Privacy Notice

1. General information

With this Privacy Notice, we, Schiller Rechtsanwälte AG, outline how we collect and process personal data when you visit our website, when you use our services or are otherwise in contact with us as part of a contract or when we otherwise obtain personal data.

«Personal data» are all details and information relating to an identified or identifiable person. This includes contact details such as name, telephone number, address or e-mail address as well as other details.

We take the protection of your data seriously. This privacy notice is based on both the Swiss Data Protection Act («DPA») and the General Data Protection Regulation of the European Union («GDPR»).

We reserve the right to amend this privacy notice at any time. The version published on this website is the version which is currently in place.

2. Controller and contact details

The controller responsible for data processing on this website is

Schiller Rechtsanwälte AG
Kasinostrasse 2
Postfach 1507
CH-8401 Winterthur

If you have any questions about our handling of personal data or other data protection concerns, you can contact us at the above address, by e-mail (office@schillerlegal.ch) or by telephone (052 269 16 16).

3. Processed personal data and purpose of data processing

Your personal data is collected when you use the website, when you request or use our services, at events or in direct communication with us by e-mail, telephone or other means. We only process personal data that is required to carry out and process our tasks and services, in particular those arising from the client relationship, in an effective, user-friendly, permanent, secure and reliable manner.

We process the following categories of personal data in particular:

  • Client data and data for mandate management (e.g., first and last name and contact details of contact persons, position, associated company, any cross-connections and further background information from publicly accessible sources [e.g., commercial register], content of inquiry and mandate, counterparties and their representatives);
  • Data relating to mandates (e.g., communication with clients, courts, opposing attorneys and third parties, documents relating to mandate, other information arriving from the mandate);
  • General communication data (e.g., via contact form, e-mail, telephone call, letter, video conference or other means of communication);
  • Marketing data (e.g., receipt of newsletters and documents, invitations and participation in training courses and events, Linkedin);
  • Billing data (e.g., services rendered and billed, invoice data, invoices, payments, bank details);
  • Data relating to other contractual relationships (e.g., name, address, telephone number, e-mail address, details of previous business transactions, any authorized signatories, details of inquiries, offers and contracts);
  • Contract data (e.g., data in connection with the conclusion or execution of a contract);
  • Technical data (e.g., server log files, Google Analytics);
  • Financial data (e.g., accounting data);
  • Application data (e.g., contact details, education, professional experience, references);
  • Personnel data (e.g., CV, certificates, employment contracts, wages, incapacity to work, records of working time, appraisals of employees);
  • Other data (e.g., shareholder data and data on the exercise of shareholder rights).

We always process your personal data for a specific purpose:

We mainly process personal data in order to provide, document, invoice and improve our services, in particular within the scope of the client relationship. This includes processing to fulfill legal requirements (e.g., to check for any conflicts of interest) and to enforce, or defend against, legal claims.

We also process the personal data of our clients, other contractual partners and third parties in order to communicate with them, respond to inquiries and send information about our company and invitations to events and presentations, including for marketing purposes and to maintain relationships. If you no longer wish to receive newsletters and invitations from us, you can unsubscribe at any time by sending a message to the contact point defined in section 2 above.

Furthermore, the data processing is carried out to ensure our operations, in particular the IT, website and other platforms.

We further process personal data to comply with laws, instructions and recommendations from authorities and internal regulations.

If we process data of you as a job applicant, this is done for the purpose of reviewing and concluding an employment contract and complying with applicable laws and regulations. We process personal data of employees that is required for the establishment, execution and termination of the employment relationship.

We may process personal data for other purposes that are necessary to protect our legitimate interests.

4. Use of cookies and other tracking and analysis technologies

a) Server log files

The provider of this website automatically collects and stores information in so called server log files, which your browser automatically transmits to us. These are

  • Browser type and browser version;
  • operating system used;
  • Referrer URL;
  • Host name of the accessing computer;
  • the time of the server request; and
  • IP address.

This data is not merged with other personal data.

b) Cookies

We use cookies to improve the design of the website and make it more user-friendly, as well as to tailor offers to the needs of users in the best possible way. These are small files that your browser automatically creates and that are stored on your end device (laptop, tablet, smartphone, etc.) when you visit our website. The cookies remain stored until you delete them. This allows us to recognize your browser the next time you visit.

You can program your browser so that it blocks or deceives certain cookies or alternative technologies or deletes existing cookies. If you block cookies, certain functions (e.g., language selection) may no longer work.

c) Google Analytics

We analyze the use of our website with the web analysis tool Google Analytics. This is used exclusively to optimize the website in terms of user-friendliness and to provide useful information about our services. Google Analytics uses so called "cookies", i.e. text files that are stored on your computer and enable your use of the website to be analyzed. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for us and providing other services relating to website activities and internet use.

Google Ireland (based in Ireland) is the provider of the «Google Analytics» service. Google Ireland relies on Google LLC (based in the USA). We have configured the service so that the IP addresses of visitors to Google in Europe are truncated before being forwarded to the USA and therefore cannot be traced. We have deactivated the settings «Data transfer» and «Signals».

5. Legal basis of the processing

The legal basis for the processing of personal data by us is mainly Article 31 Section 2 sub-section a DPA and Article 6 Section 1 sub-section b GDPR (processing in direct connection with the conclusion or performance of a contract) as well as Article 31 Section 1 DPA and Art. 6 Section 1 sub-section a, c and f GDPR (consent of the data subject or justification by law and legitimate interests).

6. Retention of data

We save your personal data for as long as is necessary for the purposes stated in this privacy notice, in particular to fulfill our contractual and legal obligations. If necessary, we will also save your personal data for other purposes if and as long as the law permits storage for these purposes, in particular for the defense of legal claims.

There is a cloud solution for e-mails. It is ensured that all requirements of Swiss attorney and data protection law are met.

7. Data transfer and data transmission abroad

We work with a limited number of trustworthy external service partners (e.g., IT service providers) who have been carefully selected by us. We do not pass on any personal data to third parties without the consent of the data subject, unless this is done in connection with the processing of the mandate or is necessary for the purposes described in this data protection declaration. We only disclose data to service partners to the extent that this is necessary for them to provide their services. If service partners could gain access to client data in the course of their work, they will be obliged to maintain confidentiality beforehand.

The named recipients of personal data may be located in Switzerland, but also in Europe and, in exceptional cases, in another country in the world.

If a recipient is located in a country without adequate data protection, we oblige the recipient to comply with adequate data protection by concluding recognized standard contractual clauses, unless it is already subject to a legally recognized set of rules to ensure data protection, or we rely on a legal exception (e.g., your consent, conclusion/execution of a contract, etc.).

8. Data security

This website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content. You can recognize an encrypted connection by the fact that the address line of the browser changes from «http://» to «https://» and by the lock symbol in your browser line. If you have activated SSL or TLS encryption, the data you transmit to us cannot be read by third parties.

In addition, we apply further appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties.

However, we would like to point out that data transmission over the Internet (e.g., when communicating by e-mail) may be subject to security vulnerabilities. Complete protection of data against access by third parties is not possible.

9. Your rights

You have the right to information, correction and deletion of the data concerning you to the extent provided for by law. You can also request the restriction of data processing and object to our data processing. Finally, you can request the disclosure of certain personal data for the purpose of transferring it to another body (so-called data portability).

Every data subject also has the right to enforce his or her claims in court or to lodge a complaint with the competent data protection authority (Federal Data Protection and Information Commissioner).

August 30, 2023 (translation of German version)