Who are we?
What information do we collect and process?
To provide our services and conduct our business activities, we collect and process personal data about existing and prospective clients, related persons, counterparties, authorities, courts, third parties and other persons as well as their representatives, beneficial owners and (former) employees. Moreover, we collect and process personal data when you offer us services or products, when we examine your products or services and in general, whenever you ask us for or supply us with information. Finally, we collect and process personal data about applicants and alumni of Bär & Karrer Ltd..
The type of personal data that we collect includes, for example, names and contact data (such as postal address, e-mail address and telephone number), nationality, business sectors of interest, employment history and all kinds of information from correspondence, contacts and interactions with us. We also process all kinds of information disclosed to or collected by us in relation to our services. Such information may exceptionally include sensitive personal data. Whenever necessary, we will seek your consent before processing sensitive personal data.
We collect the following personal data from applicants: their personal details, contact data, application documents (e.g. letter of motivation, CV, certificates of employment, diplomas, letters of reference, etc.) as well as excerpts from criminal records and debt collection registers.
We collect and store the names of our alumni, along with their contact data (such as their postal address, e-mail address and telephone number), information about their employment at our firm and thereafter, and other information that we receive from them.
Finally our website server temporarily saves information about your use of our website. Such information includes, among other things, the IP address, date and time of access, the name and URL of the file opened, the website from which the access is made, the browser used (including the version), the operating system (including the version) of the computer used and the name of the user’s access provider.
Why and on what basis do we collect and process personal data?
To provide our services and manage our firm
We collect and process personal data in order to perform our services (e.g. contract formation, execution and administration), to carry out our mandates and to manage our firm’s business (e.g. to carry out administrative and organisational processes, risk management).
If we need information in order to accept or carry out a mandate and you do not provide us with it, we will not be able to act on your behalf.
To support and further develop our business relationship with you
In addition, we use personal data to support and develop our business relationship with you, to identify services that might interest you, to conduct our business development activities, to send you publications and messages, to invite you to our events and to follow up on them, to monitor and analyse our business and to improve our services and products for you, and to comply with our statutory customer identification obligations.
The "Manage subscriptions” option at the end of our e-mails lets you make any desired changes concerning the newsletters and other communications you receive from our marketing department. If you wish to stop receiving e-mails about our services, legal developments and events, click on the "Unsubscribe" option at the end of the e-mail or contact us via Client Service. If you are not one of our clients, we will not send you newsletters and other communications unless you have subscribed and thus consented to them.
To meet our statutory or regulatory obligations
We obtain and process personal data to comply with applicable laws (e.g., to combat money laundering and to meet our tax or professional obligations), self-regulation, certifications, and for internal as well as external investigations (e.g. by a law enforcement or regulatory agency or a commissioned private entity) to which we are a party (to the proceedings). This includes the processing of personal data for data security purposes.
To analyse the use of our website
We collect and process personal data about you in order to ensure the smooth functioning and system security of our website and to improve the website and analyse your use of the website.
To handle applications
Whenever you apply for a position or to attend a career event at Bär & Karrer Ltd. you are required to make certain personal data known to us. By submitting your application, you make it possible for us to use and examine that information (among other things, to check references, background, identity, excerpts from debt enforcement register and criminal records) so that we can invite you to an application interview and determine whether you are suitable for the position. We work with a third-party service provider in Germany to store and manage such information.
If we need information in order to hire you and you fail to provide us with it on request, we will be unable to continue processing your application.
To contact alumni
If you are a former employee or partner of Bär & Karrer Ltd., we collect your personal data in order to keep in touch with you.
Where does your personal data come from?
We get your personal data directly from you, our clients, other persons involved and their respective representatives and employees. Moreover, we collect personal data from third parties such as employers, other organisations with which you are contact, regulatory authorities, government agencies, courts, other law firms or other professional advisors. We also get personal data from publicly accessible sources (such as commercial registers, debt collection and land registries, credit reference agencies and contract partners).
How do we protect personal data?
We take appropriate security precautions to store your personal data securely in electronic and physical form and to protect it against unauthorised access, misuse, disclosure, unauthorised changes or deletion, as well as against loss.
Our Information Security Management System (ISMS) is ISO 27001-certified.
Access to our premises is controlled and, where necessary, video-monitored, and our electronic data collections are protected by logins and passwords.
Our partners, employees and third-party service providers having access to confidential information (including personal data) are bound by duties of confidentiality and, to the extent required, have entered into the necessary data processing agreements.
Why and how do we share data?
- you or the organisation for which you work have consented to such disclosure (where necessary);
- we are required to do so for statutory, regulatory or commercial reasons (e.g. to comply with anti-money laundering or sanction regulations);
- it is necessary to do so in connection with the takeover or dissolution of Bär & Karrer Ltd. or other similar events as well as in case of an insolvency or similar event;
- it is necessary in connection with legal proceedings or to assert or defend against claims.
In addition, we work with various service providers and may share your personal data with them, e.g. with banks, insurance companies or IT providers that may have access to your personal data in the context of IT support, cloud providers, marketing and media agencies.
Will your personal data be transferred abroad?
We generally process your personal data in Switzerland. Our cloud servers are located in Switzerland, too. Certain of our service providers send personal data to EU Member States (particularly the Netherlands or Ireland) or the USA or gain access to personal data in those countries for support purposes. EU Member States offer an adequate level of data protection. To ensure continued protection of your personal data when transmitted to the USA, we enter into EU standard contract clauses with the recipients (including the Swiss Annex).
We may exceptionally also send personal data to other countries, if you instruct us to do so or if it is necessary in order to determine, exercise or enforce your claims or ours. If such third parties are based outside Switzerland, the United Kingdom or the EU, we will only share your information on a basis that provides adequate data protection.
How long do we store your personal data?
We will store your personal data as long as necessary for the purposes for which it is processed. We also store your personal data to comply with our various statutory and regulatory obligations of documentation and record-keeping (e.g. clients’ personal data is stored for ten years after the end of our mandate), as long as claims can be asserted against us or as long as required by our legitimate interests, particularly the security of our data.
Personal data of applicants to whom we cannot offer a job will be deleted six months after cancellation at the latest. With the consent of applicants, we may store the collected personal data for a longer period in order to offer the applicant any other positions at our firm.
What are your rights?
You may be entitled to the following rights:
- You can request information about your personal data and certain aspects of the processing;
- You can request rectification of your personal data;
- You can request erasure of your personal data;
- You can request limitation of the processing of your personal data;
- You can object to the processing of your personal data;
- You can request that your personal data be released or transferred to you or to another data controller in a machine-readable format.
If you have consented to the collection, processing or disclosure of your personal data for a certain purpose, you can revoke your consent at any time. Upon receiving notice of the revocation of your consent, we will cease processing your personal data, unless there is another legitimate interest in doing so.
Please note that the granting of such rights may sometimes be refused or restricted for legal reasons or based on the applicable data protection law. We will inform you of the grounds for our decision to the extent permitted or required by law.
In general, you will not have to pay a fee to exercise any of your rights. However, we may charge a fee for access to your personal data if applicable data protection law allows us to do so, in which case we will inform you.
If you wish to exercise your rights, please contact us by sending an e-mail to Data Protection or by mailing a letter to:
Bär & Karrer Ltd
If you believe that we have not handled your question or concern to your satisfaction or that we do not process your data in accordance with the applicable data protection law, you may address the competent supervisory authority, which in Switzerland is the Federal Data Protection and Information Commission (FDPIC).