1. Responsible body and Data Protection Officer
Responsible body:
CMS von Erlach Partners Ltd., Räffelstrasse 26, P.O. Box, 8022 Zurich, Switzerland and Esplanade de Pont-Rouge 9, 1211 Geneva 26, Switzerland represented by the General Managing Partner, tel. +41 44 285 11 11 and +41 22 311 00 10.
Data Protection Officer:
CMS von Erlach Partners Ltd., Data Protection Officer, Räffelstrasse 26, P.O. Box, 8022 Zurich, Switzerland, tel. +41 44 285 11 11.
The Data Protection Officer can also be contacted via contact@cms-vep.com.
2. Collection of personal data as well as type and purpose and use thereof
If we are mandated by a natural person, we collect the following information from that person:
- salutation, first name, last name
- valid e-mail address
- address
- telephone number
- where appropriate place of birth, nationality, date of birth
- information necessary for counsel and representation within the framework of the mandate.
If we are mandated by a company or another association of persons (hereinafter the "Company"), we collect the following information from the natural person representing the Company in the process:
- salutation, first name, last name
- valid e-mail address
- address
- where appropriate place of birth, nationality, date of birth
- where appropriate, the function of the representative in the Company
- information necessary for counsel and representation within the framework of the mandate.
The data is collected:
- in order to identify the individual concerned as a client or an executive or representative of a Company
- in order to provide our clients with adequate legal advice and representation (services)
- in order to communicate with our clients
- for invoicing
- in oder to carry out conflict of interest checks
- in order to fulfill our obligations under the Anti-Money Laundering Act
- in order to handle any possible further mutual claims arising from the client relationship
- to provide our clients with information on events or important legal developments.
Data Location: Client data remains stored on our servers located here in Switzerland. However, we may share client data, including personal data, with: (i) other member firms of CMS, CMS Legal Services EEIG/EWIV and partner firms of the CMS Organisation in connection with the services and for the centralised administration and processing of such client data; and (ii) with professional advisers, credit reference agencies, insurers, brokers, external auditors, and our banks and external service providers, representatives and agents where required. Such parties are subject to obligations to keep client data confidential.
In some instances, when sharing personal data with other other member firms of CMS, CMS Legal Services EEIG/EWIV or partner firms of the CMS Organisation for the purposes of centralised client administration, we may act as a joint controller of this personal data with such other other member firms of CMS, CMS Legal Services EEIG/EWIV or partner firms of the CMS Organisation. Insofar as we are acting as a joint controller of personal data we shall be the main point of contact for data subjects whose personal data is gathered by us.
The processing of data is necessary in order to protect our legitimate interest in performing the mandate, in maintaining and developing the client relationship, and for the mutual fulfillment of obligations arising from the client relationship. Our lawful bases for sharing personal data as a joint controller are both the pursuit of our legitimate interests as a business to centralise client administration and share learnings within our wider organisation, and our compliance with relevant legal obligations (e.g. the obligation to minimize the risk of conflicts of interest).
3. Storage period of personal data
The personal data collected by us will be stored until the end of the statutory retention obligation for attorneys' files (normally 10 years from the termination of the mandate) and deleted respectively destroyed thereafter, unless we are entitled and obliged to store such data for a longer period of time on the basis of statutory retention and documentation obligations, in particular those relating to taxation and obligatory law, for purposes of a conflicts of interest check or for the preservation of evidence within the framework of the statutory limitation provisions.
We are not obliged to suppress, make unreadable or erase personal data retained as a result of an automated electronic back-up or archival system used by us in the ordinary course of business.
4. Transmission of data to third parties
Personal data will not be transmitted to third parties for purposes other than those listed in sec. 2 above.
Transmission of personal data for the performance of services may include in particular the transmission to other parties involved in the mandate, adverse parties to the proceedings and their representatives (in particular their attorneys) as well as courts and other public authorities for the purpose of communication as well as providing advice to and/or representation of the client.
Personal data may also be transmitted to other member firms of CMS and CMS Legal Services EEIG/EWIV as well as to third parties who process data for us to identify potential conflicts of interest and for the purpose of general client management including information on events or important legal developments, or centralized administration and processing of client data.
The data transmitted may only be used for the stated purposes by the respective third party. The attorney's duty of confidentiali-ty remains unaffected.
5. Transmission to third countries
If we send personal data to recipients in countries in which it cannot be assumed that the level of data protection is compara-ble to that in Switzerland and we are not authorized or obliged to transmit the data on the basis of a particular statutory provi-sion, we will take appropriate measures to ensure that the required level of data protection is guaranteed in the respective third country or by the recipient in the third country.
6. Rights of data subjects
To the extent provided by law (FADP or GDPR), a data subject has the right to obtain information about the collection and use of personal data that we have stored about him/her, the right to correct incorrect and incomplete data, the right to delete such data, the right to limit its processing, the right to object as well as the right to data portability.
If consent to the processing of personal data has been given to us, this can be revoked at any time, e.g. by contacting the Data Protection Officer specified in sec. 1. It should be noted that the revocation will only take effect for the future. Processing that took place before the revocation is therefore not affected by a revocation.
In addition, data subjects may lodge a complaint with the Federal Data Protection and Information Commissioner and/or a competent EU supervisory authority.
Zurich / Geneva, 8 September 2023
CMS von Erlach Partners Ltd.
Social Media cookies collect information about you sharing information from our website via social media tools, or analytics to understand your browsing between social media tools or our Social Media campaigns and our own websites. We do this to optimise the mix of channels to provide you with our content. Details concerning the tools in use are in our privacy policy.