top of page

DATA PROTECTION

Our privacy policy

1. What is this privacy policy about?

hsm legal AG, based in Lucerne (hereinafter "we"), is a law firm providing legal services of all kinds. In the course of our business activities, we process personal data, in particular data relating to our clients, opposing parties, courts, authorities, social security, private and liability insurers, correspondent law firms, associations, affiliated persons, employees, and website visitors. As a law firm, we place great importance on the protection of your data. Data protection is an integral part of our services. This privacy policy informs you about this data collection and processing. In addition to this privacy policy, we may inform you separately about the processing of your data.

If you disclose data about other persons to us (e.g., family members, representatives, counterparties, insurance companies, or other related persons), we assume that you are authorized to do so, that this data is correct, and that you have ensured that these persons are informed about this disclosure, insofar as a legal obligation to inform applies (e.g., by having made this privacy policy known to them beforehand).

2. Responsible body

hsm legal AG, Grendelstrasse 5, 6004 Lucerne (UID...), info@hsm.ch, +41 41 541 19 03

We process personal data in accordance with the Swiss Federal Act on Data Protection (FADP) and the Ordinance on Data Protection (FADP). Depending on the individual case, the GDPR (EU/EEA) may also apply.

3. FOR WHAT PURPOSES DO WE PROCESS WHICH OF YOUR DATA?

When you use our services, visit https://hsm-legal.ch (hereinafter referred to as the “Website”), or otherwise interact with us, we collect and process various categories of your personal data. In principle, we may collect and process this data, in particular, for the following purposes:

  • Communication: We process personal data in order to communicate with you and with third parties such as opposing parties, courts, or authorities by e-mail, telephone, letter, or other means (e.g., to respond to inquiries, in the context of legal advice and representation, as well as for the initiation or performance of contracts). This also includes sending our clients, contracting parties, and other interested persons information about events, changes in legislation, news about our law firm, or similar topics. Such communication may take place, for example, in the form of newsletters and other regular contacts (electronically, by post, or by telephone). You may object to such communication or refuse or withdraw your consent to it at any time. For these purposes, we process, in particular, the content of the communication, your contact details, and communication metadata, as well as image and audio recordings of (video) calls. In the case of audio or video recordings, we will inform you separately, and you are free to inform us if you do not wish to be recorded or to terminate the communication. If we must or wish to verify your identity, we collect additional data (e.g., a copy of an identification document).

  • Initiation and conclusion of contracts: For the purpose of concluding a contract – in particular a mandate agreement – with you or your principal or employer, including the clarification of any potential conflicts of interest, we may collect and otherwise process your name, contact details, powers of attorney, declarations of consent, information about third parties (e.g., contact persons, family members, or opposing parties), contract contents, date of conclusion, creditworthiness data, as well as any other data you provide to us or that we collect from public sources or third parties (e.g., commercial registers, credit agencies, sanctions lists, media, legal expenses insurers, or the internet).

  • Administration and performance of contracts:We collect and process personal data to fulfil our contractual obligations to our clients and other contracting parties (e.g., suppliers, service providers, correspondent law firms, project partners) and, in particular, to provide and enforce contractual services. This includes data processing for case management (e.g., legal advice and representation of our clients before courts and authorities and related correspondence), for the enforcement of contracts (collection, legal proceedings, etc.), bookkeeping, and public communication (where permitted). For this purpose, we process, in particular, data obtained or collected in the course of the initiation, conclusion, and performance of contracts, as well as data created in the context of our contractual services or obtained from public sources or other third parties (e.g., courts, authorities, opposing parties, information services, media, investigators, or the internet). Such data may include consultation and advisory notes, internal and external correspondence, contractual documents, documents prepared or received in connection with proceedings before courts and authorities (e.g., statements of claim, appeals, complaints, judgments, and decisions), background information about you, opposing parties, or other persons, as well as other mandate-related information, performance records, invoices, and financial or payment information.

  • Operation of our Website: To operate our Website securely and reliably, we collect technical data such as IP address, information about your device’s operating system and settings, region, time, and type of use. We also use cookies and similar technologies. For more information, see Section 8.

  • Improvement of our electronic offerings: To continuously improve our Website and other electronic offerings, we collect data about your behavior and preferences, for example, by analyzing how you navigate through our Website and interact with our social media profiles.

  • Compliance with laws, directives, and recommendations of authorities and internal regulations (“Compliance”): We collect and process personal data to comply with applicable laws (e.g., anti-money-laundering regulations, tax obligations, or our professional duties), self-regulations, certifications, industry standards, our corporate governance, as well as for internal and external investigations or proceedings in which we are a (procedural) party (e.g., by a criminal prosecution or supervisory authority, or by a commissioned private entity).

  • Risk management and corporate governance: We collect and process personal data in the context of risk management (e.g., protection against criminal activities) and corporate governance. This includes, among other things, our business organization (e.g., resource planning) and corporate development (e.g., acquisition or sale of business units or companies).

  • Job applications: If you apply for a position with us, we collect and process the relevant data for the purpose of assessing your application, conducting the recruitment process, and, in the case of successful applications, for the preparation and conclusion of an employment contract. In addition to your contact details and the information provided in related communications, this includes, in particular, the data contained in your application documents and any additional data we may collect about you, for example, from professional social networks, the internet, media, and references, if you consent to our obtaining references. Data processing in connection with employment relationships is subject to a separate privacy notice.

  • Other purposes: Other purposes include, for example, training and educational purposes, as well as administrative purposes (e.g., accounting). For training, evidence, and quality assurance purposes, we may listen to or record telephone or video conferences. In such cases, we will inform you separately (e.g., through a notice displayed during the relevant video conference), and you are free to inform us if you do not wish to be recorded or to terminate the communication (if you merely do not wish your image to be recorded, please switch off your camera). In addition, we may process personal data for the organization, execution, and follow-up of events, including participant lists and the content of presentations and discussions, as well as image and audio recordings created during such events. The protection of other legitimate interests also constitutes an additional purpose, which cannot be exhaustively listed.

4. WHERE DOES THE DATA COME FROM?

The data comes from you or from third parties.

  • From you: You (or your device) provide us with the majority of the data we process (e.g., in connection with our services, the use of our website and apps, or communication with us). You are not obligated to provide your data, except in individual cases (e.g., legal obligations). However, if you wish to enter into contracts with us or use our services, you must provide us with certain data. Using our website is also not possible without data processing.

  • From third parties: We may also obtain data from publicly accessible sources (e.g., debt enforcement registers, land registers, commercial registers, media, or the internet, including social media) or receive it from (i) authorities, (ii) your employer or client who has a business relationship with us or is otherwise involved with us, and (iii) other third parties (e.g., clients, counterparties, legal expenses insurers, credit agencies, address brokers, associations, contractual partners, internet analytics services). This includes, in particular, data that we process in connection with the initiation, conclusion, and execution of contracts, as well as data from correspondence and meetings with third parties, and all other categories of data as described above.

5. WHO DO WE DISCLOSE YOUR DATA TO?

In connection with the purposes set out in Section 3, we disclose your personal data, in particular, to the categories of recipients listed below. Where required, we will obtain your consent for such disclosure or seek a waiver of our professional secrecy obligations from our supervisory authority.

  • Service providers: We cooperate with service providers in Switzerland and abroad who process data (i) on our behalf (e.g., IT providers), (ii) under joint responsibility with us, or (iii) under their own responsibility, using data that they receive from us or collect on our behalf. Such service providers may include, for example, IT providers, banks, insurance companies, collection agencies, credit reference agencies, address verification providers, other law firms, or consulting companies. We generally conclude agreements with these third parties governing the use and protection of personal data. 

  • Clients and other contracting parties: This category includes clients and other contractual partners of our firm, where the transfer of your data arises from the contractual relationship (e.g., because you act on behalf of a contracting party or because they provide services to you). This category also includes entities with whom we cooperate, such as other law firms in Switzerland and abroad or legal expenses insurers. These recipients generally process the data under their own responsibility. 

  • Authorities and courts: We may disclose personal data to offices, courts, and other authorities in Switzerland and abroad if this is necessary to fulfil our contractual obligations and, in particular, for the management of mandates, or if we are legally required or entitled to do so, or if such disclosure appears necessary to protect our legitimate interests. These recipients process the data under their own responsibility. 

  • Opposing parties and other involved persons: Where necessary to fulfil our contractual obligations, in particular for the management of mandates, we may also disclose your personal data to opposing parties and other persons involved (e.g., guarantors, financiers, affiliated companies, other law firms, witnesses, or experts).

  • Other persons: This category covers other cases in which the involvement of third parties arises from the purposes described in Section 3. Examples include delivery recipients or payment beneficiaries specified by you, third parties within the scope of representation relationships (e.g., your lawyer or your bank), or persons involved in administrative or judicial proceedings. We may also disclose your personal data to our supervisory authority, in particular where this is necessary in an individual case to obtain a waiver of our professional secrecy obligation. When we cooperate with the media and provide them with materials (e.g., photographs), you may also be affected.

In the context of our business development, we may sell or acquire businesses, business units, assets, or companies, or enter into partnerships, which may involve the disclosure of data (including your data, e.g., as a client, supplier, or representative thereof) to persons involved in such transactions.

In the course of communication with competitors, industry organizations, associations, and other bodies, data concerning you may also be exchanged.

All these categories of recipients may, in turn, engage third parties, which means that your data may also become accessible to them. While we can restrict processing by certain third parties (e.g., IT providers), we cannot do so for others (e.g., authorities, banks, etc.).
We also enable certain third parties to collect personal data from you under their own responsibility on our Website and at our events (e.g., media photographers, providers of tools integrated into our Website, etc.). Where we are not materially involved in such data collection, these third parties are solely responsible for their processing. For any inquiries or to exercise your data protection rights, please contact these third parties directly. Your rights are set out in Section 7. For information regarding activities on our Website, see Section 8.

6. DOES YOUR PERSONAL DATA ALSO GET ABROAD?

We use advanced security measures to ensure the confidentiality and integrity of your data. Our server infrastructure and data transmission technologies meet the highest standards to best protect your data. Learn more about our privacy practices.

7. WHAT RIGHTS DO YOU HAVE?

You have certain rights in connection with our data processing. In particular, under applicable law, you can request information about the processing of your personal data, have inaccurate personal data corrected, request the deletion of personal data, object to data processing, request the release of certain personal data in a commonly used electronic format or its transfer to other controllers.

If you wish to exercise your rights against us, please contact us; our contact details can be found in section 2. In order to prevent misuse, we need to identify you (e.g. with a copy of your ID, if necessary).

Please note that these rights are subject to conditions, exceptions, or limitations (e.g., to protect third parties or trade secrets, or due to our professional obligation of confidentiality). We reserve the right to redact copies or provide only excerpts for data protection or confidentiality reasons.

8. HOW ARE COOKIES, SIMILAR TECHNOLOGIES AND SOCIAL MEDIA PLUG-INS USED ON OUR WEBSITE AND OTHER DIGITAL SERVICES?

When you use our website (including newsletters and other digital services), data is generated and stored in logs (especially technical data). We may also use cookies and similar technologies (e.g., pixel tags or fingerprints) to recognize website visitors, analyze their behavior, and identify preferences. A cookie is a small file that is transmitted between the server and your system and enables the recognition of a specific device or browser.

You can configure your browser to automatically reject, accept, or delete cookies. You can also disable or delete cookies on a case-by-case basis. For information on how to manage cookies in your browser, please consult your browser's help menu.

Neither the technical data we collect nor the cookies we use generally contain personal data. However, personal data that we or third-party providers commissioned by us store about you (e.g., if you have a user account with us or these providers) can be linked to the technical data or to the information stored in and derived from cookies, and thus potentially to you personally.

We also use social media plugins, which are small software components that establish a connection between your visit to our website and a third-party provider. The social media plugin informs the third-party provider that you have visited our website and may transmit cookies to the third-party provider that they previously placed on your web browser. Further information about how these third-party providers use your personal data collected via their social media plugins can be found in their respective privacy policies.

In addition, we use our own tools and third-party services (which may in turn use cookies) on our website, in particular to improve the functionality or content of our website (e.g., integration of videos or maps), to compile statistics, and to display advertising. Currently, we may use offers from the following service providers and advertising partners, whose contact details and further information on the individual data processing activities can be found in their respective privacy policies:

Some of the third-party providers we use may be located outside of Switzerland. Information on data transfers abroad can be found in section 6. With regard to data protection, some of them are "only" data processors for us, while others are data controllers. Further information can be found in their respective privacy policies.

9. How do we process personal data on our social media pages?

We operate pages and other online presences on social networks and other third-party platforms and process data about you in this context. We receive data from you (e.g., when you communicate with us or comment on our content) and from the platforms themselves (e.g., statistics). The platform providers can analyze your usage and process this data together with other data they have about you. They also process this data for their own purposes (e.g., marketing and market research purposes and for administering their platforms) and act as separate controllers for this purpose. For further information on data processing by the platform operators, please refer to the privacy policies of the respective platforms. We currently use the following platforms, and the identity and contact details of the platform operator can be found in their respective privacy policies:

We are entitled, but not obligated, to review third-party content before or after its publication on our online platforms, to delete content without notice, and, if necessary, to report it to the provider of the platform in question.

Some of the platform operators may be located outside of Switzerland. Information on data transfers abroad can be found in section 6.

10. WHAT ELSE NEEDS TO BE CONSIDERED?

We do not assume that the EU General Data Protection Regulation (“GDPR”) applies in our case. However, should this exceptionally be the case for certain data processing activities, then this section 10 shall apply exclusively for the purposes of the GDPR and the data processing activities subject to it.

We base the processing of your personal data in particular on the fact that

  • as described in point 3, is necessary for the initiation and conclusion of contracts and their administration and enforcement (Art. 6 para. 1 lit. b GDPR);

  • it is necessary to protect our legitimate interests or those of third parties as described in point 3, in particular for communication with you or third parties, to operate our website, to improve our electronic offerings and registration for certain offers and services, for security purposes, for compliance with Swiss law and internal regulations for our risk management and corporate governance and for other purposes such as training and education, administration, evidence and quality assurance, organization, execution and follow-up of events and to protect other legitimate interests (see point 3) (Art. 6 para. 1 lit. f GDPR);

  • it is legally required or permitted under the law of the EEA or a Member State due to our mandate or our position (Art. 6 para. 1 lit. c GDPR) or is necessary to protect your vital interests or those of other natural persons (Art. 6 para. 1 lit. d GDPR);

  • You have given your separate consent to the processing, e.g. via a corresponding declaration on our website (Art. 6 para. 1 lit. a and Art. 9 para. 2 lit. a GDPR).

Please note that we generally process your data for as long as required by our processing purposes (see section 3), statutory retention periods, and our legitimate interests, particularly for documentation and evidentiary purposes, or as long as storage is technically necessary (e.g., in the case of backups or document management systems). Unless legal or contractual obligations or technical reasons prevent us from doing so, we will generally delete or anonymize your data after the storage or processing period has expired, in accordance with our standard procedures and our retention policy.

Failure to provide certain personal data may prevent us from providing the related services or concluding a contract. We always indicate where the personal data we request is mandatory.

The right to object to the processing of your data, as set out in section 7, applies in particular to data processing for direct marketing purposes. If you do not agree with how we handle your rights or data protection, please inform us (see contact details in section 2). If you are located in the EEA, you also have the right to lodge a complaint with the data protection supervisory authority in your country. A list of the authorities in the EEA can be found here: https://edpb.europa.eu/about-edpb/board/members_de .

11. CAN THIS PRIVACY POLICY BE CHANGED?

This privacy policy is not part of any contract with you. We may amend this privacy policy at any time. The version published on this website is the most current version.

 

As of May 1, 2025

bottom of page