Data Protection Statement
The protection of your personal data is one of Dufour’s top priorities. The collection, use and storage of your personal data do not infringe against the confidentiality of attorney-client communications (Article 13 BGFA (Federal Law on the Freedom of Attorneys) and Article 321 StGB (Swiss Criminal Code)) and complies with the Swiss Data Protection Act and, where applicable, the EU General Data Protection Regulation.
This Data Protection Statement explains how we may collect and process your personal data and the rights to which this entitles you.
1. Name and contact details of the controller
DUFOUR Advokatur, Dufourstrasse 49, 4010 Basel, Switzerland, is the controller responsible for all personal data collected or received by us during the course of our business activities.
2. Collection and processing of personal data
We collect and process your personal data as follows:
2.1. Legal services
The provision of our legal services entails the collection and processing of personal data pertaining to clients, associated persons, counterparties, public authorities, courts, third parties and other persons, as well as their respective representatives and employees. The type of data we may collect in particular includes the names and address details (e.g. your address, email address and telephone number), nationality, relevant business activities, previous positions, as well as information of any kind taken from correspondence, contacts and interactions with us. We also process information of any kind that is disclosed to or collected by us when providing our services. In exceptional circumstances, this information may also include personal data of a particularly sensitive nature.
We procure personal data from yourself directly, from our clients, from other involved persons, as well as from their respective representatives and/or employees. We may also receive or procure and process personal information from third parties, such as your employer, other organisations you may be involved with, supervisory authorities, government offices, courts, other law firms or other consultants. We also process personal data obtained from sources that are accessible to the general public.
We process this data so that we can provide our services to our clients, manage our firm’s business affairs (e.g. to implement administrative and organisational processes), monitor and analyse our business activities and improve our products and services.
2.2. Events and legal updates
We will use your address details to send you New Year’s greetings, invitations to events, brochures, newsletters and similar materials from DUFOUR Advokatur.
2.3. Visiting our website
2.3.1. Log files
When you visit our website at www.dufour-advokatur.ch, the browser installed on your device will automatically send information to our website server. This information will be stored temporarily in what is known as a log file. The following information will be collected without any action being required from your end and stored until it is automatically deleted:
- the IP address of the requesting computer;
- the access date and time;
- the name and URL of the file accessed;
- the website from which our website was accessed (referrer URL), browser type and, where applicable, your computer’s operating system and the name of your internet service provider.
We will process this data for the following purposes:
- to ensure a seamless connection to our website;
- to ensure that our website is user-friendly;
- to analyse the security and redundancy of our system; and
- for other administrative purposes.
Our legitimate interest results from the aforementioned purposes of data collection. We will never use any of the data collected for the purpose of drawing personal conclusions about you.
- Our website uses web fonts provided by Google LLC to ensure that font types on our website are presented in a uniform manner. When you access a page, your browser ensures that texts and font types are displayed correctly by loading the required web fonts into its cache memory. To do this, your browser needs to establish a connection to the Google servers. This lets Google know that your IP address has accessed our website. Google web fonts are used to ensure that our online services are presented in a uniform and appealing manner. If your browser does not support web fonts, a standard font type installed on your computer will be used. You can find more information on Google web fonts at https://developers.google.com/fonts/faq and in Google’s Data Protection Statement at https://www.google.com/policies/privacy/.
You can adjust your browser’s settings to block cookies or to warn you about cookies being sent to your computer. You may not be able to use all functions offered on our website if you have cookies deactivated. If you continue to use the DUFOUR Advokatur website without adjusting your browser settings, you are implicitly consenting to having cookies installed on your computer.
2.3.3. Use of the contact form
Should you have any queries, you can contact us using the form provided on our website. When you use this contact form, we will collect your name, address and email address. Additional information can be provided on a voluntary basis.
The processing of data for the purpose of contacting us is based on your voluntarily granted declaration of consent.
Once your inquiry has been completed, the personal data collected in the contact form is periodically deleted.
2.3.4. Embedded third-party services and content
Third-party services and content, e.g. YouTube videos, RSS feeds or images from other websites, may be embedded in our online services. This always requires users’ IP addresses to be disclosed to the providers, because they would otherwise be unable to send content to the respective user’s browser. The IP address is therefore a necessary prerequisite for display this content on our website. We endeavour to only use content of providers that use the IP address exclusively for the purpose of delivering their respective content. However, we have no control over whether these providers store your IP address for other purposes e.g. statistical purposes. Where this becomes known to us, we will inform users of this.
2.4. Job applications
If you apply for a position or careers event at DUFOUR Advokatur, you will need to provide us with your personal information and, if necessary, particularly sensitive personal data. By applying for a position with our firm, you grant your express consent to the use of this information. We will use this information to assess your application. We may also use this information to validate other information you have provided to us (including validating your references, background, identity, bankruptcy proceedings and criminal records).
If you are a former employee or partner of DUFOUR Advokatur, we will collect personal information such as your name, contact details (e.g. address, email address and telephone number), information about your employment while at our firm and after leaving, as well as any other information you have disclosed to us.
We will use this information to stay in contact with you.
2.6. Other contacts
We also collect and process personal data when you provide services or products to us, when we evaluate your products or services, and in general when you request information from or provide information to us.
3. Legal basis for data processing
We will only process your personal data if and to the extent permitted under applicable law. We will process your personal data if:
- this is necessary in order for us to perform a contract with yourself or the organisation you work for;
- this is necessary in order for us to comply with legal obligations;
- you have (to the extent necessary) granted your consent to the processing of your data, or the organisation you work for has (to the extent necessary) been authorised by yourself to disclose your personal data to us; or
- we or a third-party, in particular one of our clients, has a legitimate interest in processing the data and your interests, fundamental rights and fundamental freedoms do not prevail over theirs. These legitimate interests in particular include the provision of legal services to our clients.
4. Disclosure of personal information
To the extent necessary or expedient for the provision of our services, we may make personal data we collect while providing our legal services available to third parties (e.g. consultants, related parties, courts, public authorities, counterparties and other persons) in Switzerland, EU or in other countries. We may also disclose personal data to third parties if:
- you have (to the extent necessary) granted your consent to the disclosure of your data, or the organisation you work for has (to the extent necessary) been authorised by yourself to disclose your personal data; or
- we are required to do so under statutory, regulatory or commercial obligations (e.g. in order to comply with money-laundering regulation or sanctions); or
- this is necessary in connection with legal proceedings or for the purpose of asserting or defending against claims; or
- disclosure is legally permissible and required for the performance of contractual relationships with yourself.
We also work with third parties that render services to us and may disclose your personal data to these third parties, e.g. banks, insurance companies or IT providers, who may have access to your personal data when providing software support.
5. Data security
All visits to our website are protected with 256-bit encryption. You can check whether a particular page on our website is transmitting encrypted data by looking for the closed padlock or key symbol in your browser’s status bar.
We would expressly point out that data transmitted via email is not usually encrypted. Email is not therefore a suitable means of communicating confidential information.
We also implement appropriate technical and organisational security precautions to safely store your data in electronic or physical form and to protect the data against accidental or intentional manipulation, partial or full loss, destruction or unauthorised third-party access. We continuously improve our security precautions to reflect state-of-the-art technology.
Our partners, employees and external service providers that have access to confidential information (including personal data) are bound by confidentiality obligations.
6. Storage period
We will store your personal data for as long as that data is required for the purposes it is being processed for. We will also store your personal data to ensure our compliance with statutory and regulatory obligations, for as long as claims may be asserted against us or to the extent required in order to safeguard our legitimate interests, in particular the security of our own data.
7. Your rights
You are entitled to certain rights with respect to the personal data collected by us and may exercise these rights under certain circumstances. These rights are:
- the right to receive information regarding your personal data and certain aspects of its processing; and
- the right to request the correction of your personal data; and
- the right to request the deletion of your personal data; and
- the right to request that the processing of your personal data be restricted; and
- the right to object to the processing of your personal data.
If you have granted your consent to the collection, processing or transfer of your personal data for a specific purpose, you may revoke your consent to this particular processing of data at any time. Upon receiving your revocation of consent, we will discontinue processing of your personal data for these particular purposes, unless we have a legitimate interest in continuing to process your data.
We may decline a request for information insofar as we are permitted or required to do so under data protection law or another applicable statutory provision, in particular the law on the confidentiality of attorney-client communications. Where legally obliged to do so, we will inform you of the reasons for our decision.
If you would like to exercise your rights, please contact us in writing by sending an email to firstname.lastname@example.org or by post to:
In most cases, exercising your rights will not incur any charges. We may however charge any fees permitted under applicable data protection law and will inform you accordingly as required by the relevant statutory provisions.
If you believe that we have failed to handle your data protection inquiry or request to your satisfaction, you may contact the competent supervisory authority. In Switzerland, the competent supervisory authority is the Federal Data Protection and Information Commissioner.
The continuing development of our website and services offered on it, as well as changes in statutory requirements or the requirements of public authorities, may require us to amend this Data Protection Statement. You can review and print a copy of the latest version of our Data Protection Statement on our website (https://dufour-advokatur.ch/datenschutzerklaerung/).
- October 2019