Skip to main content

Data protection

Data Protection Policy Anwaltskanzlei Köppel GmbH

Version of March 13, 2025

In this Data Protection Policy (hereinafter also referred to as "Privacy Policy"), we, Anwaltskanzlei Köppel GmbH (hereinafter referred to as "Köppel Law Firm GmbH", "we" or "us"), explain how we collect and process personal data. This is not an exhaustive description, and specific matters may be governed by other privacy policies or engagement agreements. Personal data refers to any information relating to an identified or identifiable individual.

If you provide us with data about other individuals (e.g., family members, representatives, opposing parties, or other associated persons), we assume that you are authorized to do so and that the data is accurate. Furthermore, we assume that you have ensured these individuals have been informed about this disclosure, insofar as a legal obligation to inform them applies (e.g., by providing them with this Privacy Policy in advance).

This Privacy Policy is designed to meet the requirements of the Swiss Data Protection Act ("DSG").

Responsibility for Data Processing
The entity responsible for data processing as described in this Privacy Policy is:

 

Anwaltskanzlei Köppel GmbH
Bürglistrasse 33a
8400 Winterthur, Schweiz
This email address is being protected from spambots. You need JavaScript enabled to view it.

 

If you have any data protection concerns, you can contact us at the above-mentioned address.

Collection and Processing of Personal Data
We primarily process personal data that we receive from our clients and other business partners, as well as other involved parties, in the course of our business relationship, or that we collect from users when operating our websites and other applications.

To the extent permitted, we also obtain certain data from publicly accessible sources (e.g., debt collection registers, land registers, commercial registers, press, internet), or receive this data from authorities and other third parties (such as credit agencies). In addition to the data you provide us directly, the categories of personal data we receive from third parties about you include, in particular, information from public registers, information we learn in connection with administrative and judicial procedures, information related to your professional functions and activities (so that, for example, we can conduct business with your employer), information about you in correspondence and meetings with third parties, credit reports (if we are conducting business with you personally), information about you provided to us by individuals in your environment (family, advisors, legal representatives, etc.) in order to enter into or execute contracts with you or involving you (e.g., references, your address for deliveries, powers of attorney, information regarding compliance with legal requirements such as anti-money laundering and export restrictions), information from banks, insurance companies, sales partners, and other contracting parties about the use or provision of services by you (e.g., payments made), information from media and the internet about you (if applicable in the specific case, e.g., in connection with an application, press reviews, marketing/sales, etc.), your addresses and, if applicable, interests and other sociodemographic data (for marketing purposes), data related to the use of the website (in particular the website https://koeppel-law.ch, hereinafter "Website," e.g., IP address, MAC address of the smartphone or computer, details about your device and settings, cookies, date and time of visit, pages and content viewed, features used, referring website, location data).

Purposes of Data Processing and Legal Grounds
If you use our services, visit https://koeppel-law.com (hereinafter "Website"), or otherwise engage with us, we collect and process various categories of your personal data. In principle, we may collect and otherwise process this data for the following purposes:

  • Communication: We process personal data so that we can communicate with you and with third parties, such as parties to legal proceedings, courts, or authorities, via email, phone, mail, or other means (e.g., to respond to inquiries, in the context of legal advice and representation, and contract negotiation or execution). This also includes the ability to provide our clients, business partners, and other interested parties with information about events, legal changes, news about our law firm, or similar. This may be done, for example, in the form of newsletters and other regular contacts (electronically, by mail, or by phone). You may decline such communication at any time or refuse or withdraw consent for such communication. For this purpose, we primarily process the content of the communication, your contact data, and the metadata of the communication, as well as image and audio recordings of (video) calls. In the case of audio or video recordings, we will inform you separately, and you are free to let us know if you do not wish to be recorded or wish to terminate the communication. If we need to establish or verify your identity, we collect additional data (e.g., a copy of an identification document).
  • Initiation and Conclusion of Contracts: In connection with the conclusion of a contract, such as a contract to establish a mandate relationship with you or your client or employer, which also includes clarifying any potential conflicts of interest, we may collect and otherwise process, in particular, your name, contact details, powers of attorney, consent declarations, information about third parties (e.g., contacts, family details, and opposing parties), contract contents, conclusion date, credit data, as well as any other data that you provide to us or that we collect from public sources or third parties (e.g., commercial register, debt collection office, credit agencies, sanction lists, media, legal protection insurances, or the internet).
  • Management and Execution of Contracts: We collect and process personal data in order to fulfill our contractual obligations to our clients and other business partners (e.g., suppliers, service providers, correspondence law firms, project partners) and, in particular, to deliver and demand contractual services. This also includes data processing for mandate management (e.g., legal advice and representation of our clients before courts and authorities, and correspondence) as well as data processing for the enforcement of contracts (debt collection, court proceedings, etc.), bookkeeping, and public communication (if permitted). For this purpose, we process the data that we have received or collected during the initiation, conclusion, and execution of the contract, as well as data that we create as part of our contractual services or that we collect from public sources or other third parties (e.g., courts, authorities, opposing parties, credit agencies, media, private investigators, or the internet). This data may include, in particular, conversation and consultation records, notes, internal and external correspondence, contract documents, documents created and received in the course of proceedings before courts and authorities (e.g., complaints, appeal and objection letters, judgments, and decisions), background information about you, opposing parties, or other persons, as well as further mandate-related information, proof of services, invoices, and financial and payment information.
  • Operation of our Website: In order to operate our website securely and reliably, we collect technical data, such as IP address, information about the operating system and settings of your device, the region, the time, and the type of usage. We also use cookies and similar technologies. For more information, see the following section.
  • Improvement of our Electronic Offerings: To continuously improve our website and other electronic offerings, we may collect data about your behavior and preferences by analyzing how you navigate through our website and how you interact with our social media profiles.
  • Security Purposes and Access Control: We may collect and process personal data to ensure and continually improve the security of our IT and other infrastructure (e.g., buildings). This includes, for example, monitoring and controlling electronic access to our IT systems as well as physical access to our premises, analyses and tests of our IT infrastructure, system and error checks, and creating backups. For documentation and security purposes (both preventive and for incident investigation), we may keep access logs or visitor lists regarding our premises and use surveillance systems (e.g., security cameras). We will notify you of surveillance systems at the relevant locations through appropriate signs.
  • Compliance with Laws, Instructions, and Recommendations from Authorities and Internal Regulations: We collect and process personal data to comply with applicable laws (e.g., anti-money laundering laws, tax obligations, or our professional duties), self-regulations, certifications, industry standards, our "corporate governance," as well as for internal and external investigations in which we are a (legal) party (e.g., by a law enforcement or supervisory authority or a commissioned private entity).
  • Risk Management and Corporate Governance: We collect and process personal data as part of risk management (e.g., to protect against fraudulent activities) and corporate governance. This includes, among other things, our business organization (e.g., resource planning) and corporate development (e.g., acquisition and sale of business units or companies).
  • Job Application: If you apply for a position with us, we collect and process the relevant data for the purpose of evaluating the application, conducting the application process, and, in the case of successful applications, preparing and concluding the corresponding contract. In addition to your contact details and information from the corresponding communication, we particularly process the data included in your application documents and any data we may additionally collect about you, e.g., from professional social networks, the internet, media, and references, if you consent to us obtaining references.

As far as you have given us consent to process your personal data for specific purposes (for example, when you sign up to receive newsletters or undergo a background check), we process your personal data within the scope of and based on this consent, as long as we do not have another legal basis and one is required. Consent given can be revoked at any time, but this will not affect data processing that has already occurred.

Cookies / Tracking and Other Technologies in Connection with the Use of Our Website
When using our website (including newsletters and other digital offerings), data is generated that is stored in logs (especially technical data). Additionally, we may use cookies and similar technologies (e.g., pixel tags or fingerprints) to recognize website visitors, analyze their behavior, and identify preferences. A cookie is a small file transmitted between the server and your system, allowing the recognition of a specific device or browser.

You can set your browser to automatically reject, accept, or delete cookies. You can also disable or delete cookies on a case-by-case basis. How you manage cookies in your browser can be found in your browser's help menu.

Both the technical data we collect and cookies typically do not contain personal data. However, personal data that we or third-party providers we engage store about you (e.g., if you have a user account with us or these providers) may be linked with the technical data or with the information stored in cookies, potentially associating it with your identity.

We also use social media plug-ins, which are small software components that establish a connection between your visit to our website and a third-party provider. The social media plug-in informs the third party that you have visited our website and may transmit cookies that the third party has previously placed in your web browser. Further information about how these third-party providers use personal data collected via their social media plug-ins can be found in their respective privacy policies.

Additionally, we use our own tools and services from third-party providers (which may also use cookies) on our website, primarily to enhance the functionality or content of our website (e.g., integration of videos or maps), generate statistics, and display advertisements.

Currently, we may use offerings from the following service providers and advertising partners, with their contact details and further information on their respective data processing available in their privacy policies:

  • Google Analytics
    Provider: Google Irland
    Data Protection Policy: https://support.google.com/analytics/answer/6004245
    Information for Google-Accounts: https://policies.google.com/technologies/partner-sites?hl=de

Some of the third-party providers we use may be located outside of Switzerland. Information regarding the transfer of data abroad can be found further down in this Privacy Policy. From a data protection perspective, they are sometimes "only" processors on our behalf and sometimes responsible entities. Further details on this can be found in the respective privacy policies.

Data processing on our social media platforms
We operate pages and other online presences on social networks and other platforms operated by third parties, and process data about you in this context. We receive data from you (e.g., when you communicate with us or comment on our content) and from the platforms (e.g., statistics). The platform providers may analyze your usage and process this data together with other data they have about you. They also process this data for their own purposes (e.g., for marketing and market research purposes and for managing their platforms), acting as independent controllers. For more information on the processing by the platform operators, please refer to the privacy policies of the respective platforms.

We currently use the following platform, with the identity and contact details of the platform operator available in the respective privacy policy:

We are entitled, but not obligated, to review third-party content before or after its publication on our online presences, to delete content without notice, and, if necessary, to report it to the provider of the respective platform.

Some of the platform operators may be located outside of Switzerland. Information regarding the transfer of data abroad can be found further down in this Privacy Policy.

Data Transfer and Transmission Abroad
In connection with the data processing purposes listed above, we may transfer your personal data to the following categories of recipients. If necessary, we will obtain your consent or request an exemption from our professional confidentiality obligation from our supervisory authority.

  • Service Providers: We work with service providers both in Switzerland and abroad, who (i) process data on our behalf (e.g., IT providers), (ii) process data in joint responsibility with us, or (iii) process data on their own behalf that they have received from us or collected for us. These service providers include, for example, IT providers, telephone service providers, banks, insurance companies, collection agencies, credit bureaus, address verifiers, other law firms, or consulting companies. We usually enter into contracts with these third parties regarding the use and protection of personal data.
  • Clients and other contractual partners: This refers primarily to our clients and other contractual partners, where the transfer of your data is necessary under the contract (e.g., because you work for a contractual partner or they provide services for you). This category of recipients also includes entities with which we cooperate, such as other law firms in Switzerland and abroad or legal protection insurance companies. These recipients process the data in their own responsibility.
  • Authorities and Courts: We may disclose personal data to offices, courts, and other authorities in Switzerland and abroad if this is necessary for the fulfillment of our contractual obligations and especially for case management, or if we are legally required or authorized to do so, or if it seems necessary to protect our interests. These recipients process the data in their own responsibility.
  • Counterparties and involved persons: If necessary for the fulfillment of our contractual obligations, particularly for case management, we also pass on your personal data to counterparties and other involved persons (e.g., guarantors, financiers, affiliated companies, other law firms, witnesses, or experts, etc.).
  • Other persons: This refers to other cases where involving third parties is a result of the data processing purposes mentioned above. This includes, for example, delivery recipients or payees you have provided, third parties involved in representation (e.g., your lawyer or bank), or persons involved in legal or court proceedings. We may also share your personal data with our supervisory authority, especially if this is necessary in a specific case to release us from our professional confidentiality obligations. If we work with the media and provide them with material (e.g., photos), you may also be affected. As part of business development, we may sell or acquire businesses, business units, assets, or companies, or enter into partnerships, which may also result in the disclosure of data (including yours, e.g., as a client, supplier, or their representative) to the persons involved in these transactions. There may also be data exchange when communicating with our competitors, industry organizations, associations, and other bodies.

All these categories of recipients may involve third parties, so your data may also become accessible to them. We can limit the processing by certain third parties, but we cannot do so with others (e.g., authorities).

We process and store personal data mainly in Switzerland and the European Economic Area (EEA). Depending on the case – for example, through subprocessors of our service providers or in cases before foreign courts or authorities – personal data may potentially be transferred to any country in the world. Your personal data may also be transferred to any country in the world as part of our work for clients.

If a recipient is located in a country without adequate data protection, we contractually obligate the recipient to comply with an adequate level of data protection (we use the revised standard contractual clauses of the European Commission, available here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj? including the necessary additions for Switzerland), unless they are already subject to a legally recognized framework for ensuring data protection. We may also disclose personal data to a country without adequate data protection without entering into a separate contract if we can rely on an exception. Such an exception may apply, for example, in foreign legal proceedings or in cases of overriding public interest or when the fulfillment of a contract that is in your interest requires such disclosure (e.g., when we disclose data to our correspondence law firms), if you have consented, or if obtaining your consent within a reasonable period is not possible and the disclosure is necessary to protect your life or physical integrity or that of a third party, or if it concerns data you have made generally accessible and have not objected to processing. In some cases, we may also rely on the exception for data from a legally provided register (e.g., the commercial register), which we have lawfully accessed.

 

Duration of retention of personal data
We process and store your personal data as long as it is necessary to fulfill our contractual and legal obligations or otherwise for the purposes pursued by the processing, i.e., for example, for the duration of the entire business relationship (from initiation, execution to termination of a contract) and beyond, in accordance with legal retention and documentation requirements. It is possible that personal data may be kept for the period during which claims against our company can be made and as long as we are otherwise legally obligated to do so or legitimate business interests require it (e.g., for evidence and documentation purposes). Once your personal data is no longer necessary for the above-mentioned purposes, it will generally be deleted or anonymized, where possible. For operational data (e.g., system logs, logs), the retention periods are generally shorter, typically twelve months or less.

Data Security

We take appropriate technical and organizational security measures to protect your personal data from unauthorized access and misuse, such as training, IT and network security solutions, access controls and restrictions, encryption of data carriers and transmissions, and monitoring.

Obligation to Provide Personal Data
As part of our business relationship, you are required to provide the personal data necessary for establishing and conducting the business relationship and fulfilling the associated contractual obligations (there is generally no legal obligation to provide data to us). Without this data, we will usually not be able to enter into or process a contract with you (or the entity or person you represent). Additionally, the website may not be used if certain details necessary for data traffic (such as IP addresses) are not disclosed.

Rights of the Data Subject
You have the right to access, rectify, erase, restrict data processing, object to our data processing (especially for direct marketing, profiling for direct advertising, and other legitimate interests in processing), and to receive certain personal data for transfer to another entity (so-called data portability), in accordance with applicable data protection laws (e.g., under the GDPR). However, please note that we reserve the right to assert the legal limitations, such as if we are obligated to retain or process certain data, have a legitimate interest in doing so (where applicable), or need them to enforce claims. If any costs are involved, we will inform you in advance. We have already informed you about the possibility of withdrawing your consent.

Please be aware that exercising these rights may conflict with contractual agreements, and this may result in consequences such as early contract termination or cost implications. In such cases, we will inform you in advance if this is not already stipulated in the contract.

Exercising these rights generally requires you to verify your identity clearly (e.g., by providing a copy of your ID if your identity cannot be otherwise confirmed). To assert your rights, you can contact our responsible person (mentioned earlier in this privacy policy).

Furthermore, every data subject has the right to enforce their claims in court or to file a complaint with the relevant data protection authority. The relevant data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).

Additional Provisions
We do not assume that the EU General Data Protection Regulation ("GDPR") applies in our case. However, should this exceptionally apply to certain data processing activities, this Section applies exclusively to the purposes of the GDPR and the data processing activities subject to it.

We base the processing of your personal data, in particular, on the fact that:

  • as described above, it is necessary for the initiation and conclusion of contracts and their management and enforcement (Art. 6(1)(b) GDPR);
  • it is necessary for the protection of legitimate interests of ours or third parties, as described in above, specifically for communication with you or third parties, to operate our website, for the improvement of our electronic offerings, and for registration for certain offers and services, for security purposes, for compliance with Swiss law and internal regulations for our risk management and corporate governance, and for other purposes such as training and education, administration, evidence and quality assurance, organization, implementation and follow-up of events, and for the protection of other legitimate interests (see above) (Art. 6(1)(f) GDPR);
  • it is legally required or permitted based on our mandate or our position under the laws of the EEA or a member state (Art. 6(1)(c) GDPR) or necessary to protect your vital interests or those of another natural person (Art. 6(1)(d) GDPR);
  • you have separately consented to the processing, e.g., through a corresponding declaration on our website (Art. 6(1)(a) and Art. 9(2)(a) GDPR).

We inform you that we process your data in principle for as long as our processing purposes (see above), the statutory retention periods, and our legitimate interests, particularly for documentation and evidence purposes, require it, or the storage is technically necessary (e.g., in the case of backups or document management systems). Unless there are legal or contractual obligations or technical reasons to the contrary, we will generally delete or anonymize your data after the storage or processing period in accordance with our usual processes and in line with our retention policy.

If you do not provide certain personal data, this may result in the inability to provide the associated services or enter into a contract. We will generally indicate where personal data requested by us is mandatory.

The right to object to the processing of your data outlined earlier in this statement specifically applies to data processing for the purposes of direct marketing.

If you disagree with our handling of your rights or data protection, please let us know (see "Responsible Party" section above in this statement). If you are in the EEA, you also have the right to lodge a complaint with the data protection supervisory authority of your country. A list of authorities in the EEA can be found here: https://edpb.europa.eu/about-edpb/board/members_de.

 

Changes
We may adjust this privacy statement at any time without prior notice. The most current version, published on our website, applies.