Bär & Karrer is committed to protecting the privacy and security of the personal information that is provided to us or collected by us during the course of our business. We process personal information in accordance with the Swiss Data Protection Act and to the extent applicable the EU General Data Protection Regulation.
Who are we?
Why and on which basis do we collect and process data?
We may use this information to provide legal services to you, to run our firm's business (e.g. carry out administrative or operational processes), monitor and analyse our business or to improve our services and products for you. We may use your personal information to maintain and develop our business relationship with you, identify services you may be interested in, to pursue certain business development initiatives, send you publications and marketing communications, invite you to events and to comply with our legal obligations to identify and verify the identity of our clients.
We process your personal information to the aforementioned purposes, if:
- it is necessary for the performance of a contract with you or the organisation you work for;
- it is necessary in connection with a legal obligation;
- you have given your consent (where necessary) to such use or the organisation you work for has obtained your consent (where necessary) to share your personal information with us; or
- if we or a third party, in particular, one of our clients, have a legitimate interest which is not overridden by your interests or your rights and freedoms. Such legitimate interests include the provision of legal services to our clients.
What data do we collect and process?
We collect and process personal information about clients, related persons, counterparties, authorities, courts, third parties and other persons as well as their respective representatives and employees. Further, we collect and process information about you if you offer or provide products or services to us, if we evaluate your products or services, and generally when you request information from us or provide information to us. The type of personal information that we may collect includes name and contact details (such as your address, email address and telephone number), nationality, business interests, employment history and positions held as well as information of all kind from correspondence, contacts and interactions with us. We will also process information of all kind that is revealed to us in the course of our services or collected by us. This information may include special categories of sensitive data. If the processing of special categories of sensitive data requires your consent, we obtain your consent before the fact. Finally, the server of our website temporarily saves information concerning your accesses. The saved data contains, among others, the IP-address, the date and time of the access, the name and the URL of the accessed documents, the website from which our website was accessed from, the browser (including version) used, the operating system (including version) of the computer used as well as the name of your access provider.
How do we collect data?
We obtain personal information directly from you, from our clients or other parties to a matter and their respective representatives and employees. We may receive or collect personal information from third parties such as your employer, other organisations that you have dealings with, regulators, government agencies, courts, other law firms and other professional advisors. We may also collect personal information from publicly available sources. If you or the organisation for which you are acting are a client and you fail to provide information that we require when requested, we may not be able to provide our services.
How do we protect data?
We have put in place appropriate security measures to hold your personal information securely in electronic and physical form to protect it from unauthorised access, improper use or disclosure, unauthorised modification or unlawful destruction or accidental loss. Our Information Security Management System (ISMS) is certified to ISO 27001. Our premises are access controlled and surveyed by video recording where required and our electronic databases require logins and password authentication. Our partners, staff and third party service providers who have access to confidential information (including personal information) are subject to confidentiality obligations.
How do we manage your personal data?
Managing your personal marketing communications
You can control the information you receive through our marketing communications by using the "Manage Subscriptions" option at the bottom of our emails. If you no longer wish to receive emails relating to our services, legal developments or events, you can unsubscribe at any time by using the "Unsubscribe" option at the bottom of the email or by contacting Client Service.
If you apply for a job or a recruiting event at Bär & Karrer, you may need to provide personal information including special categories of personal information. With your application you expressly consent to our use of this information. We will use this information to consider your application. We may also use this information to carry out checks to verify the information you provided (including references, background, identity, suitability, excerpts from the debt enforcements register and criminal record checks). We use a third party service provider based in Germany to store this information. Where we need to collect information required for your employment and you fail to provide that information when requested, we may not be able to further consider your application.
If you are a former employee or partner of Bär & Karrer, we will collect personal information such as your name, contact details (such as your address, email address and telephone number), information about your employment with us and thereafter as well as any other information we may have received from you. This information is used to keep in touch with you.
What are cookies?
Cookies are small text files that are placed in browser directories on your computer or mobile device when you visit our website. Our website uses session cookies and persistent cookies. Session cookies enable you to move from page to page within the website and any information you enter to be remembered. A session cookie is deleted when you close your browser or after a short time. Persistent cookies allow the website to remember your preferences and settings when you visit the website in the future. Persistent cookies expire after a set period of time.
When you access our career site, a session cookie will be placed on your computer. The cookie assists in the online application process and will be deleted when you close your browser.
We use a plugin for the social network LinkedIn which you can recognise by the logo which is placed on our website. If you interact with this social network, the relevant information will be forwarded and your visit recognised by LinkedIn.
Managing your personal cookie settings
You can change your browser settings to block cookies or to alert you when cookies are being sent to your device. Please note that if you decide to disable cookies, you may not be able to access certain functions of our website or marketing communications.
Why and how do we share data?
- you have consented to us doing so (where necessary) or the organisation that you work for has obtained your consent for us to do so (where necessary);
- we are under a legal, regulatory or professional obligation to do so (for example, to comply with anti-money laundering or sanctions requirements); or
- it is necessary in connection with legal proceedings or in order to exercise or defend legal rights.
We use third parties who provide services on our behalf and may share your information with them, for example banks, insurance companies or a IT and software suppliers who may have access to your personal information when providing software support.
If third parties are located outside of Switzerland or the EU, we only share your personal information on a basis that ensures adequate data protection.
How long do we keep data?
We will retain your personal information for as long as is necessary for the purpose for which it was collected. We will further retain your personal information to comply with legal and regulatory obligations, for as long as claims could be brought against us and for as long as legitimate interests, including data security, require.
You have the right to:
- request access to your personal information and certain information in relation to its processing;
- request rectification of your personal information;
- request the erasure of your personal information;
- request that we restrict the processing of your personal information; and
- object to the processing of your personal information.
If you have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so.
Please note that the we may refuse or limit to grant these rights for legal reasons or based on data protection legislation. We may refuse to provide access if the relevant data protection legislation or other legislation, in particular the attorney client privilege, allows or obliges us to do so, in which case we will provide reasons for our decision as required by the law.
If you would like to exercise these rights, please contact us in writing by emailing Data Protection or by letter to:
Bär & Karrer Ltd
In general, you will not have to pay a fee to exercise any of your individual rights. However, we may charge a fee if the relevant data protection legislation allows us to do so, in which case we will inform you as required by the law.
If you feel we have not handled your query or concern to your satisfaction or if you are of the opinion that we are not processing your personal information in accordance with applicable data protection legislation, you can contact the competent data protection authority, in Switzerland the Federal Data Protection and Information Commissioner.