Privacy policy

Privacy Policy

With this data protection declaration, Scale Compliance, would like to inform you about how we process personal data within the scope of our business activities about your rights. We are aware of the importance of processing personal data for you as a data subject and the protection of your privacy is of the utmost importance to us.

To be compliant not only with Swiss protection Laws but also the EU General Data Protection Regulation (GDPR) is important to us. GDPR standards have been widely adapted in the revised Swiss data protection regulations enacted as of September 1, 2023. Therefore, we have aligned this data protection declaration accordingly.

Name and address of the controller

Responsible for the processing described in this Privacy Policy is data protection:

Scale Compliance GmbH, Gubelstrasse 11, 6300 Zug

Our data protection coordinator can also be reached via the following contact details:

info[@]scalecompliance.com

1.Description and scope of data processing

We primarily process personal data that we receive directly from our clients within the scope of our client relationships. It is also possible that we receive or collect data from business partners or other persons involved (see section 3.). Insofar as this is permitted and necessary, we also obtain data from publicly accessible sources (e.g. public registers, media, Internet) or receive such data from our clients and their employees, from authorities, (arbitration) courts and other third parties (e.g. counterparties, business partners and contractual partners of our clients).

If you disclose data to us about other persons (e.g., family members, agents, counterparties, or other associated persons), we will assume that you are authorized to do so, that such data is accurate, and that you have ensured that such persons are aware of such disclosure to the extent that a legal duty to inform applies (e.g., by bringing this Privacy Policy to their attention in advance).

2. For what purposes do we process which of your data?

When you use our services, use www.scalecompliance.com (hereinafter website ), or otherwise deal with us, we obtain and process various categories of your personal data. We may obtain and otherwise process this data in particular for the following purposes:

Communication: We process personal data so that we can communicate with you and with third parties, such as parties to proceedings, courts or authorities, by e-mail, telephone, letter or otherwise (e.g. to answer inquiries, in the context of legal advice and representation as well as the initiation or execution of contracts). This also includes that we may send our clients, contractual partners and other interested persons information about events, changes in the law, news about our law firm or similar. This may take the form of newsletters and other regular contacts (electronic, postal, telephone). You can refuse such communication at any time or refuse or revoke your consent to such communication. For this purpose, we process in particular the content of the communication, your contact data and the marginal data of the communication, but also image and audio recordings of (video) telephone calls. In the event of an audio or video recording, we will inform you separately and you are free to inform us if you do not wish a recording to be made or to terminate the communication. If we need or want to establish your identity, we will collect additional data (e.g. a copy of an identification document).

Initiation and conclusion of contracts: With regard to the conclusion of a contract, such as in particular a contract for the establishment of a business relationship (e.g. via contact form on our website see below section 5 (iv)), with you or your client or employer, which also includes the clarification of any conflicts of interest, we may in particular obtain your name, contact data, powers of attorney, declarations of consent, information about third parties (e.g. contact persons, family details and counterparties), contract contents, date of conclusion, creditworthiness data and all other data that you make available to us or that we collect from public sources or third parties (e.g. commercial register, credit agencies, sanctions lists, media, legal protection insurance or the Internet).

Website: In order to operate our website securely and stably, we collect technical data, such as IP address, information about the operating system and settings of your terminal device, the region, the time and the type of use. We also use cookies and similar technologies.

Improving our electronic offerings: In order to continuously improve our website and other electronic offers, we collect data about your behavior and preferences, for example by analyzing how you navigate through our website and how you interact with our social media profiles and [other electronic offers].

Registration: In order to use certain offers and services (e.g. newsletter), you must register (directly with us or via our external login service providers). For this purpose, we process the data disclosed during the respective registration. Furthermore, we may also collect personal data about you during the use of the offer or service; if necessary, we will provide you with further information about the processing of this data.

Compliance with laws, directives and recommendations of authorities and internal regulations ( Compliance ): We obtain and process personal data to comply with applicable laws (e.g., anti-money laundering, tax obligations or our professional duties), self-regulations, certifications, industry standards, our corporate governance, as well as for internal and external investigations to which we are a party (e.g., by a law enforcement or regulatory agency or an appointed private entity).

Risk management and corporate governance: We collect and process personal data in the context of risk management (e.g. to protect against fraudulent activities) and corporate governance. This includes, among other things, our operational organization (e.g. resource planning) and corporate development (e.g. acquisition and sale of business units or companies).

Job application: If you apply for a job with us, we obtain and process the relevant data for the purpose of checking the application, carrying out the application procedure and, in the case of successful applications, for the preparation and conclusion of a corresponding contract. In addition to your contact data and the information from the corresponding communication, we also process in particular the data contained in your application documents and the data that we can additionally obtain about you, for example from call- related data.

3. Where does the data come from?

From you: The majority of the data we process is provided by you (or your end device) (e.g. in connection with our services, the use of our website and apps, or communication with us). You are not obliged to disclose your data, with exceptions in individual cases (e.g. legal obligations). However, if you want to conclude contracts with us or use our services, for example, you must disclose certain data to us. The use of our website is also not possible without data processing.

From third parties: We may also obtain or receive data from publicly available sources (e.g. debt collection registers, land registers, commercial registers, media or the Internet including social media) from (i) public authorities, (ii) your employer or client who either has a business relationship or otherwise deals with us, and (iii) other third parties (e.g. clients, counterparties, legal protection insurers, credit agencies, address traders, associations, contractual partners, Internet analysis services). This includes, in particular, data that we process in the course of initiating, concluding and processing contracts, as well as data from correspondence and discussions with third parties, but also all other categories of data.

4. Who do we disclose your data to?

In connection with the purposes listed in section 2, we transfer your personal data in particular to the categories of recipients listed below. If necessary, we will obtain your consent for this or have our supervisory authority release us from our professional duty of confidentiality.

Associated firms: They may use your data for the same purposes as we do, as described in this data protection declaration (see section 3). As a rule, the recipients process the data under their own responsibility.

Service providers: We work with service providers in Switzerland who (i) process data on our behalf (e.g. IT providers), (ii) process data jointly with us or (iii) process data on their own responsibility which they have received from us or collected for us (these service providers include, for example, IT providers, banks, insurance companies, debt collection companies, credit reporting agencies, address checkers, other law firms or consulting companies). We generally agree on contracts with these third parties regarding the use and protection of personal data.

Clients and other contractual partners: This refers to clients and other contractual partners of ours for whom the transfer of your data arises from the contract (e.g. because you are working for a contractual partner or he is providing services for you). This category of recipients also includes entities with which we cooperate, such as other law firms also abroad or legal expenses insurers. The recipients basically process the data under their own responsibility.

Authorities and courts: We may disclose personal data to offices, courts and other authorities in Switzerland and abroad if this is necessary for the fulfillment of our contractual obligations and, in particular, to conduct our mandate, or if we are legally obligated or entitled to do so, or if this appears necessary to protect our interests. These recipients process the data under their own responsibility.

Counterparties and persons involved: If this is necessary for the fulfillment of our contractual obligations, in particular for the management of the mandate, we also disclose your personal data to counterparties and other involved persons (e.g. guarantors, financiers, affiliated companies, other law firms, information persons or experts, etc.).

Other persons: This refers to other cases where the inclusion of third parties results from the purposes according to section 2 (e.g. delivery addressees or payment recipients specified by you, third parties in the context of agency relationships) or persons involved in official or legal proceedings. We may also disclose your personal data to our supervisory authority, in particular if this is necessary in individual cases to release you from our professional duty of confidentiality. If we cooperate with the media and transmit material to them (e.g. photos), you may also be affected. In the course of business development, we may sell or acquire businesses, parts of businesses, assets or companies, or enter into partnerships, which may also result in the disclosure of data (including data about you, e.g. as a client or supplier or as their representative) to the persons involved in these transactions. In the course of communications with our competitors, industry organizations, associations and other bodies, we may also share information about you.

5. How do we process personal data on our pages on social networks?

We might operate sites and other online presences on social networks and other platforms operated by third parties and process data about you in this context. In doing so, we receive data from you (e.g., when you communicate with us or comment on our content) and from the platforms (e.g., statistics). The providers of the platforms may analyze your usage and process this data together with other data they have about you. They also process this data for their own purposes (e.g., marketing and market research purposes and to manage their platforms), and act as their own data controllers for this purpose. For more information on processing by platform operators, please refer to the privacy statements of the respective platforms.

We currently use the following platforms, with the identity and contact details of the platform operator available in the privacy policy in each case:

• LinkedIn

www.linkedin.com

6. Data transfer to third parties and transboarder data flows

We process and store personal data mainly in Switzerland and the European Economic Area (EEA), but potentially in any country in the world, depending on the case - for example, via subcontractors of our service providers or in proceedings before foreign courts or authorities. In the course of our activities for clients, your personal data may also end up in any country in the world. If a recipient is located in a country without adequate data protection, we contractually obligate the recipient to maintain an adequate level of data protection (for this purpose, we use the revised standard contractual clauses of the European Commission, which are available here: https://eur- lex.europa.eu/eli/dec_impl/2021/914/oj?, including the supplements necessary for Switzerland), unless the recipient is already subject to a legally recognized set of rules to ensure data protection. We may also disclose personal data to a country without adequate data protection without entering into a separate contract for this purpose if we can rely on an exemption provision for this purpose.

7. What rights do you have?

You have certain rights in connection with our data processing. In accordance with applicable law, you may, in particular, request information about the processing of your personal data, have incorrect personal data corrected, request the deletion of personal data, object to data processing, request the release of certain personal data in a standard electronic format or its transfer to other persons responsible.

If you wish to exercise your rights, please contact us; you will find our contact details in section I. In order to prevent misuse, we must identify you (e.g. with a copy of your ID card, if necessary). Please note that these rights are subject to conditions, exceptions or limitations (e.g. to protect third parties or business secrets or due to our professional duty of confidentiality). We reserve the right to black out copies for reasons of data protection or confidentiality or to supply only excerpts.

In addition, you have the right to assert your claims in court or to file a complaint with the responsible data protection authority. Switzerland’s competent data protection authority is the Federal Data Protection and Information Commissioner.

8. Duration of storage

The personal data collected by us will only be stored for as long as it is necessary for the execution of the contractual relationship (from the initiation to the termination of a contract) or the other purposes pursued with the processing and/or a legal obligation to store and document or a predominant private or public interest exists. As soon as the personal data collected by us are no longer required for the above-mentioned purposes, they will be deleted or anonymised as far as possible.

If the data is stored in log files, this is the case after seven days at the latest. A storage going beyond this is possible. In this case the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.

9. Use of our website

In general: When using our website (including newsletters and other digital services), data is generated that is stored in logs (in particular technical data).

Each time you access our website, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected:

  • Information about the browser type and the version used;
  • The user’s operating system;
  • The IP address of the user;
  • Date and time of access;
  • Websites from which the user’s system accesses our website;
  • Page viewed on the website.

The IP addresses are stored in the log files of our system. This does not apply to the other data which enable the assignment of the data to a user. These data are not stored together with other personal data of the user.

The data is stored in log files to ensure the functionality of the website. The data is also used to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. The collection of data for the provision of the website and the storage of data in log files is mandatory for the operation of the website. There is therefore no possibility of opposition.

(i) Other digital services

Registration: In order to use certain offers and services (e.g. [free WLAN], newsletter), you must register (directly with us or via our external login service providers). For this purpose, we process the data disclosed during the respective registration. Furthermore, we may also collect personal data about you during the use of the offer or service; if necessary, we will provide you with further information about the processing of this data.

Newsletter: You can subscribe to a free newsletter on our website. We send our existing and potential clients information on legal, regulatory and compliance issues at irregular intervals. We use external providers for the dispatch and administration of newsletters. When you register for the newsletter, your personal data, such as name and e-mail address, will be transmitted to the third-party provider. In addition, the third-party provider saves the date and time of registration for the newsletter in log files and can also collect further information that is not known to us. Your consent to the processing of the data will be obtained before or during registration and reference will be made to this data protection declaration. No data will be passed on to third parties in connection with data processing for the dispatch of newsletters. The data will be used exclusively for the dispatch of the newsletter. The collection of your e-mail address serves to deliver the newsletter. The collection of other personal data as part of the registration process serves to prevent misuse of the services or the e-mail address used. We process your personal data collected during registration for the newsletter based on your consent.

Contact form and e-mail contact: It is possible to contact us via the e-mail address provided. In this case the personal data transmitted by you by e-mail will be stored. The processing of the personal data from the input mask or from the e-mail you have sent to us serves us solely to process the establishment of contact. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems. This is also our legitimate interest in the processing of the data. If the purpose of establishing contact is to conclude a contract, data processing is also necessary for the purpose of implementing pre-contractual measures as well as for the fulfilment and execution of the contract. In order to ensure compliance with our contractual and legal obligations (in particular with regard to storage and documentation obligations), we require access to all user communications. Consequently, the personal data from the contact form or the personal data sent by e-mail will be deleted at the earliest after 10 years. The additional personal data collected during the sending process will be deleted at the latest after a period of seven days. The data is deleted as soon as it is no longer required for the purpose of its collection. The user’s e-mail address will therefore be stored as long as the newsletter subscription is active. The other personal data collected during the registration process will generally be deleted after a period of seven days. The subscription of the newsletter can be cancelled by the affected user at any time. For this purpose, there is a corresponding link in every newsletter. This also enables the withdrawal of the consent to the storage of personal data collected during the registration process.

10. Change of Privacy Policy

We reserve the right to change this Privacy Policy at any time without notice. We will notify you of any changes by posting the updated Privacy Policy on our website. If the Privacy Policy is part of an agreement with you, we will email you an updated Privacy Policy or otherwise provide you with appropriate information. Any changes we make will be effective from the date we post them on our website.