Who is the controller for the processing of your data?
The following company is responsible for the processing activities described in this privacy notice:
PRAGER DREIFUSS AG
For what purposes do we process which of your data?
When you use our services, visit or otherwise interact with our website (www.prager-dreifuss.com) or related sub-pages (hereinafter collectively referred to as the "Website"), or if you otherwise interact with us, we collect and process various categories of your personal data. In principle, we may obtain and otherwise process this data in particular for the following purposes:
- Communication: We process personal data so that we can communicate with you as well as with third parties, such as parties to proceedings, courts or authorities, by e-mail, telephone, letter or by other means (e.g. to answer enquiries, in the context of legal advice and representation as well as the initiation or execution of contracts). For this purpose, we process in particular the content and metadata of the communication as well as your contact data, but also image and audio recordings of video or phone calls. Communication also includes that we may send our clients, contractual partners and other interested persons information about events, changes in the law, news about our law firm or similar. This may take the form of newsletters and other contacts (electronic, postal, telephone). You can refuse such communication at any time or refuse or withdraw your consent to such communication. In the event of an audio or video recording, we will inform you separately and you are free to inform us if you do not wish a recording to be made or to terminate the communication. If we need or want to establish your identity, we may collect additional data (e.g. a copy of an identity document).
- Pre-contractual measures and conclusion of contracts: With regard to the conclusion of a contract, such as in particular a contract for the establishment of a client-lawyer relationship, with you or your client or employer, we may in particular collect and otherwise process your name, contact details, powers of attorney, declarations of consent, information about third parties (e.g. contact persons, details of family and counterparties), contract contents, conclusion date, creditworthiness data and all other data which you provide to us or which we collect from public sources or third parties (e.g. commercial register, land register or other registers, credit agencies, sanctions lists, media, legal protection insurance companies or the Internet). Particularly, we also process such data if you, your principal or employer or an entity owned or controlled by you conclude a contract with us to establish an attorney-client relationship or if another party does so in a case in which you are involved. This, namely, includes checks for any conflicts of interest.
- Administration and processing of contracts: We collect and process personal data so that we can comply with our contractual obligations towards our clients and other contractual partners (e.g. suppliers, service providers, correspondence law firms, project partners) and, in particular, so that we can provide and demand the contractual services. This also includes data processing for client management (e.g. legal advice and representation of our clients vis-à-vis counterparties or before courts and authorities and correspondence) as well as data processing for the enforcement of contracts (debt collection, legal proceedings, etc.), accounting and public communication (if permitted). For this purpose, we process in particular the data which we receive or have collected in the course of the initiation, conclusion and execution of the contract as well as data which we create in the course of our contractual services or which we collect from public sources or other third parties (e.g. courts, authorities, counterparties, information services, media, detective agencies or from the Internet). Such data may include, in particular, minutes of conversations and consultations, notes, internal and external correspondence, contractual documents, documents that we prepare and receive in the course of proceedings before courts and authorities (e.g. statements of claim, appeals and complaints, orders, judgments and decisions), background information about you, counterparties or other persons as well as other mandate-related information, performance records, invoices and financial and payment information.
- Improving our electronic offerings: In order to continuously improve our website and other electronic offers, we collect data about your behaviour and preferences, for example by analysing how you navigate through our website and how you interact with our social media profiles and newsletters.
- Registration: In order to be able to use certain offers and services (e.g. newsletter), you must register (directly with us or via our external login service providers). For this purpose, we process the data disclosed during the respective registration. Furthermore, we may also collect personal data about you during the use of the offer or service; if necessary, we will provide you with further information on the processing of this data.
- Security purposes as well as access controls: We obtain and process personal data to ensure and continuously improve the appropriate security of our IT and other infrastructure (e.g. buildings). This includes, for example, monitoring and controlling electronic access to our IT systems as well as physical access to our premises (including by means of procedures involving the processing of biometric data), analyses and tests of our IT infrastructures, system and error checks and the creation of security copies. For documentation and security purposes (preventive and incident investigation), we also maintain access logs or visitor lists in relation to our premises. In the event that we should use surveillance systems (e.g. cameras), we would inform you at the relevant locations by means of appropriate signs.
- Compliance with laws, directives and recommendations from authorities and internal regulations: We obtain and process personal data to comply with applicable laws (e.g. anti-money laundering, tax obligations or our professional obligations), self-regulations, certifications, industry standards, our corporate governance and for internal as well as external investigations to which we are a party (e.g. by a law enforcement or supervisory authority or a mandated private body).
- Risk management and business management: We obtain and process personal data in the context of risk management (e.g. to protect against tortious activities) and business management. This includes, among other things, our business organisation (e.g. resource planning) and corporate development (e.g. acquisition and sale of business units or companies).
- Job application: If you apply for a job with us, we obtain and process the relevant data for the purpose of reviewing the application, conducting the application procedure and, in the case of successful applications, for the preparation and conclusion of a corresponding contract. For this purpose, in addition to your contact details and the information from the corresponding communication, we also process in particular the data contained in your application documents and the data as we can additionally obtain about you, for example from job-related social networks, the Internet, the media and from references if you consent to us obtaining references. Data processing in connection with the employment relationship is the subject of a separate data protection declaration.
- Other purposes: Other purposes include, for example, training and educational purposes and administrative purposes (e.g. accounting). We may listen to or record telephone or video conferences for training, evidence and quality assurance purposes. In such cases, we will notify you separately (e.g. by displaying a notice during the video conference in question) and you are free to tell us if you do not wish to be recorded or to end the communication (if you simply do not wish your image to be recorded, please turn off your camera). In addition, we may process personal data for the organisation, implementation and follow-up of events, such as in particular lists of participants and the content of presentations and discussions, but also image and audio recordings made during these events. The protection of other legitimate interests is also one of the other purposes, which cannot be named exhaustively.
from Where do we get the data we process?
- From you: The majority of the data we process is provided by you (or your terminal device) (e.g. in connection with our services, the use of our website or communication with us). You are only obliged to disclose your data in exceptional cases (e.g. in the event of a corresponding legal obligation). However, if you wish to conclude contracts with us or use our services, for example, you must disclose certain data to us, as otherwise we would not be able to provide our services. Furthermore, the use of our website is not possible without processing of data.
- From third parties: We may also obtain or receive data from publicly available sources (e.g. debt collection registers, land registers, commercial registers, media or the internet including social media) from (i) public authorities, (ii) your employer or client who either has a business relationship or otherwise deals with us, and (iii) other third parties (e.g. clients or their service providers or agents, counterparties, counter-attorneys or correspondent attorneys, legal expenses insurers, credit reference agencies, address dealers, associations, contractual partners, internet analysis services) This includes, in particular, the data that we process in the course of the initiation, conclusion and execution of contracts as well as data from correspondence and discussions with third parties, but also all other categories of data pursuant to section 3.
With Whom do we share your data?
In connection with the measures described in section 3 we transmit your personal data in particular to the categories of recipients listed below. If necessary, we obtain your consent for this or have our supervisory authority release us from our professional duty of confidentiality.
- Affiliated Companies: Where applicable, companies affiliated with PRAGER DREIFUSS AG provide certain services to us or to you, whereby such affiliated companies process data (i) on our behalf, (ii) under joint responsibility with us or (iii) under their own responsibility, which they have received from us or collected for us.
- Service providers: We work with service providers in Germany and abroad who (i) process data on our behalf (e.g. IT providers), (ii) process data jointly with us or (iii) process data on their own responsibility which they have received from us or collected for us. These service providers include, for example, IT providers, banks, insurance companies, debt collection companies, credit reference agencies, address checkers, other law firms or consultancies. As a general rule, we agree contracts with these third parties on the use and protection of personal data, in particular, in view of the attorney-client privilege.
- Clients and other contractual partners: In particular, this includes clients and our other contractual partners with respect to which a transfer of your data arises from the contract (e.g. because you are working for a contractual partner or he provides services for you). This category of recipients also includes bodies with which we cooperate, such as other law firms in Germany and abroad or legal expenses insurers. The recipients process the data under their own responsibility.
- Authorities and courts: We may disclose personal data to offices, courts and other authorities in Switzerland and abroad if this is necessary for the fulfilment of our contractual obligations and in particular for the conduct of our mandate, or if we are legally obliged or entitled to do so, or if this appears necessary to protect our interests. These recipients process the data under their own responsibility.
- Counterparties and persons involved: To the extent necessary for the performance of our contractual obligations, in particular for the management of the mandate, we also disclose your personal data to counterparties and other persons involved (e.g. guarantors, financiers, affiliated companies, other law firms, respondents or experts, etc.).
- Other persons: This refers to other cases where the inclusion of third parties arises from the purposes pursuant to section 3. These include, for example, delivery addressees or payment recipients specified by you, third parties within the framework of representative relationships (e.g. your lawyer or your bank) or persons involved in official or legal proceedings. We may also disclose your personal data to our supervisory authority, in particular if this is necessary in individual cases to release you from our professional duty of confidentiality. If we work with the media and provide them with material (e.g. photos), you may also be affected. In the course of business development, we may sell or acquire businesses, parts of businesses, assets or companies or enter into partnerships, which may also result in the disclosure of data (including about you, e.g. as a client or supplier or as their representative) to the persons involved in these transactions. Communications with our competitors, industry organisations, associations and other bodies may also involve the exchange of data relating to you.
All these categories of recipients may in turn involve third parties, so that your data may also become accessible to them. We can restrict processing by certain third parties (e.g. IT providers), but not by other third parties (e.g. authorities, banks, etc.).
We may also allow certain third parties to collect personal data from you on our website and at events organised by us on their own responsibility (e.g. media photographers, providers of tools that we have integrated on our website, service providers or consultants, etc.). Insofar as we are not decisively involved in these data collections, these third parties are solely responsible for them. If you have any concerns or wish to exercise your data protection rights, please contact these third parties directly. We have explained your rights in section 7 listed. You can find information about the activities on our website in section 8.
May your personal data also be disclosed abroad?
We process and store personal data mainly in Switzerland and the European Economic Area (EEA), but depending on the case - for example via subcontractors of our service providers or in proceedings before foreign courts or authorities - potentially in any country in the world. Your personal data may also be transferred to any country in the world in the course of our activities for clients.
If a recipient is located in a country without adequate data protection, we contractually oblige the recipient to comply with an adequate level of data protection (for this purpose, we use the revised standard contractual clauses of the European Commission, which are available here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?, to the extent necessary with adaptions for Switzerland), insofar as they are not already subject to a legally recognised set of rules to ensure data protection. We may also disclose personal data to a country without adequate data protection without concluding a separate contract for this purpose if we can rely on an exceptional provision for this purpose. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interests or if the performance of a contract which is in your interest requires such disclosure (e.g., if we disclose data to our correspondence offices), if you have given your consent or it is not possible to obtain your consent within a reasonable period of time and the disclosure is necessary to protect your life or physical integrity or that of a third party, or if it concerns data which you have made generally accessible and the processing of which you have not objected to. We may also rely on the exception for data from a register provided for by law (e.g. commercial register) to which we have been legitimately granted access.
What rights do you have?
You have certain rights in connection with our data processing. Depending on the specific applicable law, you can in particular request information about the processing of your personal data, have incorrect personal data corrected, request the deletion of personal data, object to data processing, request the release of certain personal data in a standard electronic format or its transfer to other data controllers.
If you wish to exercise your rights against us, please contact us; you will find our contact details in section 2. In order for us to be able to exclude abuse, we must identify you (e.g. with a copy of your identity card, if necessary).
Please note that prerequisites, exceptions or restrictions apply to these rights (e.g. for the protection of third parties or business secrets or due to our professional duty of confidentiality). We reserve the right to black out copies or to supply only excerpts for reasons of data protection or confidentiality.
How are cookies, similar technologies and social media plug-ins used on our website and other digital services?
You can set your browser to automatically reject, accept or delete cookies. You can also deactivate or delete cookies in individual cases. You can find out how to manage cookies in your browser in the help menu of your browser.
Both the technical data collected by us and cookies do not generally contain any personal data. However, personal data that we or third-party providers commissioned by us store from you (e.g. if you have a user account with us or these providers) may be linked to the technical data or to the information stored in and obtained from cookies and thus possibly to your person.
Currently, we may use offers from the following service providers and advertising partners in particular, whereby their contact details and further information on the individual data processing can be found in the respective data protection declaration:
- Google Analytics
Provider: Google Ireland or another company of the Alphabet Group
Privacy notice: https://support.google.com/analytics/answer/6004245
Information for Google accounts: https://policies.google.com/technologies/partner-sites?hl=de
Third-party providers used by us may be located outside of Switzerland. Information on the disclosure of data abroad can be found under section 6. In terms of data protection law, they are in part "only" order processors of us and in part responsible bodies. Further information on this can be found in the data protection declarations.
How do we process personal data on our social media pages?
We may operate pages and other online presences on social networks and other platforms operated by third parties and process data about you in this context. In doing so, we receive data from you (e.g. when you communicate with us or comment on our content) and from the platforms (e.g. statistics). The providers of the platforms may also analyse your use of the platforms and process this data together with other data that the providers of the platforms have about you. The Platform Providers also process this data for their own purposes (e.g. marketing and market research purposes and to administer their Platforms), and act as their own data controllers for this purpose. For more information on processing by the platform providers, please refer to the data protection statements of the respective platforms.
We are entitled, but not obliged, to check third-party content before or after it is published on our online presences, to delete content without notice and, if necessary, to report it to the provider of the platform concerned.
The operators of the platform we use may be located outside Switzerland. Information on the disclosure of data abroad can be found under section 6.