Data Protection
1. What is this privacy policy about?
Andreas Mathys runs the law firm MyLegal based in Zurich (hereinafter MyLegal, “we”, “us”). As part of our business activities, we obtain and process personal data, in particular personal data about our clients, associated persons, counterparties, courts and authorities, law firms, visitors to our website, recipients of newsletters and other bodies or their respective contact persons and employees (hereinafter also “you”).
In this privacy notice we inform you about the processing of these personal data.
2. Who is the controller for processing your data?
Responsible for the data processing described in this privacy notice is:
Andreas Mathys
Talacker 41
8001 Zurich
T +41 (0) 44 500 16 12
office@mylegal.ch
3. For what purposes do we process which of your data?
When you use our services or otherwise deal with us or are involved in a case that we are handling for a client of ours, we obtain and process various categories of your personal data.
In particular, we may obtain and otherwise process such data for the following purposes: Communication with you and third parties (e.g. parties to proceedings, courts, authorities) by e-mail, telephone, letter or otherwise), initiation and conclusion of contracts (e.g. mandate agreements), administration and execution of contracts (e.g. legal advice and representation of our clients before courts and authorities and correspondence), operation of our website, administrative purposes (e.g. accounting) and to comply with laws, instructions and recommendations from authorities.
4. Where does the data come from?
You provide us with much of the data we process yourself (e.g. as part of a client relationship or otherwise in connection with our services or communication with us). You are not obliged to disclose your data, with exceptions in individual cases (e.g. legal obligations). However, if you make use of our services, you must disclose certain data to us.
We may also obtain data from publicly accessible sources (e.g. debt collection registers, land registers, commercial registers, media or the Internet) or receive such data from third parties (e.g. clients, counterparties, contractual partners). This includes in particular the data we process in the context of a client relationship or otherwise in the initiation, conclusion or execution of contracts, as well as data from correspondence and discussions with third parties, but also all other categories of data in accordance with section 3.
5. With whom do we share your data?
In connection with the purposes listed under section 3, we disclose your personal data in particular to the following categories of recipients:
(i) Service providers (e.g. IT providers) who process data on our behalf, (ii) clients and other contractual partners, (iii) authorities and courts, if this is necessary for the fulfillment of our obligations, if we are entitled or obliged to do so or if this appears necessary to protect our interests or those of our clients or third parties, (iv) counterparties and persons involved, if this is necessary for the fulfillment of our obligations or appears reasonable to us and (v) other persons whose involvement results from the purposes according to section 3.
6. How are technologies used on our website?
When you use our website, data is generated that is stored in logs (technical data such as IP address). This data cannot be directly assigned to specific persons. This data is not merged with other data sources. Our website does not use cookies.
Our website uses the Google Maps map service via an API. The provider is Google Inc, USA. To use the functions of Google Maps, it is necessary to save your IP address. This information is usually transmitted to a Google server in the USA and stored there. We have no influence on this data transfer.
7. What are your rights?
You have certain rights in connection with our data processing.
In particular, you can request information about the processing of your personal data, have incorrect personal data corrected, request the deletion of personal data, object to data processing, request the disclosure of certain personal data in a commonly used electronic format or its transfer to other controllers or revoke your consent with effect for the future, insofar as our processing is based on your consent.
If you wish to exercise your rights against us, please contact us. Our contact details can be found in section 2. In order for us to rule out misuse, we must identify you (e.g. with a copy of your ID, if necessary).
8. What else needs to be considered?
We do not assume that the EU General Data Protection Regulation (“GDPR”) is applicable in our case. However, should this be the case in exceptional cases for certain data processing, this Section 8 shall also apply exclusively for the purposes of the GDPR and the data processing subject to it.
We base the processing of your personal data in particular on the fact that:
- it is necessary as described in section 3 for the initiation and conclusion of contracts and their administration and enforcement (art. 6 para. 1 lit. b GDPR);
- it is necessary for the purposes of the legitimate interests pursued by us or by third parties, as described in Section 3, namely for communication with you or third parties in order to operate our website, administration and other legitimate interests art. 6 para. 1 lit. f GDPR);
- it is required or permitted by law on the basis of our mandate or our position under the law of the EEA or a member state (art. 6 para. 1 lit. c GDPR) or is necessary to protect your vital interests or those of other natural persons (art. 6 para. 1 lit. d GDPR);
- You have consented to the processing separately, e.g. via a corresponding declaration on our website (art. 6 para. 1 lit. a and art. 9 para. 2 lit. a GDPR).
Please note that we will process your data for as long as required for our processing purposes (see section 3), the statutory retention periods and our legitimate interests, in particular for documentation and evidence purposes, or if storage is technically necessary. If there are no legal or contractual obligations or technical reasons to the contrary, we generally delete or anonymize your data after the storage or processing period has expired as part of our normal processes.
If you do not provide certain personal data, this may mean that it is not possible to provide the associated services or conclude a contract. As a matter of principle, we indicate where personal data requested by us is mandatory.
If you do not agree with our handling of your rights or data protection, please let us know (see contact details in section 2).
If you are in the EEA, you also have the right to complain to the data protection supervisory authority in your country. You can find a list of authorities in the EEA here: https://edpb.europa.eu/about-edpb/about-edpb/members_en.