Privacy Information Policy

CONTACT

gbf Rechtsanwälte AG (Controller)
Dr. iur. Nando Stauffer von May (Data Protection Officer)
Hegibachstrasse 47
8032 Zurich
Switzerland

Phone +41 43 500 48 50

REPRESENTATIVE IN THE EU

Sachverständigenbüro Mülot GmbH
Grüner Weg 80
48268 Greven
Germany

Controllers for the notarial services

If you obtain notarial services, the following notaries are data controllers within the meaning of data protection legislation:

Nando Stauffer von May

Public Notary

Von-Werdt-Passage 3
3011 Bern

Notary Marco Novoselac
Public Notary

Solothurnerstrasse 235
4600 Olten

Notary David Mösch

Public Notary

Von-Werdt-Passage 3
3011 Bern

DATA PROCESSING

Website

When you access our website, we collect the IP address of the device you are using, the date and time of access, the name and URL of the file accessed, the website from which the access is made (referrer URL) and the browser you are using. This data collection serves to ensure a seamless connection and the optimal use of our website as well as the evaluation of the system's security and stability. These purposes justify our legitimate interest in data processing and, where necessary, constitute its legal basis. This technical data is deleted 3 months after our website is accessed.

Our website only uses its own cookie (so-called first-party cookie), which is also temporary (so-called session cookie). This necessary data that is stored in your browser to enable navigation on our website. When you close your browser, the cookie is automatically deleted.

LinkedIn Plug-In

If you click on the LinkedIn plug-in on our website, you will be redirected to our LinkedIn company page. We only transmit data to the provider, LinkedIn Ireland Unlimited Company, if you are logged in with your profile on LinkedIn. By clicking on the plug-in, you give your consent to the transfer of the related data. We have no influence on the data processing by LinkedIn Ireland Unlimited Company.

Job applications

If you apply for a job with us, we process the data transmitted to evaluate your application and, as the case may be, to initiate a contractual relationship with you. If no employment contract is concluded, we generally delete your data after 3 months, unless you have consented to a longer retention period (e.g. for the purpose of contacting you at a later stage). If you enter into an employment relationship with us, we will inform you separately about the related data processing.

Suppliers and business partners

If you are a supplier or business partner, we collect your name, your company name, your address and the account details you provide for payments. We need this data to process or initiate a contractual relationship with you. We delete the data after 10 years from the end of the business relationship.

Mandates (activity as lawyers or notaries)

If you give us a mandate, we will collect your full name, your company and business address, your gender, your residential address and, as a rule, your date of birth, your citizenship and your passport number. In connection with invoicing, we will record and use the bank data you provide us with. We need this data to process a contractual relationship with you.

We collect the further information about you and the persons involved in the matter that is necessary for the processing of the mandate. This processing serves in particular to enforce or defend our clients' legal claims.

For the purposes of the handling of the client relationship, we pass on data to third parties who may be located in Switzerland or abroad. In particular, we transfer data to counterparties or other persons involved (in particular also to their lawyers), to state courts and arbitral tribunals, to official bodies (tax office, commercial register and land registry office, financial market supervisory authority, etc.), to trustees and specialists called in (e.g. experts and correspondent lawyers) as well as to banks and insurance companies. We have no influence concerning to where these parties forward the data received.

In the case of notarial activities, our notaries generally process the above data in application of legal obligations in accordance with cantonal notarial legislation.

If we transfer data to countries which do not have adequate data protection, this is done either in performance of a contract concluded in your interest (e.g. mandating a correspondent lawyer or expert) or in performance of the mandate or because it is necessary for the establishment, exercise or enforcement of legal claims (usually by our clients) before a court or another competent foreign authority. Conversely, data is also exchanged if a foreign person wish to enforce legal claims in Switzerland.

In principle, we delete mandate-related data after 10 years from the end of our activity in the matter in question. Public deeds (including annexes) and last wills are stored permanently and handed over to the cantonal state archives after the notary ceases his work. There may be exceptions to this retention period, either because it is in your interest to retain documents for longer (e.g. Advance Care Directives) or because it is in our legitimate interest to have documents available for longer (e.g. knowledge management), in which case we anonymise or pseudonymise these documents where reasonable and proportionate.

Payments and accounting

If payment transactions take place between us, the name/company name, address and account details are also processed by our bank and our accounting service, which is partially external. Our accounting records are also processed by our auditors. This data is kept for 10 years. The processing serves, on the one hand, to fulfil legal obligations (e.g. bookkeeping, payment of taxes) and, on the other hand, to process mandates and other business relationships (see above).

Contact, registration for events, etc.

When you contact us, whether by phone, letter, e-mail, social media or in person, we process the data you provide to us. We process the data in order to answer your request or to stay in contact with you. The legal basis may be the initiation of a contract, the fulfilment of a legal obligation (examination of possible conflicts of interest) or the execution of a contract.

We store the data in accordance with the above information. If there is neither a mandate nor a contractual relationship, we generally delete the data within one year, unless you have given your consent to longer storage time (e.g. handing over a business card, making a connection via social media or interest in our events).

IT services

The personal or secondary data communicated to us by e-mail or telephone/video conference are also processed by the corresponding providers. The electronically stored data is also processed by our computer server provider. Our external IT service provider may also have access to personal data. These data processing operations are generally carried out in Switzerland. It may happen that a service provider, in particular its employees, obtains knowledge of personal data outside Switzerland and also outside the EU/EEA. If, exceptionally, data is transferred to countries that do not have adequate data protection, this is performed under standard data protection clauses.

YOUR RIGHTS

You have the right to request information about the personal data about you we have processed. You have the right to object to data processing by us. If we process your personal data on the basis of your consent, you have the right to revoke this consent at any time with effect for the future. Furthermore, you may - to the extent permitted by law - request the correction, deletion or restriction of the processing of your personal data. Finally, you have the right to lodge a complaint to the competent data protection authority.

Version 2.0, applicable as of 1 September 2023