Privacy Policy
Status: January 17, 2024
1. What is this data protection declaration about?
ADVORO (Advoro AG, Dufourstrasse 150, 9000 St.Gallen and Advoro Zürich AG, Bellerivestrasse 21, 8008 Zürich, hereinafter "Advoro", or "we", "us") is a law firm domiciled in Switzerland (St.Gallen and Zurich). As part of our business activities, we collect and process personal data, in particular personal data about our clients, affiliated persons, counterparties, courts and authorities, correspondent firms, professional and other associations, visitors to our website, participants in events, recipients of newsletters and other bodies or their respective contact persons, applicants and current and former employees (hereinafter also "you"). In this data protection declaration we provide information about this data processing. In addition to this privacy policy, we may inform you separately about the processing of your data (e.g. in the case of forms or contractual terms).
If you provide us with data about other people (e.g. family members, representatives, counterparties or other related persons), we assume that you are authorized to do so and that this data is correct and that you have ensured that these people are informed of this disclosure, insofar as a legal obligation to provide information applies (e.g. by bringing this privacy policy to their attention in advance) and that these people have consented where legally required.
2. Who is responsible for processing your data?
The person responsible for the processing described in this privacy policy is:
Advoro AG
Dufourstrasse 150
9001 St.Gallen
info@advoro.ch
3. For what purposes do we process which of your data?
When you use our services, use https://www.advoro.ch (hereinafter "website"), or otherwise deal with us, we collect and process various categories of your personal data. In principle, we can collect and otherwise process this data for the following purposes in particular:
Communication: We process personal data so that we can communicate with you and with third parties, such as parties to proceedings, courts or authorities, by email, telephone, letter or otherwise (e.g. to answer inquiries, in the context of legal advice and representation as well as the initiation or processing of contracts). It is possible that we can send our clients, contractual partners and other interested parties information about events, changes in the law, news about our law firm or similar. This can be done, for example, in the form of newsletters and other regular contacts (electronically, by post, by telephone). You can refuse such communication at any time or refuse or revoke your consent to such communication. For this purpose, we process in particular the content of the communication, your contact details and the peripheral data of the communication, but also image and audio recordings of (video) telephone calls. In the case of an audio or video recording, we will inform you separately and you are free to inform us if you do not want a recording or if you want to end the communication. If we need or want to establish your identity, we will collect additional data (e.g. a copy of an ID card).
Initiation and conclusion of contracts: With regard to the conclusion of a contract, such as in particular a contract to establish a mandate relationship, with you or your client or employer, which also includes the clarification of any conflicts of interest, we can obtain and otherwise process your name, contact details, nationality, powers of attorney, declarations of consent, information about third parties (e.g. contact persons, family details and counterparties), contract contents, conclusion date, credit data, AHV number, tax information, as well as all other data that you provide to us or that we collect from public sources or from third parties (e.g. commercial registers, credit agencies, sanctions lists, media, legal expenses insurance or from the Internet). If you provide us with data that is particularly worthy of protection, you expressly consent to us processing it. Personal data that is particularly worthy of protection is data about religious, ideological, political or trade union views or activities; Data about health, privacy or racial or ethnic origin; genetic data; biometric data that uniquely identifies a natural person; data about administrative and criminal prosecutions or sanctions; and data about social assistance measures. We only process particularly sensitive personal data if this is absolutely necessary in order to be able to provide our consulting services or to conclude and process contracts with our customers and business partners. In particular, these are not used for advertising and marketing purposes or passed on to third parties unless absolutely necessary.
Administration and processing of contracts: We obtain and process personal data so that we can comply with our contractual obligations to our clients and other contractual partners (e.g. suppliers, service providers, correspondent offices, project partners) and in particular provide and demand the contractual services. This also includes data processing for the management of mandates (e.g. legal advice and representation of our clients before courts and authorities and correspondence) as well as data processing for the enforcement of contracts (debt collection, court proceedings, etc.), accounting and public communication (if permitted). For this purpose, we process in particular the data that we have received or collected in the context of initiating, concluding and processing the contract as well as data that we create as part of our contractual services or that we collect from public sources or from other third parties (e.g. courts, authorities, counterparties, information services, media, detective agencies or from the Internet). This data may include, in particular, minutes of discussions and consultations, notes, internal and external correspondence, contract documents, documents that we create and receive in the context of proceedings before courts and authorities (e.g. statements of claim, appeals and complaints, judgments and decisions), background information about you, counterparties or other persons as well as other mandate-related information, proof of performance, invoices and financial and payment information.
Operation of our website: In order to operate our website securely and stably, we collect technical data such as IP address, information about the operating system and settings of your device, the region, the time and type of use. We also use cookies and similar technologies. For more information, see section 8.
Improving our electronic offerings: In order to continuously improve our website and other electronic offerings, we collect data about your behavior and preferences, for example by analyzing how you navigate through our website and how you interact with our social media profiles.
Security purposes and access controls: We collect and process personal data in order to ensure and continuously improve the appropriate security of our IT and other infrastructure (e.g. buildings). This includes, for example, monitoring and controlling electronic access to our IT systems and physical access to our premises, analyzing and testing our IT infrastructures, system and error checks and creating backup copies.
Compliance with laws, instructions and recommendations from authorities and internal regulations ("Compliance"): We collect and process personal data to comply with applicable laws (e.g. to combat money laundering, tax obligations or our professional duties), self-regulations, certifications, industry standards, our "corporate governance" and for internal and external investigations in which we are a party (to the proceedings) (e.g. by a law enforcement or supervisory authority or a commissioned private body).
Risk management and corporate governance: We collect and process personal data as part of risk management (e.g. to protect against criminal activities) and corporate governance. This includes, among other things, our operational organization (e.g. resource planning) and corporate development (e.g. buying and selling parts of operations or companies).
Job application: If you apply for a job with us, we collect and process the relevant data for the purpose of reviewing the application, carrying out the application process and, in the case of successful applications, for preparing and concluding a corresponding contract. To do this, we process not only your contact details and the information from the relevant communication, but also the data contained in your application documents and the data that we can also obtain about you, e.g. from job-related social networks, the Internet, the media and from references, if you consent to us obtaining references. We can also request credit reports, debt collection register extracts and criminal records or obtain them ourselves if necessary.
Employees: If you are or were an employee of ours, we process the following information for the personnel file: signed/accepted contracts and regulations, sick days, insurance, date of hire/exit date, skills, work history, technical and interpersonal skills, absences, holidays, salary, performance and assessments/qualifications. This information is kept for as long as legally necessary. The personnel file is subject to regular triage and unnecessary information is deleted from it.
Other purposes: Other purposes include, for example, training and educational purposes as well as administrative purposes (e.g. accounting). We may listen in on or record telephone or video conferences for training, evidence and quality assurance purposes. In such cases, we will inform you separately (e.g. by displaying a message during the video conference in question) and you are free to tell us if you do not want a recording or to end the communication (if you simply do not want your image to be recorded, please turn off your camera). We may also process personal data for the organization, implementation and follow-up of events, such as in particular lists of participants and content of presentations and discussions, but also image and audio recordings made during these events. The protection of other legitimate interests is also one of the other purposes, which cannot be listed exhaustively.
4. Where does the data come from?
From you: Most of the data we process is provided to us by you (or your device) yourself (e.g. in connection with our services, the use of our website, or communication with us). You are not obliged to disclose your data, with exceptions in individual cases (e.g. legal obligations). However, if you want to conclude contracts with us or use our services, for example, you must disclose certain data to us. Using our website is also not possible without data processing.
From third parties: We can also obtain data from publicly accessible sources (e.g. debt collection registers, land registers, commercial registers, media or the Internet including social media) or receive it from (i) authorities, (ii) your employer or client who either has a business relationship with us or otherwise deals with us, and from (iii) other third parties (e.g. clients, counterparties, legal expenses insurance companies, credit agencies, address dealers, associations, contractual partners, Internet analysis services). This includes in particular the data that we process in the context of initiating, concluding and processing contracts as well as data from correspondence and meetings with third parties, but also all other categories of data in accordance with section 5. Who do we disclose your data to? In connection with the purposes listed in section 3, we transmit your personal data in particular to the categories of recipients below. If necessary, we will obtain your consent to do so or have our supervisory authority release us from our professional duty of confidentiality. Service providers: We work with service providers in Germany and abroad who process data that they have received from us or collected for us (i) on our behalf (e.g. IT providers), (ii) in joint responsibility with us or (iii) on their own responsibility. (These service providers include, for example, IT providers, banks, insurance companies, debt collection companies, credit agencies, address checkers, other law firms or consulting firms). We generally enter into contracts with these third parties regarding the use and protection of personal data.
Clients and other contractual partners: This refers first of all to our clients and other contractual partners to whom the transfer of your data is a result of the contract (e.g. because you work for a contractual partner or they provide services for you). This category of recipients also includes bodies with which we cooperate, such as other law firms in Germany and abroad or legal protection insurance companies. The recipients generally process the data under their own responsibility.
Authorities and courts: We can pass on personal data to offices, courts and other authorities in Germany and abroad if this is necessary to fulfill our contractual obligations and in particular to conduct a mandate, or if we are legally obliged or entitled to do so or if this appears necessary to protect our interests. These recipients process the data under their own responsibility.
Counterparties and persons involved: If this is necessary for the fulfilment of our contractual obligations, in particular for the management of the mandate, we will also pass on your personal data to counterparties and other persons involved (e.g. guarantors, financiers, affiliated companies, other law firms, informants or experts, etc.).
Other persons: This refers to other cases where the involvement of third parties arises from the purposes set out in section 3. This applies, for example, to delivery addressees or payment recipients specified by you, third parties in the context of representation relationships (e.g. your lawyer or your bank) or persons involved in official or court proceedings. We may also pass on your personal data to our supervisory authority, in particular if this is necessary in individual cases to release you from our professional duty of confidentiality. If we work with the media and send them material (e.g. photos), you may also be affected. As part of the company's development, we may sell or acquire businesses, parts of operations, assets or companies or enter into partnerships, which may also result in the disclosure of data (including from you, e.g. as a client or supplier or as their representative) to the persons involved in these transactions. As part of communication with our competitors, industry organizations, associations and other bodies, data concerning you may also be exchanged. All of these categories of recipients can in turn involve third parties, so that your data can also be accessed by them. We can restrict processing by certain third parties (e.g. IT providers), but not by other third parties (e.g. authorities, banks, etc.).
Particularly sensitive personal data will only be passed on if this is absolutely necessary in order to provide our consulting services or to conclude and process contracts with our customers and business partners, or if we are legally obliged to do so.
We also allow certain third parties to collect personal data from you on our website and on our own behalf (e.g. media photographers, providers of tools that we have integrated into our website, etc.). Unless we are significantly involved in this data collection, these third parties are solely responsible for it. If you have any concerns or want to assert your data protection rights, please contact these third parties directly. We have listed your rights in section 7. Information on the activities on our website can be found in section 8.
6. Does your personal data also go abroad?
We process and store personal data mainly in Switzerland and the European Economic Area (EEA), depending on the case - for example via subcontractors of our service providers or in proceedings before foreign courts or authorities - but potentially in any country in the world. Your personal data can also reach any country in the world as part of our work for clients.
If a recipient is located in a country without adequate data protection, we contractually oblige the recipient to comply with an adequate level of data protection (for this purpose we use the revised standard contractual clauses of the European Commission, which can be accessed here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?, including the additions necessary for Switzerland), unless they are already subject to a legally recognized set of rules to ensure data protection. We can also disclose personal data to a country without adequate data protection without concluding a separate contract for this if we can rely on an exception for this. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interests or if the execution of a contract that is in your interest requires such disclosure (e.g. if we disclose data to our correspondent offices), if you have consented, or if it is not possible to obtain your consent within a reasonable period of time and the disclosure is necessary to protect your life or physical integrity or that of a third party, or if the data is data that you have made publicly available and whose processing you have not objected to. We may also rely on the exception for data from a legally provided register (e.g. HR) into which we have legitimately been given access.
7. What rights do you have?
You have certain rights in connection with our data processing. In accordance with applicable law, you can in particular request information about the processing of your personal data, have incorrect personal data corrected, request the deletion of personal data, object to data processing, request the release of certain personal data in a common electronic format or its transfer to other responsible parties.
If you want to exercise your rights against us, please contact us; you will find our contact details in section 2. In order to rule out misuse, we must identify you (e.g. with a copy of your ID card, if necessary).
Please note that there are requirements, exceptions or restrictions for these rights (e.g. to protect third parties or business secrets or due to our professional duty of confidentiality). We reserve the right to black out copies for data protection reasons or reasons of confidentiality or to only provide extracts.
8. How are cookies, similar technologies and social media plug-ins used on our website and other digital services?
When you use our website, data is generated that is stored in logs (in particular technical data). We can also use cookies and similar technologies (e.g. pixel tags or fingerprints) to recognize website visitors, evaluate their behavior and recognize preferences. A cookie is a small file that is transmitted between the server and your system and enables the recognition of a specific device or browser.
You can set your browser to automatically reject, accept or delete cookies. You can also deactivate or delete cookies in individual cases. You can find out how to manage cookies in your browser in the help menu of your browser.
The technical data and cookies we collect do not usually contain any personal data. However, personal data that we or third parties commissioned by us store about you (e.g. if you have a user account with us or these providers) can be linked to the technical data or to the information stored in and obtained from cookies and thus possibly to you personally.
We also use social media plug-ins, which are small software modules that create a connection between your visit to our website and a third party. The social media plug-in tells the third party that you have visited our website and can transmit cookies to the third party that they have previously placed on your web browser. For more information about how these third parties use your personal data collected via their social media plug-ins, please see their respective privacy policies.
We also use our own tools and third party services (which may in turn use cookies) on our website, in particular to improve the functionality or content of our website (e.g. integration of videos or maps), create statistics and display advertising.
We can currently use offers from the following service providers and advertising partners in particular, whereby their contact details and further information on the individual data processing can be found in the respective data protection declaration:
Google Analytics
Provider: Google Ireland
Data protection information: https://support.google.com/analytics/answer/6004245
Information for Google accounts: https://policies.google.com/technologies/partner-sites?hl=de
Server log files
The provider of this website automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
Browser type and browser version
Operating system used
Referrer URL
Host name of the accessing computer
Time of the server request
This data cannot be assigned to specific people. This data is not merged with other data sources. We reserve the right to subsequently check this data if we become aware of concrete indications of illegal use.
Contact form
If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provided there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions. We will not pass this data on without your consent.
Google Maps
This website uses Google Maps. This enables us to show you interactive maps directly on the website and enables you to conveniently use the map function. When you visit the website, Google receives the information that you have accessed the corresponding subpage of our website. This happens regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not want to be assigned to your Google profile, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, but you must contact Google to exercise this right. Further information on the purpose and scope of data collection and processing by Google, as well as further information on your rights in this regard and setting options for protecting your privacy, can be found at: www.google.de/intl/de/policies/privacy.
Use of Google reCAPTCHA
We use "Google reCAPTCHA" (hereinafter "reCAPTCHA") on our websites. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter "Google". reCAPTCHA is intended to check whether the data entered on our websites (e.g. in a contact form) is carried out by a person or by an automated program. To do this, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, length of time the website visitor stays on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google. The reCAPTCHA analyses run completely in the background. Website visitors are not informed that an analysis is taking place.
The data processing is carried out on the basis of Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its web offerings from abusive automated spying and from SPAM. Further information on Google reCAPTCHA and Google's privacy policy can be found at the following links: https://www.google.com/intl/de/policies/privacy/ and https://policies.google.com/terms?hl=de.
Google Tag Manager
Google Tag Manager is a solution that allows us to manage so-called website tags via an interface and thus integrate Google Analytics and other Google marketing services into our online offering. The Tag Manager itself, which implements the tags, does not process any personal data of users. With regard to the processing of users' personal data, reference is made to the following information on Google services. Terms of use: https://www.google.com/intl/de/tagmanager/use-policy.html.
Use of Adobe Fonts
We use Adobe Fonts to visually design our website. Adobe Fonts is a service provided by Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA (Adobe), which gives us access to a font library. To integrate the fonts we use, your browser must establish a connection to an Adobe server in the USA and download the font required for our website. Adobe receives the information that our website was accessed from your IP address. For more information about Adobe Fonts, see Adobe's privacy policy, which you can access here: Adobe Fonts
Some of the third-party providers we use may be located outside Switzerland. Information on data disclosure abroad can be found under section 6. In terms of data protection law, some of them are "only" our contract processors and some are responsible bodies. The privacy policies contain further information on this.
9. How do we process personal data on our pages in social networks?
We operate pages and other online presences on social networks and other platforms operated by third parties and process data about you in this context. We receive data from you (e.g. when you communicate with us or comment on our content) and from the platforms (e.g. statistics). The providers of the platforms can analyze your use and process this data together with other data they have about you. They also process this data for their own purposes (e.g. marketing and market research purposes and to manage their platforms) and act as their own controllers for this purpose. For more information on processing by the platform operators, please refer to the privacy statements of the respective platforms.
We currently use the following platforms, whereby the identity and contact details of the platform operator can be found in the privacy policy:
Instagram
instagram.com
Privacy policy: https://privacycenter.instagram.com/policy
LinkedIn
linkedin.com
Privacy policy: https://de.linkedin.com/legal/privacy-policy
We are entitled, but not obliged, to review third-party content before or after it is published on our online presence, to delete content without notice and, if necessary, to report it to the provider of the platform in question.
Some of the platform operators may be located outside Switzerland. Information on the disclosure of data abroad can be found under section 6.
10. What else should be observed?
We do not assume that the EU General Data Protection Regulation («GDPR») is applicable in our case. However, if this is the case for certain data processing operations in exceptional cases, this Section 10 also applies exclusively for the purposes of the GDPR and the data processing operations subject to it.
We base the processing of your personal data in particular on the fact that
as described in Section 3, it is necessary for the initiation and conclusion of contracts and their administration and enforcement (Art. 6 Para. 1 lit. b GDPR;
it is necessary to protect the legitimate interests of us or third parties as described in Section 3, namely for communication with you or third parties, to operate our website, to improve our electronic offers and register for certain offers and services, for security purposes, to comply with Swiss law and internal regulations for our risk management and company management and for other purposes such as training and education, administration, evidence and quality assurance, organization, implementation and follow-up of events and to protect other legitimate interests (see Section 3) (Art. 6 Para. 1 lit. f GDPR);
it is required or permitted by law due to our order or our position under the law of the EEA or a member state (Art. 6 Para. 1 lit. c GDPR) or is necessary to protect your vital interests or those of other natural persons (Art. 6 Para. 1 lit. d GDPR);
you have separately consented to the processing, e.g. via a corresponding declaration on our website (Art. 6 Para. 1 lit. a and Art. 9 Para. 2 lit. a GDPR).
We would like to point out that we generally process your data for as long as our processing purposes (see Section 3), the statutory retention periods and our legitimate interests, in particular for documentation and evidence purposes, require it, or storage is technically necessary (e.g. in the case of backups or document management systems). Unless there are legal or contractual obligations or technical reasons to the contrary, we will generally delete or anonymize your data after the storage or processing period has expired as part of our usual procedures and in accordance with our retention policy.
If you do not provide certain personal data, this may mean that the provision of the related services or the conclusion of a contract is not possible. We generally indicate where personal data requested by us is mandatory.
The right to object to the processing of your data set out in Section 7 applies in particular to data processing for the purposes of direct marketing.
If you do not agree with the way we handle your rights or data protection, please let us know (see contact details in Section 2). If you are in the EEA, you also have the right to complain to your country's data protection supervisory authority. A list of authorities in the EEA can be found here: https://edpb.europa.eu/about-edpb/board/members_de.
11. Can this privacy policy be changed?
This privacy policy is not part of a contract with you. We can change this privacy policy at any time. The version published on this website is the current version.