PRIVACY NOTICE OF LEGAL AS A SERVICE AG

1.        WHAT IS THIS PRIVACY NOTICE ABOUT?

Legal as a Service AG (the “Law Firm”, hereinafter also “we”, “us”) is a boutique law firm based in Pfäffikon, SZ. In the course of our business activities, we acquire and process personal data, in particular personal data about our clients, associated persons, counterparties, courts and authorities, correspondent law firms, professional and other associations, visitors to our website, participants in events, recipients of newsletters and other bodies or their respective contact persons and employees (hereinafter also “you”). In this privacy notice, we inform you about these data processing activities. In addition to this privacy notice, we may inform you separately about the processing of your data (e.g. in forms or contract terms).

If you provide us with data about other persons (e.g. family members, representatives, counterparties or other associated persons), we assume that you are authorized to do so and that such data is correct and that you have ensured that such persons are informed about this disclosure, to the extent that a legal obligation to inform applies (e.g. by providing them with this privacy notice in advance). If you would like to enter into special agreements with us regarding data protection regarding our services, please contact us separately at the address given in section 2.

Please note that the legally regulated attorney-client privilege cannot be ensured for emails or electronic communication via websites and internet platforms.

2.        WHO IS RESPONSIBLE FOR PROCESSING YOUR DATA?

The data controller for the processing described in this privacy notice is:

Legal as a Service AG, Churerstrasse 47, CH-8808 Pfäffikon SZ, Switzerland

Telephone: +41 55 511 0811, Fax: +41 55 511 0812

The person responsible for data protection and privacy at Legal as a Service AG is the CEO Ms. Kramer, who can be reached at the above address and at the email address info@legal-as-a-service.com.

3.        FOR WHAT PURPOSES DO WE PROCESS WHICH DATA?

When you use our services, use our website at legal-as-a-service.ch or legal-as-a-service.com (hereinafter “website”), or otherwise interact with us, we collect and process various categories of your personal data. In principle, we may collect and otherwise process this data in particular for the following purposes:

• Communication: We process personal data so that we can communicate with you and with third parties such as opposing parties, courts or authorities via email, telephone, letter or otherwise (e.g. to answer inquiries, in the context of legal advice and representation as well as contract initiation or execution). This also includes that we can provide our clients, contractual partners and other interested parties with information about events, changes in the law, news about our law firm or similar. This can be done e.g. in the form of newsletters and other communications (electronically, by mail, by telephone). You can refuse such communication at any time or refuse or revoke your consent to such communication. For this purpose, we process the content of the communication, your contact details and the metadata of the communication, but also image and audio recordings of (video) telephone calls. In the case of an audio or video recording, we will inform you separately and it is up to you to tell us if you do not want a recording or to end the communication. If we need or want to confirm your identity, we collect additional data (e.g. a copy of an ID).
• Initiation and conclusion of contracts: With regard to the conclusion of a contract, such as in particular a contract for the establishment of a mandate relationship with you or your principal or employer, including the clarification of any conflicts of interest, we may collect and otherwise process in particular your name, contact details, powers of attorney, declarations of consent, information about third parties (e.g. contact persons, family details and opposing parties), contract content, conclusion date, creditworthiness data and all other data that you provide us with or that we obtain from public sources or from third parties (e.g. commercial register, credit agencies, sanctions lists, media, legal expenses insurance or from the internet).
• Administration and performance of contracts: We collect and process personal data so that we can fulfill our contractual obligations towards our clients and other contractual partners (e.g. suppliers, service providers, correspondent law firms, project partners) and in particular provide and demand contractual services. This includes data processing for mandate management (e.g. legal advice and representation of our clients before courts and authorities and correspondence) as well as data processing for contract enforcement (collection, court proceedings etc.), book-keeping and public communication (if permitted). For this purpose, we also process the data that we have received or collected during the initiation, execution and performance of the contract as well as data that we create within the scope of our contractual services or that we obtain from public sources or from other third parties (e.g. courts, authorities, opposing parties, information services, media, detective agencies or from the internet). This data may include conversation and consultation protocols, notes, internal and external correspondence, contract documents, documents that we create and receive in the course of proceedings before courts and authorities (e.g. complaint appeal and appeal briefs, judgments and decisions), background information about you, opposing parties or other persons, as well as other mandate-related information, performance records, invoices and financial and payment information.
• Operation of our website: In order to operate our website securely and stably, we collect technical data such as IP address, information about the operating system and settings of your end device, the region, the time and type of use. We also use cookies and similar technologies. For further information see section 8.
• Improvement of our electronic offers: In order to continuously improve our website and any other electronic offers, we may collect data about your behavior and preferences by analyzing how you navigate through our website.
• Security purposes and access controls: We collect and process personal data to ensure the appropriate security of our IT and other infrastructure (e.g. buildings) and to continuously improve it. This includes e.g. monitoring and controlling electronic access to our IT systems as well as physical access to our premises (may also be using procedures that process biometric data), analyses and tests of our IT infrastructures, system and error checks and the creation of security backups. For documentation and security purposes (preventive and for the clarification of incidents), we also keep access logs or visitor lists in relation to our premises and use surveillance systems (e.g. security cameras). We inform you about surveillance systems at the relevant locations by means of appropriate signs.
• Compliance with laws, directives and recommendations of authorities and internal regulations (“compliance”): We collect and process personal data to comply with applicable laws (e.g. to combat money laundering, tax obligations or our professional obligations), self-regulations, certifications, industry standards, our “corporate governance” as well as for internal and external investigations in which we are a (procedural) party (e.g. by a law enforcement or supervisory authority or a commissioned private body).
• Risk management and corporate governance: We collect and process personal data in the context of risk management (e.g. to protect against delinquent activities) and corporate governance. This includes, among other things, our operational organization (e.g. resource planning) and corporate development (e.g. purchase and sale of business units or companies).
• Job applications: If you apply for a job with us, we collect and process the relevant data for the purpose of reviewing the application, conducting the application process and, in successful applications, preparing and concluding a corresponding contract. In addition to your contact details and the information from the corresponding communication, we also process the data contained in your application documents and the data that we can additionally obtain about you, for example from professional social networks, the internet, the media and from references, if you consent to us obtaining references.
• Further purposes: Further purposes include e.g. training and education purposes as well as administrative purposes (e.g. accounting). We may listen in on or record telephone or video conferences for training, evidence and quality assurance purposes. In such cases, we will inform you separately (e.g. by displaying a message during the relevant video conference) and it is up to you to tell us if you do not want a recording or to end the communication (if you only do not want your image to be recorded, please turn off your camera). In addition, we may process personal data for the organization, implementation and follow-up of events, such as participant lists and content of lectures and discussions, but also image and audio recordings that are created during these events. The protection of other legitimate interests also applies to further purposes that cannot be named conclusively at this point in time.

4.        WHERE DOES THE DATA COME FROM?

• From you: The majority of the data we process is provided to us by you or your device (e.g. in connection with our services, the use of our website and apps, or communication with us). You are not obliged to disclose your data, except in individual cases (e.g. legal obligations). However, if you want to conclude contracts with us or use our services, for example, you must provide us with certain data. Also, the use of our website is not possible without data processing.
• From third parties: We may also obtain data from publicly accessible sources (e.g. debt collection registers, land registers, commercial registers, media or the internet including social media) or receive it from (i) authorities, (ii) your employer or principal who either has a business relationship with us or otherwise has dealings with us, and from (iii) other third parties (e.g. clients, opposing parties, legal expenses insurance companies, credit agencies, address dealers, associations, contractual partners, internet analysis services). This includes the data that we process in the context of the initiation, execution and performance of contracts as well as data from correspondence and meetings with third parties, but also all other categories of data according to section 3.

5.        TO WHOM DO WE DISCLOSE YOUR DATA?

In connection with the purposes listed in section 3, we may transmit your personal data to the categories of recipients listed below. If necessary, we will obtain your consent for this or have ourselves released from our professional duty of confidentiality by our legal supervisory authority.

• Service providers: We work with service providers in Switzerland and abroad who process data on our behalf (e.g. IT providers), jointly with us or on their own responsibility that they have received from us or collected for us. (These service providers include e.g. IT providers, banks, insurance companies, collection agencies, credit agencies, address verifiers, other law firms or consulting companies).
• Clients and other contractual partners: This refers first of all to clients and other contractual partners of ours where a transmission of your data results from the contract (e.g. because you work for a contractual partner or he provides services for you). This category of recipients also includes bodies with whom we cooperate, such as other law firms in Switzerland and abroad or legal expenses insurance companies. The recipients generally process the data on their own responsibility.
• Authorities and courts: We may disclose personal data to offices, courts and other authorities in Switzerland and abroad, if this is necessary for the fulfillment of our contractual obligations and also for mandate management, or if we are legally obliged or entitled to do so, or if this appears necessary to protect our interests. These recipients process the data in their own responsibility.
• Opposing parties and involved persons: If this is necessary for the fulfillment of our contractual obligations, in particular for mandate management, we also disclose your personal data to opposing parties and other involved persons (e.g. guarantors, financiers, affiliated companies, other law firms, witnesses or experts etc.).
• Other persons: This refers to other cases where the involvement of third parties results from the purposes according to section 3. This concerns e.g. delivery addresses or payment recipients specified by you, third parties in the context of representation relationships (e.g. your lawyer or your bank) or persons involved in official or court proceedings. We may also disclose your personal data to our supervisory authority, if this is necessary in individual cases for release from our professional duty of confidentiality. If we cooperate with media and transmit material to them (e.g. photos), you may also be affected. In the course of corporate development, we may sell or acquire businesses, business units, assets or companies or enter into partnerships, which may also result in the disclosure of data (including yours, e.g. as a client or supplier or as their representative) to the persons involved in these transactions. In the course of communication with our competitors, industry organizations, associations and other committees, there may also be an exchange of data that concerns you. All these categories of recipients may in turn involve third parties, so that your data may also become accessible to them. We can restrict the processing by certain third parties (e.g. IT providers), but not by others (e.g. authorities, banks etc.).

6.        DO WE TRANSFER PERSONAL DATA ABROAD?

We process and store personal data mainly in Switzerland and the European Economic Area (EEA), depending on the case - for example, through subcontractors of our service providers or in proceedings before foreign courts or authorities - but potentially in any country in the world. Also, in the course of our work for clients, your personal data may go to any country in the world. If a recipient is located in a country without adequate data protection, we contractually obligate the contractual party or subcontractor to comply with an adequate level of data protection (for this purpose we use the revised standard contractual clauses of the European Commission, which can be accessed here: EU SCC 2021, including the necessary additions for Switzerland), unless it is already subject to a legally recognized set of rules to ensure data protection. We may also disclose personal data to a country without adequate data protection without entering into a separate contract, if we can rely on a legal exception. An exception may apply, for example, in legal proceedings abroad, but also in cases of overriding public interests or if the performance of a contract that is in your interest requires such disclosure (e.g. if we disclose data to our correspondent law firms), if you have consented, or if obtaining your consent within a reasonable period of time is not possible and disclosure is necessary to protect your life or physical integrity or that of a third party, or if it concerns data that you have made generally accessible and whose processing you have not objected to. We may also rely on the exception for data from a legally provided register (e.g. commercial register) that we have legitimately accessed.

7.        WHAT RIGHTS DO YOU HAVE?

You have certain rights in connection with our data processing. According to applicable law, you can request information about the processing of your personal data, have incorrect personal data corrected, and in certain cases request the deletion of personal data and object to data processing, pr request the release of certain personal data in a common electronic format or their transfer to other controllers. If you want to exercise your rights towards us, please contact us; our contact details can be found in section 2. In order to prevent abuse, we must first formally check your identity (e.g. with a copy of an ID). Please note that these rights are subject to conditions, exceptions or restrictions (e.g. to protect third parties or trade secrets or due to our professional duty of confidentiality). We reserve the right to black out certain sections in copies for reasons of data protection or confidentiality, or to provide such information only in part.

8.      HOW ARE COOKIES AND THIRD PARTY TECHNOLOGIES USED IN OUR WEBSITE?

When using our website (including any newsletters, contact forms or other digital offers), data is generated that is stored in logs (mainly technical data). We may also use cookies and similar techniques (e.g. pixel tags, scans or even fingerprints) to recognize website visitors, evaluate their behavior and identify preferences. A cookie is a small file that is transmitted between the server and your system and enables the recognition of a specific device or browser. You can set your browser to automatically reject, accept or delete cookies. You can also disable or delete cookies on a case-by-case basis. You can find out how to manage cookies in your browser in the help menu of your browser. Both the technical data we collect and cookies usually do not contain personal data. However, personal data that we or third parties commissioned by us store about you (e.g. if you have a user account with these providers) may be linked to the technical data or to the information stored in cookies and derived from them and thus possibly to your person. We also use social media plug-ins, which are small software components that establish a connection between your visit to our website and a third party. The social media plug-in informs the third party that you have visited our website and may transmit cookies to the third party that it has previously placed on your web browser. For more information on how these third parties use your personal data collected through their social media plug-ins, please refer to their respective privacy policies. In addition, we use our own tools as well as services from third parties (which may also use cookies) on our website, in particular to improve the functionality or content of our website (e.g. integration of videos or maps), to create statistics.

Some of the third-party providers we use may be located outside Switzerland. Information on data disclosure abroad can be found under section 6. From a data protection perspective, they are partly processors for us and partly responsible controllers themselves. Currently, we only use Swiss and European service providers, whereby their contact details and further information on the individual data processing can be shared upon reasonable request. For the purposes of this widely published privacy notice, we are sharing the following information:

• Hosting in Switzerland under a data processing agreement
• Hosting in Germany under a data processing agreement
• Information and communication applications in Ireland under a data processing agreement
• (Furthermore, we have deactivated analytics and tracking tool add-ons on this site.)

9.        HOW DO WE PROCESS PERSONAL DATA ON OUR PAGES IN SOCIAL NETWORKS?

We may operate pages and other online presences on social networks and other platforms operated by third parties and process data about you in this context. We receive data from you (e.g. when you follow us, communicate with us or comment on our content) and from the platforms (e.g. statistics). The platform providers may analyze your use and process this data together with other data they have about you. They also process this data for their own purposes (e.g. marketing and market research purposes and for managing their platforms) and act as independent controllers for this purpose. For more information on the processing by the platform operators, please refer to the respective platform’s privacy notice. We currently use the following platforms, whereby the identity and contact details of the platform operator can be found in the respective privacy notice:

• LinkedIn Ireland Unlimited, 2 WILTON PLACE DUBLIN, D02 AD98 Ireland, www.linkedin.com - Privacy Notice: https://de.linkedin.com/legal/privacy-notice

We are entitled but not obliged to review third-party content before or after its publication on our online presences, to delete content without notice and to report it to the provider of the relevant platform if necessary. Some of the platform operators may be located outside Switzerland. Information on data disclosure abroad can be found under section 6.

10.     WHAT ELSE SHOULD BE CONSIDERED? GDPR?

We do not assume that the EU General Data Protection Regulation (“GDPR”) generally applies to our website. However, if this is exceptionally the case for certain data processing operations, then this section 10 applies exclusively for the purposes of the GDPR and the data processing operations subject to it. We base the processing of your personal data on the fact that

• it is necessary as described in section 3 for the initiation and conclusion of contracts and their administration, performance and enforcement (Art. 6 para. 1 lit. b GDPR);
• it is necessary to protect legitimate interests of us or third parties as described in section 3, namely for communication with you or third parties, to operate our website, to improve our electronic offers and to register for certain offers and services, for security purposes, to comply with Swiss law and internal regulations for our risk management and corporate governance and for further purposes such as training and education, administration, evidence and quality assurance, organization, implementation and follow-up of events and to protect further legitimate interests (see section 3) (Art. 6 para. 1 lit. f GDPR);
• it is legally required or permitted due to our mandate or position under EEA or member state law (Art. 6 para. 1 lit. c GDPR) or is necessary to protect your vital interests or those of other natural persons (Art. 6 para. 1 lit. d GDPR);
• You have separately consented to processing, e.g. through a corresponding declaration on our website (Art. 6 para. 1 lit. a and Art. 9 para. 2 lit. a GDPR).

We would like to inform you that we generally process your data for as long as our processing purposes (see section 3), legal retention periods and our legitimate interests, in particular for documentation and evidence purposes, require it or storage is technically necessary (e.g. in the case of backups or document management systems). If there are no legal or contractual obligations or technical reasons to the contrary, we will generally delete or anonymize your data after the storage or processing period has expired as part of our usual procedures and in accordance with our retention policy.

If you do not provide certain personal data, this may result in the provision of the related services or the conclusion of a contract not being possible. We generally indicate where personal data requested by us is mandatory.

The right to object to the processing of your data set out in section 7 applies mainly to data processing for direct marketing purposes. If you do not agree with our handling of your rights or data protection, please let us know (see contact details in section 2).

If you are located in the EEA, you also have the right to lodge a complaint with the data protection supervisory authority of your country. A list of authorities in the EEA can be found here: https://edpb.europa.eu/about-edpb/board/members_de. Our authorized representative for service in Germany (if required according to Art.27 GDPR) is: Attorney Rüdiger Bock, LL.M. Bahnhofstraße 12, DE-78462 Konstanz, Email: info (at) d-ch-law.com.

11. CAN THIS PRIVACY NOTICE BE CHANGED?

This privacy notice is based on the template for lawyers from the Swiss Bar Association (SAV) and we may change this privacy notice at any time. It is not part of a contract with you. The version published on this website is the current version.