This Privacy Statement is issued in light of the Swiss Data Protection Act (DPA).
The purpose of this Privacy Statement is to describe how we collect, process and protect personal data relating to: (i) prospects (ii) clients (iii) individuals and/or entities which personal data are provided to us by the Client or which comes to our knowledge in connection with the services we provide (“Related Persons”).
Related Persons can be : (i) any director, officer, authorized signatory or employee of a company (ii) a trustee, settlor or protector of a trust (iii) any beneficial owner of the Client’s assets (iv) a controlling person (v) a representative or agent of the Client (vi) family members of the Client (vii) any other individual or entity having a relationship with the Client that is relevant to our relationship with our Client.
This Privacy Statement also informs the Client and Related Persons of their rights.
1 We process personal data (i.e. data that can directly or indirectly identify natural persons) that you or third parties provide to us as part of our contractual relationship. The same applies to data that we collect ourselves. Natafera is responsible for processing personal data in accordance with this declaration.
2 Certain personal data is therefore provided to us by yourself (or other data subjects) when you (or they) contact us in writing or orally (e.g., by letter, e-mail or telephone) to request our services. This may include the name, contact details or information on the role of the person concerned within the company, the organization for which you (or the respective contact persons) work, or on whose behalf you (or they) contact us. In addition, we process personal data collected from our correspondence with customers or third parties (in particular opposing parties, authorities, courts, their respective employees or other contact persons). This may include names, contact data, dates of birth, information on employment relationships, income, family situation or state of health. We also collect certain personal data ourselves, e.g. from public registers or websites.
3 As far as the purpose of processing personal data is concerned, it primarily enables us to provide, document and invoice our services.
4 Finally, we may process the contact data of the customer, their employees or other persons for marketing purposes (using any means of communication such as e-mail, social media, post or telephone) in order to provide information about publications, events, new services or products that may be of interest to them.
5 To achieve these purposes, it may be necessary for us to transmit personal data to the following categories of recipients: external service providers, customers, opposing parties and their legal representatives, business partners with whom we may need to coordinate legal services, as well as authorities and courts.
6 We process personal data related to our sphere of responsibility in Switzerland and within the UE/EEE. We may also pass on this data to recipients (in particular customers, opposing parties or authorities) who in turn process personal data in other countries, even if the latter do not guarantee a level of protection comparable to Swiss law. In the latter case, we will only do so on the basis of consent or standard contractual clauses. The same applies if the transfer of data is necessary for the performance of a contract or for the assertion of legal claims.
7 We retain personal data for as long as is necessary for the performance of the contract, but in any case, for the statutory retention or documentation period, or for as long as there is an overriding private or public interest. We take appropriate and proportionate measures to protect personal data against loss, unauthorized modification or unauthorized access by third parties. If you provide us with personal data via a third party (e.g. your employees or other contact persons), it is your responsibility to inform them in full of the data processing carried out by our law firm and other legal or external service providers (e.g. in a data protection declaration for your employees).
8 We would like to point out that we use external IT service providers or cloud providers to carry out the mandate. In such cases, we use certain IT services or means of communication that may be associated with data security risks (e.g. e-mail and video conferencing). If you would like us to take special security measures, please let us know beforehand.
9 The aforementioned purposes are based on a legitimate interest in the processing of personal data. Some processing is also necessary for us to fulfil our contractual obligations towards you. The same applies to legal obligations to which we are subject, e.g. our obligation to keep records.
10 Data subjects have the right to obtain information on the personal data stored about them, to know the purpose of such data, to rectify it, to delete it, to limit its processing, to object to its processing and to lodge a complaint with a supervisory authority. The same persons also have the right to data transfer or portability. Please note, however, that these rights are subject to conditions and exceptions. To the extent permitted or required by law, certain requests may be refused. For example, we may or may have to retain personal data or continue to process it in some other way for legal reasons, despite a request for deletion or restriction of data processing.
11 This declaration does not require the express consent of the customer, his employees or other contact persons. This declaration only constitutes information on the nature, scope and purpose of the data processed by Natafera. The latter reserves the right to unilaterally modify the content of this declaration at any time and without prior notice. We therefore recommend that you regularly consult the data protection declaration of Natafera, which can be viewed on our website.
12 If you, your employees or other contact persons have any questions, please contact us.