Privacy Statement

Version dated 25 March 2025

The purpose of this Privacy Statement of PST legal & consulting (PST Legal AG and PST Consulting GmbH) (hereinafter collectively “PST”, “we” or “us”) is to inform you how we collect and process personal data in the course of our business activities and to explain your rights to you. Personal data are understood to be any information relating to an identified or identifiable person.

If you provide us with personal data of other persons (e.g. work colleagues, representatives, counterparties), please ensure that these persons are aware of this Privacy Statement and only share their personal data with us if you are allowed to do so and these personal data are correct.

The personal data collected by PST will be collected and processed in accordance with the relevant data protection regulations in Switzerland, in particular the provisions of the Federal Act on Data Protection (FDAG), the EU General Data Protection Regulation (GDPR) and the principles set out below.

Controller

The controller for data processing is PST Legal AG and PST Consulting GmbH, Baarerstrasse 10, 6300 Zug. If you have any concerns about data protection, you can contact us at the following address:

PST legal & consulting
Baarerstrasse 10
6300 Zug
info@pst-legalconsulting.ch
+41 41 729 39 00

Collection and processing of personal data

We primarily process personal data that we receive directly from our clients within the scope of our mandate relationships with them. These are, of course, subject to professional confidentiality. It is also possible that we will receive and collect data from business partners or other persons involved in them. We likewise obtain data from publicly accessible sources such as public registers, the press or the internet in general. We also sometimes receive data from authorities, courts, arbitration tribunals and other third parties such as contract and business partners or counterparties. In addition, we process data that arise through the use of our website (www.pst-legalconsulting.ch) and data that are provided in this context (such as the IP address, device details, settings, etc.). These data are processed in order to analyse the internet traffic on our website, to optimise and improve the functionality of the website and to ensure the security of our information technology systems. When the website is accessed, personal data may also be collected by means of cookies and Google Analytics. Personal data are also collected when contact is made by email.

Purposes of data processing and legal base

We use the personal data we collect primarily for the management of our mandates and in order to enter into and perform contracts with our clients and business partners, for invoicing, for managing communications with our clients and in order to meet our statutory obligations in Switzerland and elsewhere.

In principle, we obtain and process data for the following purposes in particular:

We process personal data so that we can communicate with you and with third parties such as parties in proceedings, courts or authorities by email, telephone, letter or otherwise, e.g. in the case of mandate enquiries. If you apply to us for a job, we will process the corresponding data for the purpose of verifying the application, conducting the application process and entering into any agreement.

We process personal data in relation to the entry into, management and performance of a contract, such as a mandate, and so that we can comply with our contractual obligations towards our clients and other contract partners and perform the contractual services. These data also include in particular minutes of discussions and meetings, notes, internal and external correspondence, contract documents, documents that we create and receive in the context of proceedings before courts and authorities (e.g. statements of claim, notices of appeal and objection, judgments and decisions), background information about you, counterparties or other persons, further mandate-related information, confirmations of activity, invoices and financial and payment information.

We process personal data if and to the extent that this is necessary for the operation of the website, the preservation of operational security (IT), analysis of the use of this website and the improvement of our website. Every time our website is accessed, our system automatically records data and information from the user's computer system, such as information about the browser type, the user's operating system, the date and time of access, web pages from which the user reached our website, pages retrieved on the website and IP addresses.

We collect data about your behaviour and preferences so that we can continually improve our website and other electronic offerings. This is done by, for example, analysing your navigation on our website and your interactions with our social media profiles.

We process personal data in order to comply with prevailing laws, instructions and recommendations of authorities (e.g. on combating money laundering or complying with tax obligations or our ethical and professional obligations), self-regulation, certifications, industry standards and our corporate governance and for internal and external investigations in which we are involved or to which we are a party in proceedings.

If we have an interest corresponding to any of the following purposes, we will process personal data to the extent permitted for that purpose:

marketing and advertising, unless you have objected to the use of your data;

the establishment of legal claims and defence in connection with legal disputes and official proceedings;

the prevention and investigation of criminal offences and other misconduct (e.g. the conduct of internal investigations, data analyses in order to combat fraud);

if you have given us consent to process your personal data for particular purposes (e.g. in order to conduct a background check), we will process your personal data within the scope and on the basis of this consent if we have no other legal basis for doing so and require such a legal basis. Once given, consent can be withdrawn for the future at any time.

Use of cookies/tracking and other technologies in connection with the use of our website

Cookies:

On our website we use cookies and comparable technologies by which your browser or device can be identified. A cookie is a small file that is sent to your computer or is stored automatically on your computer or mobile device by your web browser when you visit our website. This enables us to recognise you if you access this website again, even though we do not know who you are.

Technically necessary cookies improve the functionality of the website. Non-technically necessary cookies improve the user-friendliness of the website.

In addition to cookies that are only used during a session and are deleted after your website visit (“session cookies”), cookies can also be used to store user settings and other information for a particular period of time (e.g. two years) (“permanent cookies”). However, you can set your browser so that it rejects cookies, only stores them for one session or otherwise deletes them prematurely or rejects them. The majority of browsers are set to accept cookies by default. We use permanent cookies so that we can better understand how you use our offerings and content. You can find out how to manage the cookies in your browser via your browser’s help menu. 

The technical data we collect and the cookies normally do not contain any personal data and are pseudonymised by technical measures. These make it impossible to attribute the data to the user. The data are not stored together with other personal data of users.

Tracking and other technologies in connection with the use of our website:

On our website we sometimes use Google Analytics (Google Ireland) or comparable services. This is a service of third parties which enables us to measure and evaluate the use of the website (not relating to particular persons). Permanent cookies set by the service provider are also used for this purpose. The service provider does not receive any personal data from us, nor does it store any IP addresses, but it can track your use of the website, combine this information with data from other websites that you have visited and are likewise tracked by the service provider, and use these findings for its own purposes (e.g. to manage advertising). If you have registered with the service provider yourself, the service provider will also know you. The service provider will then be responsible for processing your personal data in accordance with its data privacy provisions. The service provider only informs us how our particular website is used, such as the number of visitors to the website, where the visitors log in from and how long they stay on our website (no information about you personally).

Google Ireland’s data privacy information can be found here: https://support.google.com/analytics/answer/6004245
Information for Google accounts: https://https://policies.google.com/technologies/partner-sites?hl=en

We also use social media plug-ins. These are small software modules that establish a connection between your visit to our website and a third-party provider. The social media plug-in tells the third-party provider that you have visited our website and may send this provider cookies that the plug-in has previously placed on your web browser. Further information on how these third-party providers use the personal data collected by means of their social media plug-ins can be found in their respective privacy statements.

Some of the third-party providers we use may be located outside Switzerland. Information on the disclosure of information abroad can be found under section 5. In data privacy terms, they are sometimes “only” processors and sometimes controllers. Further information in this regard is set out in the privacy statements.

We operate pages and other online presences on social networks and platforms that are operated by third parties, and we process data about you in this regard. For instance, we obtain data from you (e.g. when you communicate with us or comment on our content) and from the platforms (e.g. statistics).  The providers of the platforms may analyse your use and process these data together with other information they have about you. They also process these data for their own purposes, such as marketing or market research or in order to manage their platforms. In so doing they are acting as independent controllers. Further information about data processing by the platform operators can be found in the privacy statements of the respective platforms.

At present we use the following platforms. The identity and contact details of the respective platform operator can be found in its privacy statement:

LinkedIn
www.linkedin.com
Privacy statement: https://www.linkedin.com/legal/privacy-policy

We are entitled, but not obliged, to review third-party content before or after its publication on our online presences, to delete content without notice and, where appropriate, to report it to the provider of the relevant platform.

Some of the platform operators may be located outside Switzerland. Information on the disclosure of information abroad can be found under section 6.

Forwarding and transfer of data abroad

Where necessary, and if allowed, within the scope of our business activities we will also disclose your personal data to third parties in Switzerland and elsewhere for the purposes set out in section 3. These are the following bodies in particular:

  • service providers of ours (such as banks and insurers), including processors (such as IT providers);
  • clients and other contract partners of ours where the contract allows for the transfer of your data (e.g. because you work for a contract partner or it provides services for you). This category of recipient also includes bodies with whom we cooperate, such as dealers, suppliers, experts and other business partners and auxiliary persons;
  • Swiss and foreign authorities, government offices or courts, if this is necessary for the fulfilment of our contractual obligations and in particular for management of the mandate, or if we are legally obliged or entitled to do so or this appears necessary for the purposes of the interests we pursue;
  • counterparties and other involved persons such as informants or experts;
  • other parties in possible or actual legal proceedings;

(all collectively “recipients”)

Where necessary, we will obtain your consent for this or have our supervisory authority release us from our duty of professional confidentiality.

The recipients may be registered in Switzerland, the EU or some other country in the world. 

If we transfer data to a country without appropriate data protection legislation, we will, as required by law, ensure an appropriate level of protection by means of corresponding agreements (for which we use the revised standard contractual clauses of the European Commission, which can be retrieved at https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?, including the necessary supplements for Switzerland) or will rely on the statutory exceptions of consent, performance of a contract, performance of a mandate, the establishment, exercise or enforcement of legal claims, overriding public interests, the generally accessible personal data or because it is necessary in order to protect the integrity of the data subjects.

Duration of the retention of personal data

We will process and store your personal data for as long as this is necessary for the fulfilment of our contractual and statutory obligations or otherwise for the purposes pursued by the processing, e.g. for the entire duration of the business relationship (from the initiation through the performance to the termination of the contract) and beyond in accordance with statutory duties of retention and documentation. In this context it is possible that personal data will be retained for the period in which claims can be brought against our company and to the extent that we are otherwise legally obliged to do so or legitimate business interests so require (e.g. for the purposes of evidence and documentation).

As soon as your personal data are no longer necessary for the above purposes, they will in principle be erased or anonymised as far as possible. Operating data (e.g. system logs) are in principle subject to shorter retention periods of twelve months or less. Where the data are collected for the purpose of providing the website, they will be erased when the respective session ends. Where data are stored in log files, this will be the case after not more than seven days. In the case of storage above and beyond that period, the IP addresses of users will be erased or anonymised so that it is no longer possible to associate them with the respective user.

Data security

We take suitable technical and organisational security measures to protect your personal data, in particular from unauthorised access and misuse. These security measures will be adapted to the state of the art.

Duty to provide personal data

Within our business relationship, you must provide the personal data that are necessary for the establishment and conduct of a business relationship and compliance with the associated contractual obligations (you will not normally have a statutory duty to provide us with data). Without these data we will not normally be able to enter into or perform a contract with you (or the body or person you represent). Furthermore, it may not be possible to use the website if certain information for ensuring data traffic (e.g. the IP address) is not disclosed.

Rights of the data subject

Within the scope of the data protection legislation applicable for you, you have the right to be informed, the right of rectification or erasure, the right to restrict or to object to the processing of your data and the right to have certain personal data surrendered for the purpose of transmission to another body (known as data portability). Please note, however, that we reserve the right in turn to assert the restrictions provided for in law, such as if we have an obligation to retain or process certain data, have an overriding interest therein, such as in the case of trade secrets (to the extent that we are entitled to invoke them), on the basis of our duty of professional confidentiality or if we need them for the assertion of claims. We will inform you in advance if this would incur any costs for you. We informed you in section 3 above of the possibility of withdrawing your consent.

The exercise of such rights normally presupposes that you provide conclusive evidence of your identity (e.g. by a copy of your identity document if your identity is otherwise unclear or cannot be verified). You can contact us at the address indicated in section 1 in order to assert your rights.

Every data subject also has the right to enforce their claims in court or to lodge a complaint with the competent data protection authority.  The competent data protection authority for Switzerland is the Federal Data Protection and Information Commissioner (FDPIC) (http://www.edoeb.admin.ch).

Applicability of the GDPR

Should the EU General Data Protection Regulation (“GDPR”) be applicable for certain data processing, this section 11 will additionally apply solely for the purposes of the GDPR and the data processing subject to it.

Your personal data will be processed mainly on the basis that:

  • this, as described in section 3, is necessary for the initiation of and entry into contracts and for their management and enforcement (point (b) of Art. 6(1) GDPR);
  • this is necessary for the purposes of the legitimate interests pursued by us or by third parties, as explained in section 5. This encompasses communication with you or third parties, the operation of our website, the improvement of our electronic offerings, security purposes, compliance with Swiss law and internal policies for our risk management and corporate management, and other purposes such as training and education, administration, safeguarding evidence and assuring quality, the organisation, conduct and follow-up of events and the protection of other legitimate interests (see section 3) (point (f) of Art. 6(1) GDPR);
  • this is prescribed by law or permitted on the basis of our mandate or our position under the laws of the EEA or a Member State (point (c) of Art. 6(1) GDPR) or is necessary in order to protect your vital interests or those of another natural person (point (d) of Art. 6(1) GDPR);
  • you have consented separately to the processing, e.g. by a corresponding declaration on our website (point (a) of Art. 6(1) and point (a) of Art. 9(2) GDPR).

We would like to take this opportunity to advise you that we will in principle process your data for as long as this is necessary for our purposes, the statutory retention periods and our legitimate interests, in particular for the purposes of evidence and documentation, or their storage is technically necessary (e.g. in the case of backups or document management systems). In the absence of any legal or contractual obligations or technical reasons against this, we will erase or anonymise your data on expiry of the storage or processing period in the course of our usual processes and in accordance with our retention policy.

If you do not provide certain personal data, this can lead to it not being possible to perform the associated services or enter into a contract. We will always indicate where personal data we require are essential.

If you do not consent to how we deal with your rights or data protection, please let us know. If you are located in the EEA, you also have the right to lodge a complaint with the data protection supervisory authority of your country. A list of the authorities in the EEA can be found here: https://edpb.europa.eu/about-edpb/board/members_en.

Amendments

By using this website, you declare your consent to the collection and processing of your personal data in accordance with this Privacy Statement.

We may amend this Privacy Statement without notice at any time. The current version published on our website applies. If the Privacy Statement is part of an agreement with you, we will inform you by email or in some other suitable manner in the event of any update.

This Privacy Statement does not apply for websites of third-party operators which can be accessed via this website. We do not have any influence on the processing of data by these third-party providers and do not offer any warranty or accept any liability whatsoever in connection with these websites.