notices of the respective platforms.
We are currently represented on the following platforms, and the identity and contact details of the platform operator can be found in the respective privacy notices:
Provider: LinkedIn Ireland Unlimited Company or LinkedIn Corporation
Privacy Notice: https://www.linkedin.com/legal…
We are entitled, but not obligated, to review content before or after it is published on our online presences, to delete content without notice and, if necessary, to report it to the operator of the respective platform.
Some of the platform operators may have their registered office outside of Switzerland. Information on cross-border data transfers can be found in section 6.
- What else should be noted?
We do not assume that the EU General Data Protection Regulation (“GDPR”) applies to data processing by us. However, if the GDPR does exceptionally apply to certain data processing, this Section 10 will apply solely for the purposes of the GDPR and the data processing subject to it.
In this case, we base the processing of your personal data in particular on the fact that
it is necessary for the initiation, conclusion and performance of contracts as well as their administration and enforcement (Art. 6(1)(b) GDPR; see also Section 3),
it is necessary for the protection of legitimate interests of us or of third parties, e.g. for communication with you or third parties, for the operation of our websites, for the improvement of our electronic offers and registration for certain offers and services, for security purposes, for compliance with laws and internal regulations, for our risk management and corporate governance, as well as for other purposes such as education and training, administration, verification and quality assurance, organization, implementation and follow-up of events, and for the protection of other legitimate interests (Art. 6 para. 1 lit. f GDPR; see also section 3),
it is required or permitted by law on the basis of our mandate or position under the law of the EU or the EEA or an EU Member State (Art. 6 (1) lit. c DSGVO) or is necessary to protect your vital interests or the interests of other natural persons (Art. 6 (1) lit. d DSGVO);
You have separately consented to the processing, e.g. by a corresponding declaration on our websites (Art. 6 para. 1 lit. a and Art. 9 para. 2 lit. a GDPR).
We would like to point out that we process your data for as long as it is necessary for our processing purposes (cf. Section 3), the statutory retention periods and our legitimate interests, in particular for documentation and evidence purposes, or the storage is technically required (e.g. in the case of backups or document management systems). Unless there are legal or contractual obligations or technical reasons to the contrary, we generally delete or anonymize your data after the storage or processing period has expired as part of our usual processes and in accordance with our retention policy.
If you do not provide us with certain personal data, this may mean that the relevant services cannot be provided or a contract cannot be concluded. As a general rule, we indicate which personal data requested from us is mandatory.
The right described in section 7 to object to the processing of your data applies in particular to data processing for the purpose of direct marketing.
If you do not agree with our handling of your rights or data protection, please let us know (see contact details in Section 2). If you are in the EEA, you also have the right to complain to the data protection supervisory authority in your country. A list of authorities in the EEA can be found here: https://edpb.europa.eu/about-e….
- Can this privacy notice be changed?
This privacy notice is not part of any contract with you. We may change this privacy notice at any time. The version published on this website is the current version.