Privacy Policy of Wartmann Merker AG
Version of October 31, 2024
1. What is this Privacy Policy about?
Wartmann Merker AG (hereinafter also referred to as "we," "us") is a law firm based in Zurich. In the course of our business activities, we collect and process personal data, particularly data related to our clients, associated individuals, counter-parties, courts, authorities, correspondent law firms, professional and other associations, website visitors, event participants, newsletter recipients, and other entities or their respective contacts and employees (hereinafter also referred to as "you"). This Privacy Policy provides information about these data processing activities.
In addition to this Privacy Policy, we may inform you separately about how your data is processed (e.g., in forms or contractual conditions).
If you provide us with data about other persons (e.g., family members, representatives, counterparties, or other related persons), we assume that you are authorized to do so and that the data is accurate. You must ensure that these individuals are informed about this disclosure to the extent required by law (e.g., by making this Privacy Policy available to them beforehand).
2. Who is responsible for processing your personal data?
The party responsible for the data processing activities described in this Privacy Policy is:
Wartmann Merker AG
Kirchgasse 48
P.O. Box
8024 Zurich
Phone: +41 44 212 10 11
Email: office@wartmann-merker.ch
3. For what purposes do we process your personal data?
When you use our services, visit our website, or otherwise interact with us, we collect and process various categories of your personal data. Generally, we may collect and process this data for the following purposes:
Communication: We process personal data to communicate with you and third parties, such as counterparties, courts, or authorities, via email, telephone, mail, or other means (e.g., to respond to inquiries, provide legal advice and representation, or initiate or process contracts). This also includes sending our clients, contracting parties, and other interested individuals information on events, legislative changes, news about our firm, or similar topics, which may be communicated through newsletters and other regular contacts (electronically, by mail, or by phone). You may opt out of such communication or withdraw your consent at any time.
Initiation and conclusion of contracts: To enter into a contract, particularly one establishing a mandate relationship, with you or your employer, including the resolution of potential conflicts of interest, we may collect and process your name, contact details, powers of attorney, consent declarations, information about third parties (e.g., contact persons, family information, counterparties), contract content, contract conclusion date, credit information, as well as any other data you provide to us or that we collect from public sources or third parties (e.g., commercial registers, credit agencies, sanctions lists, media, legal protection insurers, or the internet).
Management and execution of contracts: We collect and process personal data to fulfill our contractual obligations toward our clients and other contracting parties (e.g., suppliers, service providers, correspondent law firms, project partners), specifically to provide and enforce contractual services. This includes data processing for case management (e.g., legal advice and representation of clients before courts and authorities and correspondence) and data processing to enforce contracts (collection, litigation, etc.), bookkeeping, and public communication (if permitted).
Website operation: To operate our website securely and reliably, we collect technical data, such as IP addresses, information about your device’s operating system and settings, region, time, and type of use. We also use cookies and similar technologies (see Section 8 for further details).
Improvement of electronic services: To continuously improve our website and other electronic services, we collect data on your behavior and preferences, analyzing how you navigate our website, for example.
Registration: To access certain offers and services (e.g., [free WiFi], newsletters), you must register (either directly with us or through our external login providers). We process the data you provide upon registration. Additionally, during the use of the offer or service, we may collect further personal data about you; if necessary, we will provide additional information about this data processing.
Security purposes and access control: We collect and process personal data to ensure adequate security of our IT systems and other infrastructure and to improve it continuously. This includes monitoring and controlling electronic access to our IT systems and physical access to our premises, analyzing and testing our IT infrastructure, conducting system and error checks, and creating backups. For documentation and security purposes (both preventive and to clarify incidents), we also keep access logs or visitor lists for our premises.
Compliance with laws, instructions, and recommendations from authorities, and internal regulations ("Compliance"): We collect and process personal data to comply with applicable laws (e.g., anti-money laundering, tax obligations, or our professional duties), self-regulations, certifications, industry standards, our corporate governance, and for internal and external investigations in which we are a party (e.g., by a law enforcement or regulatory authority or a mandated private entity).
Risk management and corporate governance: We collect and process personal data within the scope of risk management (e.g., protection against criminal activities) and corporate governance, including our organizational management (e.g., resource planning) and corporate development (e.g., evaluation or entry of new partners).
Job applications: If you apply for a position with us, we collect and process relevant data to evaluate the application, conduct the application process, and, in case of successful applications, to prepare and conclude a corresponding contract. In addition to your contact details and information from the relevant communication, we process, in particular, the data contained in your application documents and data we may obtain about you from professional social networks, the internet, media, and references, provided you consent to us obtaining references. Data processing related to employment relationships is governed separately.
4. Where does your data come from?
From you: The majority of the data we process is provided by you (e.g., in connection with our services, website usage, or communication with us). You are not obligated to provide your data, with the exception of certain individual cases (e.g., legal obligations). However, if you wish to conclude contracts with us or use our services, you must provide certain data. Likewise, the use of our website is not possible without data processing.
From third parties: We may also obtain data from publicly accessible sources (e.g., debt registers, land registers, commercial registers, media, or the internet, including social media) or receive it from (i) authorities, (ii) your employer or contractor who has a business relationship with us or otherwise interacts with us, and (iii) other third parties (e.g., clients, counterparties, legal protection insurers, credit agencies, address brokers, associations, contracting partners, internet analytics services). This includes, in particular, the data we process in connection with the initiation, conclusion, and execution of contracts and data from correspondence and meetings with third parties.
5. To whom do we disclose your personal data?
For the purposes outlined in Section 3, we may disclose your personal data to the following categories of recipients. Where required, we will obtain your consent or seek exemption from our professional duty of confidentiality from our supervisory authority:
Service providers: We work with service providers domestically and abroad who (i) process data on our behalf (e.g., IT providers), (ii) are jointly responsible with us, or (iii) process data on their own responsibility. (These include, for example, IT providers and trustees.) We generally enter into agreements with these third parties regarding the use and protection of personal data.
Clients and other contracting parties: This primarily refers to clients and other contracting parties where data transfer is a result of our mandate (e.g., because you are working for a contracting party or they are providing services for you). This category also includes entities with whom we cooperate, such as other law firms domestically and abroad, or legal protection insurers. These recipients process the data on their own responsibility.
Authorities and courts: We may disclose personal data to offices, courts, and other authorities domestically and abroad if necessary to fulfill our contractual obligations, particularly for case management, or if legally required or permitted, or if necessary to safeguard our interests. These recipients process the data on their own responsibility.
Counterparties and involved persons: To fulfill our contractual obligations, particularly for case management, we may disclose your personal data to counterparties and other involved persons (e.g., guarantors, financiers, affiliated companies, other law firms, informants, or experts, etc.).
Other persons: This includes other cases where the involvement of third parties is necessary as outlined in Section 3. For example, this may include shipping recipients or payment recipients specified by you, third parties involved in representative relationships (e.g., your lawyer or bank), or parties involved in official or court proceedings. We may also disclose your personal data to our supervisory authority, particularly if necessary for exemption from our professional duty of confidentiality. If we cooperate with the media and provide them with material (e.g., photos), you may also be affected. Within corporate development, we may enter into partnerships with third parties, which may involve the disclosure of data (including yours, e.g., as a client, supplier, or representative) to the persons involved in these transactions. In the context of communication with competitors, industry organizations, associations, and other bodies, data exchange concerning you may also occur.
All these categories of recipients may, in turn, involve third parties, so your data may also become accessible to them. We may limit the processing by specific third parties (e.g., IT providers), but not for other third parties (e.g., authorities, banks, etc.).
We also enable certain third parties to collect personal data from you for their own purposes on our website or at our events (e.g., media photographers, providers of tools we have embedded on our website). To the extent we are not significantly involved in this data collection, these third parties are solely responsible for it. For questions and to exercise your privacy rights, please contact these third parties directly. We have outlined your rights in Section 7. Details on activities on our website can be found in Section 8.
6. Will Your Personal Data Be Transferred Abroad?
We primarily process and store personal data in Switzerland and the European Economic Area (EEA). However, depending on the circumstances, such as when using subcontractors of our service providers or when involved in proceedings before foreign courts or authorities, data may potentially be transferred to any country worldwide. In the context of our work for clients, your personal data may also be transferred to any country globally.
If a recipient is located in a country without adequate data protection, we require the recipient to contractually adhere to a sufficient level of data protection (using the revised standard contractual clauses of the European Commission, which can be accessed here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj, including the necessary additions for Switzerland) unless they are already subject to a legally recognized framework to ensure data protection.
We may also disclose personal data to a country without adequate data protection without entering into a separate contract if we can rely on an exception. Such an exception may apply, notably, in the case of foreign legal proceedings, but also in cases of overriding public interest, or if the execution of a contract in your interest requires such disclosure (e.g., if we disclose data to our correspondent law firms), if you have given consent, or if it is impossible to obtain your consent within a reasonable timeframe and disclosure is necessary to protect your life, physical integrity, or that of a third party, or if the data concerns publicly accessible information to which you have not objected to its processing. We may also rely on an exception for data from a legally mandated registry (e.g., the commercial register), to which we have legitimate access.
7. What Are Your Rights?
You have certain rights in connection with our processing of your data. In accordance with applicable law, you may specifically request access to your personal data, request the correction of incorrect personal data, request the deletion of personal data, object to data processing, or request the release of certain personal data in a standard electronic format or its transfer to another data controller.
If you wish to exercise your rights with respect to us, please contact us using the contact information in Section 2. To prevent misuse, we may need to verify your identity (e.g., by requesting a copy of your ID, if necessary).
Please note that these rights are subject to conditions, exceptions, or limitations (e.g., due to attorney-client privilege, contractual confidentiality obligations, trade secrets, or the protection of third parties). For data protection or confidentiality reasons, we reserve the right to redact copies or provide only excerpts.
8. How Do We Use Cookies and Similar Technologies on Our Website?
When you use our website (including newsletters, etc.), data may be generated that is stored in logs (particularly technical data). We may also use cookies and similar technologies (e.g., pixel tags or fingerprints) to recognize website visitors, analyze their behavior, and identify preferences. A cookie is a small file that is exchanged between the server and your system, allowing the recognition of a particular device or browser.
You can configure your browser to automatically reject, accept, or delete cookies. You can also disable or delete cookies individually. For information on managing cookies in your browser, refer to your browser’s help menu.
The technical data we collect and cookies generally do not contain personal data.
We use log files on our website. Personal data is transmitted in the form of log files by your internet browser and stored by our host. The data remains on the host’s systems until operational necessity ends and legal or contractual retention periods expire, after which it is automatically deleted.
We use the platform "NetMailer," operated by PAWECO GmbH, for sending our newsletters. PAWECO is a Swiss-based provider and is subject to Swiss data protection law. The email addresses of our newsletter recipients and other relevant data are stored on PAWECO’s servers in Switzerland and used solely for analyzing and sending our newsletters. We have a data processing agreement with PAWECO, in which PAWECO commits to protecting our users' data in accordance with data protection regulations and processing it on our behalf.
We trust PAWECO to handle our users' data securely and confidentially and not to use it for its own purposes or pass it on to third parties. If you do not wish to be analyzed through NetMailer, you can unsubscribe from the newsletter at any time. Each newsletter message provides you with an unsubscribe link.
NetMailer is also used to analyze our newsletter campaigns. This includes collecting technical information such as time of retrieval, IP address, browser type, and operating system. When you open an email sent via NetMailer, a file contained in the email (a "web beacon") connects to PAWECO’s servers. This allows us to determine whether a newsletter message has been opened and which links, if any, were clicked.
Data processing is based on your consent. You can withdraw this consent at any time by unsubscribing from the newsletter.
Some of the third-party providers we use may be located outside of Switzerland. Information on data transfers abroad can be found in Section 6. In terms of data protection, they are sometimes only data processors on our behalf and, in some cases, data controllers in their own right. For further information, please refer to their respective privacy policies.
9. How Do We Process Your Personal Data on Our Social Media Pages?
We operate pages and other online presences on social networks and other third-party platforms and process data about you in connection with this. We receive data from you (e.g., when you communicate with us or comment on our content) and from the platforms (e.g., statistics). Platform providers may analyze your usage and process this data together with other data they hold about you. They also process this data for their own purposes (e.g., for marketing, market research, and to manage their platforms) and act as independent controllers for these purposes. For more information about processing by platform providers, please refer to the privacy policies of the respective platforms.
We currently use the following platforms, and the identity and contact details of each platform provider are available in their privacy policy:
LinkedIn
www.linkedin.com
Privacy Policy: https://de.linkedin.com/legal/privacy-policy
Some platform operators may be located outside of Switzerland. Information on data transfers abroad can be found in Section 6.
10. What Else Should Be Considered?
We do not expect the EU General Data Protection Regulation ("GDPR") to apply in our case. However, if it does exceptionally apply to certain data processing activities, this Section 10 applies solely for the purposes of the GDPR and the data processing activities governed by it.
We rely on the following legal bases for processing your personal data under the GDPR:
Contract Performance: The processing is necessary for initiating and concluding contracts, and for their management and enforcement, as described in Section 3 (Article 6(1)(b) GDPR).
Legitimate Interests: The processing is necessary for the purposes of our legitimate interests or those of third parties as described in Section 3, including communication with you or third parties, operating our website, improving our electronic services, registering for certain offers and services, security purposes, complying with Swiss law and internal regulations, risk management, and corporate governance, and for additional purposes such as training and education, administration, evidence and quality assurance, organizing, conducting, and following up on events, and protecting other legitimate interests (see Section 3) (Article 6(1)(f) GDPR).
Legal Obligation or Public Interest: The processing is necessary for compliance with a legal obligation to which we are subject in the EEA or its member states (Article 6(1)(c) GDPR) or is necessary to protect your vital interests or those of other natural persons (Article 6(1)(d) GDPR).
Consent: You have provided separate consent for the processing (Article 6(1)(a) and Article 9(2)(a) GDPR).
We note that we generally process your data for as long as required by our processing purposes (see Section 3), legal retention periods, and our legitimate interests, particularly for documentation and evidence purposes, or when storage is technically necessary (e.g., for backups or document management systems). In the absence of legal or contractual obligations or technical reasons, we will delete or anonymize your data once the storage or processing period has expired, in accordance with our standard procedures and retention policy.
If you choose not to provide certain personal data, it may prevent us from providing the associated services or concluding a contract. We generally indicate where requested personal data is required.
The right to object to processing, as described in Section 7, applies particularly to data processing for direct marketing purposes.
If you disagree with our handling of your rights or data protection practices, please let us know (see contact details in Section 2). If you are in the EEA, you also have the right to lodge a complaint with your country’s data protection authority. A list of authorities in the EEA is available here: https://edpb.europa.eu/about-edpb/board/members_de.
11. Can This Privacy Policy Be Changed?
This Privacy Policy is not part of a contract with you. We may amend this Privacy Policy at any time. The version published on this website is the current version.
Last updated: October 31, 2024