Privacy notice

With this privacy notice we provide information about the personal data we process in connection with our activities and tasks including our frb-law.ch website. In particular, we provide information about what personal data we process, why we process it, how and where we process it. We also provide information about the rights of individuals whose data we process.

For specific or additional activities and tasks, other legal documents apply, including in particular the mandate agreement.

1. Contact Address

Controller and thus responsible for the processing of personal data:

FischerRampBuchmann AG
Fischer Ramp Buchmann AG
Brandschenkestrasse 6
PO Box, CH‑8001 Zurich

office@frb-law.ch

We will indicate if there are other parties responsible for processing personal data in individual cases.

2. Definitions and legal bases

2.1 Definitions

Personal data is any information relating to an identified or identifiable natural person. A data subject is an individual about whom we process personal data.

Processing includes any handling of personal data, regardless of the means and procedures used, such as querying, comparing, adapting, archiving, storing, reading, disclosing, procuring, recording, collecting, deleting, structuring, organizing, changing, disseminating, linking, destroying and using personal data.

2.2 Legal bases

We process personal data in accordance with Swiss data protection law, in particular the Federal Act on Data Protection (FADP), the Ordinance on Data Protection (DPO), and the EU General Data Protection Regulation (GDPR).

3. Type, scope and purpose

We process the personal data that is necessary to be able to carry out our activities and tasks as a Swiss business law firm. These include, in particular:

• Account and contact details (e.g. name, e‑mail address, telephone number, postal address, professional function)
• Contract and payment data
• Content, usage, meta and marginal data (e.g. communication with clients and third parties)
• Browser and device data, location data

As part of our legal advisory services, we receive personal data primarily from our clients or from third parties (e.g. authorities, courts, counterparties). This may also include sensitive personal data within the meaning of data protection law. Third parties who disclose to us data about other individuals are obliged to guarantee data protection for such data subjects. Among other things, this requires ensuring the accuracy of the personal data transferred.

We process contact details of contact persons from companies, authorities, associations and universities for the purpose of maintaining and expanding our professional network or in the context of our lecturing and publishing activities. This includes, in particular, invitations to events, professional exchanges and the sending of relevant information.

We also process personal data that we obtain from publicly available sources or collect in the course of our activities and tasks, provided that such processing is permitted for legal reasons.

Finally, we also process personal data for applicant management and the possible conclusion of an employment contract.

Where the GDPR applies, data processing is based on:

• Article 6(1)(b) GDPR (in view of the conclusion of a contract or contract performance)
• Article 6(1)(c) GDPR (legal obligation)
• Article 6(1)(f) GDPR (legitimate interests)

4. Use of the Website

When you visit our website, we collect technical usage data, e.g. date and time of visit, IP address, device ID, device type, language settings, operating system and browser used. We evaluate this data exclusively in anonymised and aggregated form for the purpose of optimising our website.

4.1 Cookies

We only use cookies that are technically necessary for the operation of the website.

Cookies are data stored in the browser. Such stored data is not limited to traditional cookies in text form. Cookies can be stored temporarily in the browser as “session cookies” or for a specific period of time as so‑called “permanent cookies”. Session cookies are automatically deleted when the browser is closed. Permanent cookies have a specific storage period. Cookies enable us, in particular, to recognise a browser when it next visits our website and thus, for example, to measure the reach of our website. “Permanent cookies” can also be used for online marketing, for example.

Cookies can be completely or partially deactivated and deleted at any time in the browser settings. Without cookies, our website may no longer be fully available. We actively request – at least where and to the extent necessary – express consent to the use of non‑essential cookies.

4.2 Logging

We can log at least the following information for each access to our website and our other online presence, provided that this information is transmitted to our digital infrastructure during such access: Date and time including time zone, IP address, access status (HTTP status code), operating system including user interface and version, browser including language and version, individual subpages of our website accessed including the amount of data transferred, last website accessed in the same browser window (referrer).

We record such information, which may also constitute personal data, in log files. This information is necessary in order to provide our online presence in a permanent, user‑friendly and reliable manner. The information is also necessary to ensure data security, including by third parties or with the help of third parties.

4.3 Tracking Pixels

We may integrate tracking pixels into our online presence. Tracking pixels are also known as web beacons. Tracking pixels – including those from third parties whose services we use – are usually small, invisible images or scripts written in JavaScript that are automatically retrieved when you access our online presence. Tracking pixels can be used to collect at least the same information as log files.

4.4 Maps

We use third‑party services to embed maps on our website. In particular, we use:

• Google Maps including Google Maps Platform: Map service; Provider: Google; Google Maps‑specific information: “How does Google use location information”.

5. Social Media

We are present on social media platforms and other online platforms in order to be able to communicate with interested people and to inform them about our activities and tasks. In connection with such platforms, personal data may also be processed outside Switzerland.

The general terms and conditions (GTC) and terms of use as well as privacy policies and other provisions of the individual operators of such platforms also apply. These provisions provide information, in particular, about the rights of data subjects in relation to the respective platform, including, for example, the right to access.

6. Disclosure to third parties

As a rule, we do not disclose personal data to third parties. However, we may have personal data processed by specialised service providers, in particular IT service providers, or process it jointly with such providers. We deploy appropriate contractual provisions to ensure that these service providers comply with data protection and, in particular, data security requirements. The service providers we use are obliged to comply with Swiss data protection law, the GDPR and professional secrecy in accordance with Art. 321 of the Swiss Criminal Code.

We use Microsoft cloud services (Microsoft 365) for certain functions and for secure data processing. Based on contractual agreements and technical precautions, the data is, as a rule, stored exclusively in data centres in Switzerland (including through activation of the EU Data Boundary programme and the “Advanced Data Residency” add‑on).

7. Personal data abroad

We generally process personal data in Switzerland. However, we may also disclose or export personal data to other countries in order to process it or have it processed there, particularly in cases involving international mandates.

We may transfer personal data to any country, provided that the local law guarantees adequate data protection in accordance with the decision of the Swiss Federal Council.

We may disclose personal data to countries whose laws do not guarantee adequate data protection, provided that adequate data protection is ensured by other means. We ensure data protection, for example, through appropriate contractual agreements based on standard data protection clauses or other suitable safeguards. In exceptional cases, we may export personal data to countries without adequate or appropriate data protection if the specific data protection requirements are met, for example, the express consent of the data subjects or a direct connection with the conclusion or execution of a contract. Upon request, we will gladly provide data subjects with information about or copies of any guarantees.

8. Data security

We take appropriate technical and organisational measures to ensure data security commensurate with the respective risk. With our measures, we ensure, in particular, the confidentiality, availability, traceability and integrity of the personal data processed, without however being able to guarantee absolute data security.

Access to our website and other online presence is secured by transport encryption (SSL / TLS, in particular with Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers indicate transport encryption with a small padlock in the address bar.

Our digital communication — as generally all digital communication — is subject to mass surveillance without cause or suspicion by security authorities in Switzerland, the rest of Europe, the United States of America (USA), and other countries. We have no direct influence over the processing of personal data by secret services, police departments, or other security authorities. Nor can we rule out the possibility that certain individuals may be specifically targeted for surveillance.

9. Duration of data processing

We process personal data for as long as is necessary for the respective purpose or purposes or as required by law. Personal data that is no longer required for processing is anonymised or deleted. Technical data that we collect when you visit our website is deleted after 12 months.

10. Rights of data subjects

10.1 Data protection claims

We respect all claims of data subjects in accordance with applicable data protection law. In particular, data subjects have the following rights:

• Access: Data subjects may request information as to whether we process personal data about them and, if so, what personal data is involved.
• Rectification and restriction: Data subjects may request rectification of inaccurate personal data, complete incomplete data and restrict the processing of their data.
• Erasure and objection: Data subjects may have personal data deleted (“right to be forgotten”) and object to the processing of their data with future effect, unless we can assert an overriding interest in the processing (e.g. statutory retention requirements).
• Data Portability: Data subjects may request the disclosure of personal data or the transfer of their data to another controller.

We may defer, restrict or deny the exercise of data subjects’ rights within the legally permissible scope. We may inform data subjects of any conditions that must be met to exercise their data protection rights. For example, we may refuse to provide information in whole or in part on the grounds of professional secrecy, trade secrets or the protection of other persons. We may also refuse to delete personal data in whole or in part based on statutory retention requirements.

In exceptional cases, we may charge a fee for exercising these rights. We will inform the data subjects in advance of any costs.

We are obliged to take appropriate measures to identify data subjects who request information or assert other rights. Data subjects are obliged to cooperate.

10.2 Legal protection

Data subjects have the right to enforce their data protection rights through legal action or to file a complaint with a competent data protection supervisory authority. The data protection supervisory authority for complaints lodged by data subjects against private controllers and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

11. Final provisions

We may amend this privacy notice at any time. We will inform you of such amendments in an appropriate manner, in particular by publishing the current privacy notice on our website.

You can find us here:

Fischer Ramp Buchmann AG
Brandschenkestrasse 6
CH‑8001 Zurich

Mailing address:

Fischer Ramp Buchmann AG
Brandschenkestrasse 6
PO Box, CH‑8027 Zurich