Privacy Policy

1. What is this Privacy Policy about?

2. Who is responsible for data processing?

3. For what purposes and to what extent do we process your personal data?

4. Where does the data come from?

5. Who do we share your data with?

6. Does your personal data also end up abroad?

7. What rights do you have?

8. Does our website use cookies and similar technologies?

9. How do we process personal data on our social media pages?

10. What else should be considered?

 
1. What is this Privacy Policy about?

LEXACT AG (hereinafter referred to as «LEXACT» , also «we», «us») is a law firm based in Zug (Industriestrasse 47, 6300 Zug). In the course of our business activities, we obtain and process personal data, in particular personal data about our clients, related persons, counterparties, courts and authorities, correspondent law firms, professional and other associations, visitors to our website, and other bodies or their contact persons and employees (hereinafter also referred to as «you»). In this privacy policy, we provide information about this data processing. In particular, we will inform you which personal data we process for what, how and where, and what rights you have in this regard.

If you provide us with information about other individuals (e.g., family members, representatives, counterparties, or other related individuals), we will assume that you have the authority to do so, that such information is accurate, and that you have ensured that such individuals are aware of such disclosure to the extent that a legal obligation to provide information applies (e.g., by bringing this Privacy Policy to your attention in advance).

We can adapt and supplement this privacy policy at any time. We will inform about such adjustments and additions in an appropriate form, in particular by publishing the current data protection declaration on our website.

We process personal data in accordance with the provisions of the Swiss Federal Act on Data Protection (FADP) and the European General Data Protection Regulation (GDPR), insofar as the latter is applicable. We take technical and organizational measures to protect your data against manipulation, loss, destruction or unauthorized access by third parties. When accessing our website, the SSL encryption method is used.

 
2. Who is responsible for data processing?

The following persons are responsible for the processing described in this privacy policy:

LEXACT AG (CHE-482.577.822)
Industriestrasse 47
6300 Zug
Switzerland
info@lexact.ch

 
3. For what purposes and to what extent do we process your personal data?

When you use, www.lexact.ch our services (hereinafter referred to as the «Website»), or otherwise interact with us, we collect and process different categories of your personal data. In principle, we may obtain and otherwise process this data for the following purposes in particular:

Communication: We process personal data so that we can communicate with you as well as with third parties, such as parties to proceedings, courts or authorities, by e-mail, telephone, letter or otherwise (e.g. to respond to enquiries, to provide legal advice and representation and to enter into or perform contracts). For this purpose, we will process, in particular, the content of the communication, your contact details and the marginal data of the communication. If we need or want to verify your identity, we will collect additional data (e.g. a copy of an identification document).

Initiation and conclusion of contracts: With regard to the conclusion of a contract, such as in particular a contract to establish an attorney-client relationship, with you or your client or employer, which also includes the clarification of any conflicts of interest, we may in particular collect your name, contact details, powers of attorney, declarations of consent, information about third parties (e.g. contact persons, family details and counterparties), contract contents, date of conclusion, obtain and otherwise process creditworthiness data as well as all other data that you provide to us or that we collect from public sources or third parties (e.g. commercial register, credit agencies, sanctions lists, media, legal expenses insurance or from the Internet).

Administration and processing of contracts: We obtain and process personal data so that we can comply with our contractual obligations towards our clients and other contractual partners (e.g. suppliers, service providers, correspondent offices, project partners) and, in particular, provide and demand contractual services. This also includes data processing for the management of mandates (e.g. legal advice and representation of our clients before courts and authorities and correspondence) as well as data processing for the enforcement of contracts (debt collection, court proceedings, etc.), accounting and public communication (if permitted). For this purpose, we process in particular the data that we receive or have collected in the context of the initiation, conclusion and execution of the contract as well as data that we create in the context of our contractual services or that we collect from public sources or from other third parties (e.g. courts, authorities, counterparties, information services, media, detective agencies or from the Internet) (e.g. Minutes of conversations and consultations, notes, internal and external correspondence, contractual documents, documents that we prepare and receive in the course of proceedings before courts and authorities, background information about you, counterparties or other persons as well as other mandate-related information, proof of performance, invoices and financial and payment information).

Operation of our website: To be able to operate our website securely and stably, we collect technical data, such as IP address, information about the operating system and settings of your device, the region, the time and type of use. We also use cookies and similar technologies. For further information, see Section 8.

Improvement of our electronic offers: In order to continuously improve our website and other electronic offers, we collect data about your behavior and, if necessary, your preferences, for example, by analyzing how you navigate through our website. 

Security purposes: We obtain and process personal data in order to ensure and continuously improve the appropriate security of our IT and other infrastructure. This includes, for example, the monitoring and control of electronic access to our IT systems.

Compliance with laws, directives and recommendations of authorities and internal regulations («compliance»): We obtain and process personal data in order to comply with applicable laws (e.g. anti-money laundering, tax obligations or our professional obligations), self-regulation, certifications, industry standards, our corporate governance as well as for internal and external investigations to which we are a party (e.g. through a law enforcement or supervisory authority or a commissioned private body).

Job application: If you apply for a job with us, we will obtain and process the relevant data for the purpose of reviewing the application, conducting the application process and, in the case of successful applications, preparing and concluding a corresponding contract. In addition to your contact details and the information in the relevant communication, we also process the data contained in your application documents and the data on how we can obtain additional information about you, e.g. from professional social networks, the internet, media and references, if you consent to us obtaining references.

Other purposes: Other purposes include, for example, training and education purposes as well as administrative purposes (e.g. accounting).

 
4. Where does the data come from?

From you: You (or your device) provide us with the majority of the data we process (e.g. in connection with our services, the use of our website or communication with us). You are not obliged to disclose your data, with exceptions in individual cases (e.g. legal obligations). However, if you want to conclude contracts with us or make use of our services, for example, you must provide us with certain data. The use of our website is also not possible without data processing.

From third parties: We may also obtain data from publicly accessible sources (e.g. debt collection registers, land registers, commercial registers, media or the Internet including social media) from (i) authorities, (ii) your employer or client, who is either in a business relationship with us or has other dealings with us, as well as (iii) other third parties (e.g. clients, counterparties, legal expenses insurance companies, associations, contractual partners). This includes, in particular, the data that we process in the context of the initiation, conclusion and processing of contracts, as well as data from correspondence and meetings with third parties, but also all other categories of data in accordance with Section 3.

 
5. Who do we share your data with?

In connection with the purposes referred to in Section 3, we transmit your personal data in particular to the categories of recipients below. If necessary, we will obtain your consent or be released from our professional confidentiality by the supervisory authority.

Service providers: We work with service providers in Switzerland and abroad who process (i) on our behalf (e.g. IT provider), (ii) in joint responsibility with us or (iii) on their own responsibility data that they have received from us or collected for us.

Clients and other contractual partners: This refers first of all to clients and other contractual partners of ours for whom a transfer of your data results from the contract (e.g. because you work for a contractual partner or he provides services for you). This category of recipients also includes entities with which we cooperate, such as other law firms in Switzerland and abroad or legal expenses insurance companies. The recipients process the data under their own responsibility.

Authorities and courts: We may pass on personal data to offices, courts and other authorities in Switzerland and abroad if this is necessary for the fulfilment of our contractual obligations and in particular for the management of our mandate, or if we are legally obliged or entitled to do so or if this appears necessary to protect our interests. These recipients process the data under their own responsibility.

Counterparties and persons involved: If this is necessary for the fulfilment of our contractual obligations, in particular for the management of our mandates, we also pass on your personal data to counterparties and other persons involved (e.g. affiliated companies, other law firms, persons providing information or experts, etc.).

Other people: This refers to other cases where the involvement of third parties arises from the purposes set out in Section 3. This applies, for example, to delivery addressees or payment recipients specified by you, third parties in the context of agency relationships (e.g. your lawyer or bank) or persons involved in administrative or judicial proceedings. We may also pass on your personal data to our supervisory authority, in particular if this is necessary in individual cases for the release from our professional confidentiality.

All of these categories of recipients may in turn involve third parties so that your data can also be accessed by them. We can restrict processing by certain third parties (e.g. IT providers), but not those of other third parties (e.g. authorities, banks, etc.).

 
6. Does your personal data also end up abroad?

We process and store personal data primarily in Switzerland and the European Economic Area (EEA), but potentially in any country in the world, depending on the case – for example, through subcontractors of our service providers or in proceedings before foreign courts or authorities.

If a recipient is located in a country without adequate data protection (which is decided by the Swiss Federal Data Protection and Information Commissioner FDPIC or, if the GDPR applies, by the European Commission), we contractually oblige the recipient to maintain a sufficient level of data protection (for this purpose, we use the revised standard contractual clauses of the European Commission, which can be found here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?, including the amendments necessary for Switzerland), insofar as it is not already subject to a legally recognized set of rules to ensure data protection. We may also disclose personal data to a country without adequate data protection without entering into a separate contract for this purpose, if we can rely on an exemption provision for this. An exception may apply in particular to legal proceedings abroad, but also in cases of overriding public interests or if the execution of a contract that is in your interest requires such disclosure (e.g. if we disclose data to our correspondent offices), if you have consented, or it is not possible to obtain your consent within a reasonable period of time and the disclosure is necessary, to protect your life or physical integrity or that of a third party, or if it is data that you have made publicly available and you have not objected to being processed. We may also rely on the exception for data from a register provided for by law (e.g. commercial register) to which we have legitimately gained access.

 
7. What rights do you have?

In accordance with applicable law, you have the following rights in connection with our data processing:

You have a right of access, as well as the right to review and correct all of your personal data held by us if you believe it is incorrect or incomplete (right to rectification). You also have the right to object to the processing (right to object), to restrict the processing (right to restriction of processing), to delete the data (right to deletion) or to have the data transferred (right to data portability). You are also entitled to revoke your consent to the use of your personal data at any time with effect for the future (right of withdrawal).

Please note that these rights are subject to conditions, exceptions or limitations (e.g. to protect third parties or trade secrets or due to our professional confidentiality).

If you wish to exercise your rights against us, please contact us; our contact details can be found in Section 2. In order to rule out misuse, we need to identify you (e.g. with a copy of your ID, if necessary).

If you do not agree to our data processing, you can report this to the Swiss Federal Data Protection Commissioner. You may have the right to lodge a complaint with a supervisory authority in the EU.

 
8. Does our website use cookies and similar technologies?

When using our website, data is generated that is stored in logs (in particular technical data). For example, the provider of this website automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

    • the name of the accessed website or the respective subpage
    • the file
    • the date and time of retrieval
    • the amount of data transferred
    • a message about the successful retrieval
    • the browser type and version
    • the user’s operating system
    • the referrer URL (the previously visited page or website)
    • the IP address
    • the requesting provider

The temporary storage of the data is necessary to ensure a smooth connection setup, the comfortable use of the website, the evaluation of system security and stability as well as for other administrative purposes. The data is stored for a maximum period of seven days and then deleted. Data whose further retention is necessary for evidentiary purposes is exempt from deletion until the respective incident has been finally clarified.

In addition, when you visit our website, we may use cookies and other cookie-based applications (but this is not currently the case). Cookies are data that are stored in your browser. When you visit our website, they can be temporarily stored in your browser as «session cookies» or for a certain period of time as so-called permanent cookies. «Session cookies» are automatically deleted when you close your browser. Permanent cookies have a certain storage period. In particular, they make it possible to recognize your browser the next time you visit our website and thus to measure the reach of our website, for example. However, permanent cookies can also be used for online marketing, for example.

A general objection to the use of cookies can be declared for a large number of services, especially in the case of tracking, via AdChoices (Digital Advertising Alliance Of Canada), Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA). Furthermore, the storage of cookies can be prevented by deactivating them in the settings of the browser. Please note that in this case it may not be possible to use all functions of our online offer.

 
9. How do we process personal data on our social media pages?

We operate pages and other online presences on social networks and other platforms operated by third parties and process data about you in this context.

In doing so, we receive data from you (e.g. when you communicate with us or comment on our content) and from the platforms (e.g. statistics). The providers of the platforms may analyze your usage and process this data together with other data they hold about you. They also process this data for their own purposes (e.g. marketing and market research purposes and to administer their platforms), and act as their own controllers for this purpose. For further information on processing by the platform operators, please refer to the privacy policies of the respective platforms.

We currently use the following platform, whereby the identity and contact details of the platform operator can be found in the privacy policy:

LinkedIn: This is where we run the site https://www.linkedin.com/company/lexact- ag/. LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland is responsible for operating the platform. Their data protection information is available at https://www.linkedin.com/legal/privacy-policy . Information on the opt-out can be found under https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

 
10. What else should be considered?

In principle, we are subject to the Swiss Data Protection Act for most of our services. If, however, the GDPR is applicable to certain data processing, this Section 201 shall also apply exclusively for the purposes of the GDPR and the data processing subject to it. 10.

We base the processing of your personal data in particular on the fact that:

    • as described in Section 3 is necessary for the initiation and conclusion of contracts and their administration and enforcement (Art. 6 para. 1 lit. b GDPR);
    • it is necessary to protect the legitimate interests of us or of third parties as described in Section 3 in particular for communication with you or third parties in order to operate our website, for the improvement of our offers, for security purposes, for compliance with Swiss law for the processing of applications and for the other purposes mentioned (Art. 6 para. 1 lit. f GDPR);
    • it is required by law or our position under the law of the EEA or a member state (Art. 6 para. 1 lit. c GDPR) or is necessary to protect your vital interests or those of other natural persons (Art. 6 para. 1 lit. d GDPR).
    • you have consented to the processing separately (Art. 6 para. 1 lit. a and Art. 9 para. 2 lit. a GDPR).
 

We would like to point out that we will process your data as long as our processing purposes (Section 3), the statutory retention periods and our legitimate interests, in particular for documentation and evidentiary purposes, require it or storage is for technical reasons (e.g. in the case of backups or document management systems).

If there are no legal or contractual obligations or technical reasons to the contrary, we will delete or anonymize your data after the expiry of the storage or processing period as part of our usual processes.

If you do not provide certain personal data, this may mean that it is not possible to provide the related services or to conclude a contract. We always indicate where personal data required by us is mandatory.

The right to object to the processing of your data set out in Section 7 applies in particular to data processing for the purpose of direct marketing.

If you do not agree with our handling of your rights or data protection, please let us know (see contact details in Section 2). If you are located in the EEA, you also have the right to complain to the data protection supervisory authority in your country. A list of authorities in the EEA can be found here: https://edpb.europa.eu/about- edpb/board/members_de.

 
Version: 07/2024
 

Debora Durrer

Lawyer, Notary

INITIAL AND CONTINUING EDUCATION

    • Bar and Notary admission of the Canton of Zug (2011)
    • MLaw from the University of Fribourg (2009)
    • Social Internship at Human Rights Without Frontiers, Brussels, Belgium (2007)
    • Legal studies at the University of Fribourg
    • Preparatory Course for University Studies in Switzerland (VKHS), Fribourg (2003)
    • Highschool graduation, York High School, George, South Africa (2002)

 

OCCUPATIONAL AND PART-TIME ACTIVITIES

    • since 2021 independent Attorney-at-Law and Civil Law Notary in Zug
    • Public Law Notary at the Commune of Cham (2014 – 2021)
    • Associate and Civil Law Notary with a leading business law firm in Zug (2011-2014)
    • Trainee at the District Court of Lucerne
    • Trainee with a leading business law firm in Zug/Zurich (2009/10)
    • Research Assistant at the Department of Public Law, University Fribourg (2008)
    • Swiss Bar Association
    • Bar Association of the Canton of Zug

Silvia Margraf

Lawyer, Notary

INITIAL AND CONTINUING EDUCATION

    • Bar and Notary admission of the Canton of Zug (2006)
    • Lic. iur. from the University of Zurich (2004)

OCCUPATIONAL AND PART-TIME ACTIVITIES

    • since 2012 independent Attorney-at-Law and Civil Law Notary in Zug
    • Associate and Civil Law Notary with a leading business law firm in Zurich/Zug (2006-2012)
    • Trainee with a leading business law firm in Zug (2005)
    • Swiss Bar Association
    • Bar Association of the Canton of Zug

Silvia Margraf

Rechtsanwältin, Notarin

AUS- UND WEITERBILDUNG
    • Anwalts- und Notariatspatent des Kantons Zug (2006)
    • Lic. iur. Universität Zürich (2004)
    • Rechtsstudium an der Universität Zürich

BERUFLICHE UND NEBENBERUFLICHE TÄTIGKEITEN
    • seit 2012 selbständig praktizierende Rechtsanwältin und Notarin
    • Anwältin und Notarin bei einer führenden Wirtschaftskanzlei in Zürich/Zug (2006 – 2012)
    • Rechtsanwaltspraktikum bei einer führenden Wirtschaftskanzlei in Zug (2005)
    • Mitglied SAV Schweizer Anwaltsverband
    • Mitglied Advokatenverein des Kantons Zug

Debora Durrer

Rechtsanwältin, Notarin

AUS- UND WEITERBILDUNG
    • Anwalts- und Notariatspatent des Kantons Zug (2011)
    • MLaw Universität Fribourg (2009)
    • Sozialpraktikum bei Human Rights Without Frontiers, Brüssel, Belgien (2007)
    • Rechtsstudium an der Universität Fribourg
    • Vorbereitungskurs auf das Hochschulstudium in der Schweiz (VKHS), Fribourg (2003)
    • Matura, York High School, George, Südafrika (2002)

BERUFLICHE UND NEBENBERUFLICHE TÄTIGKEITEN

    • seit 2021 selbständig praktizierende Rechtsanwältin und Notarin
    • Notarin bei der Einwohnergemeinde Cham (2014 – 2021)
    • Anwältin und Notarin bei einer führenden Wirtschaftskanzlei in Zug (2011 – 2014)
    • Gerichtspraktikum am Bezirksgericht Luzern (2010)
    • Trainee bei einer führenden Wirtschaftskanzlei in Zug/Zürich (2009/10)
    • Mitglied SAV Schweizer Anwaltsverband
    • Mitglied Advokatenverein des Kantons Zug