Privacy Statement
This Privacy Statement is issued in light of the Swiss Data Protection Act (DPA).
The purpose of this Privacy Statement is to describe how we collect, process and protect personal data relating to: (i) prospects (ii) clients (iii) individuals and/or entities which personal data are provided to us by the client or which comes to our knowledge in connection with the services we provide (“Related Persons”).
Related Persons can be : (i) any director, officer, authorized signatory or employee of a company (ii) a trustee, settlor or protector of a trust (iii) any beneficial owner of the client’s assets (iv) a controlling person (v) a representative or agent of the client (vi) family members of the client (vii) any other individual or entity having a relationship with the client that is relevant to our relationship with our client.
This Privacy Statement also informs the client and Related Persons of their rights.
1. Data controller
The data controller is:
Borel & Barbey
PO Box 6045
1211 Geneva 6, Switzerland
dataprotection@borel-barbey.ch
2. Data processed
We process personal data (i.e. data that directly or indirectly identifies natural persons) that you or third parties provide to us as part of the contractual relationship with us and the related services (the « Assignment ») or when you contact us. The same applies to data that we collect ourselves.
When you contact us in writing or verbally (e.g. by letter, e-mail or telephone) or in the performance of the Assignment, certain personal data is therefore provided to us by you (or other persons concerned). This may include the name, contact details or information on the role of the person concerned within the company or organisation for which you (or the respective contact persons) work, or on whose behalf you (or they) contact us. Depending on the Assignment or the contractual relationship between us, additional personal data may be collected and processed. This may include identity documents, information on income, assets, excerpts of criminal records and debt enforcement, family situation, bank details or state of health.
When carrying out the Assignment, we also process personal data that we collect from our correspondence with clients or third parties (in particular adverse parties, authorities, courts, their respective employees or other contact persons) as well as from public sources (such as public registers or websites).
Any data from Related Persons or other third parties that you provide to us constitutes processing of personal data for which you act as an independent data controller, assuming all the obligations and responsibilities provided for. In this context, it is your responsibility in particular to ensure that any person concerned by the personal data you provide us with has been duly informed of the processing of their personal data by us and, if required, has consented to such processing.
3. Purpose of processing and recipients
With regard to the purposes for which we process personal data, these are primarily to enable us to perform the Assignment or any other relationship between us, in particular to provide the services you have requested (such as legal services), to document them and to invoice them. We also process personal data to comply with applicable laws and regulations, as well as to be able to communicate with you or another contact person.
To achieve these processing purposes, personal data is or may be transmitted to the following categories of recipients: service providers for the management of the IT system and communications networks, electronic document management service providers, cloud providers, trust company, legal service providers, adverse parties and their legal representatives, as well as the relevant authorities, courts and administrations. Depending on the nature of the services relating to the Assignment and / or on your instructions, it may also be necessary to transmit data to recipients (in particular clients or authorities) who in turn process personal data in other countries, even if these countries do not guarantee a level of protection comparable to Swiss law. In the latter case, we will only do so on the basis of consent or standard contractual clauses. The same applies if the transfer of data is essential for the performance of the Assignment or to assert legal claims.
Finally, we may process the contact data of the customer, their employees or other persons for marketing purposes (using any means of communication such as e-mail, social media, post or telephone) in order to provide information about publications, events, new services or products that may be of interest to them.
The aforementioned purposes are based on consent and / or a legitimate interest in the processing of personal data. Some processing is also necessary for us to fulfil our contractual obligations to you, as well as the legal and regulatory obligations to which we are subject.
4. Duration of treatment
Personal data is processed for as long as is necessary to fulfil the purposes of the processing, subject to a longer retention period necessary to comply with legal retention periods, to safeguard legitimate interests, such as use for documentation and evidence purposes, for as long as there is an overriding private or public interest, or for as long as claims can be asserted against us or backup is technically necessary.
If there is no legal or contractual obligation to do so, the data will be deleted or anonymised at the end of the retention period as part of our usual procedures.
5. Place of storage and data security
We take appropriate and proportionate measures to protect personal data against loss, unauthorised modification or unlawful access by third parties. We would like to draw your attention to the fact that we use external IT service providers or cloud providers with servers in Switzerland to carry out the Assignment given and the services requested. In such cases, we use certain IT services or means of communication that may involve data security risks (e.g. e-mail and video conferencing). If you would like us to take special security measures, please let us know.
6. Rights of the person concerned
Data subjects have in particular the right to obtain information on the personal data stored about them, to find out what it is used for, to rectify it, to delete it, to restrict its processing, to object to it being processed and to have recourse to a supervisory authority. These same people also have the right to the transmission or portability of their data. Please note, however, that these rights are subject to conditions and exceptions. To the extent permitted or required by law, certain requests may be refused. For example, we may or may have to retain personal data or continue to process it in another way for legal reasons, despite a request to delete or restrict data processing.
*************************************
This declaration constitutes information on the nature, scope and purpose of the data processed by Borel & Barbey. The latter reserves the right to unilaterally modify the content of this declaration at any time and without prior notice. Please contact the data controller if you have any questions about this declaration or about the protection of data processed by Borel & Barbey.