The websites located at www.mll-legal.com and www.mll-news.com are operated by Meyerlustenberger Lachenal Ltd, with registered office at Grabenstrasse 25, 6340 Baar, Switzerland, registered in the Commercial Register of the Canton of Zug under the number CHE-457.072.861.

Accordingly, we are responsible for the collection, processing and use of your personal data in accordance with the law.

We take data protection very seriously and are committed to the protection of your personal data. We comply with the legal requirements of the Swiss Federal Data Protection Act (FDPA), the Ordinance on the Federal Data Protection Act (OFDPA) and other data protection provisions that may be applicable, in particular the General Data Protection Regulation of the European Union (GDPR).

In the following, we would like to inform you of how we treat your personal data.

Please note that we may amend this privacy policy from time to time, by posting the amend-ed version on our websites. We therefore recommend that you consult this privacy policy regularly.

1.                Scope and purpose of the collection, processing and use of personal data

1.1              When you visit our websites

When you visit our websites, our servers temporarily store each access in a log file. The following data is collected and stored, without any action on your part, until it is automatically deleted after twelve months at the latest:

  • the IP address of the requesting computer,
  • the name of your Internet access provider (usually your Internet access provider),
  • date and time of access,
  • name and URL of the data retrieved,
  • the website from which our domain was accessed (referrer URL), and the search term used, as applicable,
  • the country from which access to our website is made,
  • the operating system of your computer and the browser used (type, version and language), and
  • the transmission protocol used (e.g. HTTP/1.1).

This data is collected and processed for the purpose of allowing the use of our websites (establishing a connection), ensuring system security and stability in the long term and allowing our Internet offering to be optimized, as well as for internal statistical purposes. We rely on our legitimate interests within the meaning of Art. 6 para. 1 lit. f GDPR, to process the data for these purposes.

The IP address will be evaluated for clarification and defense purposes only in the event of an attack on the website(s)’ network infrastructure or in case of a suspicion of unauthorized or abusive use of the websites. It may further be used for identification purposes in criminal proceedings and in the context of civil and criminal proceedings against the concerned individual, as necessary and required. We rely on our legitimate interests within the meaning of Art. 6 para. 1 lit. f GDPR to process the data for these purposes.

Lastly, when you visit our websites, we use cookies as well applications that are based on the use of cookies. Please see Sections 3 “Cookies” and 4 “Tracking Tools” for further details.

1.2              When you contact us by email

On our websites, you have the possibility to contact us or one of our employees by email.

When contacting us by email you are responsible for the communications and/or the content you send to us. We recommend that you do not provide any sensitive information. Personal data will only be collected if you voluntarily disclose it to us. Therefore, you are in control of which information you give us. In order to be able to answer your questions, we may ask you to provide us with additional information, e.g. your address, your telephone number, etc. We will only collect personal data that is necessary to answer your questions or to provide the services you requested.

By processing your email inquiry, our legitimate interest exists within the meaning of Art. 6 para. 1 lit. f GDPR. You can object to this data processing at any time (see Section 14 “Contact”).

1.3              When you contact us by telephone

On our websites, you have the possibility to contact us or one of our employees by telephone.

When contacting us by telephone you are responsible for the communications and/or the content you provide by telephone. We recommend that you do not provide any sensitive information. Personal data will only be collected if you voluntarily disclose it to us. Therefore, you are in control of which information you give us. In order to be able to answer your questions, we may ask you to provide us with additional information, e.g. your address, your e-mail address, etc. We will only collect personal data that is necessary to answer your questions or to provide the services you requested.

By processing your telephone inquiry, our legitimate interest exists within the meaning of Art. 6 para. 1 lit. f GDPR. You can object to this data processing at any time (see Section 14 “Contact”).

1.4              When you subscribe to our newsletter

If you subscribe to our newsletter on our websites, we collect the following information from you:

  • First name*
  • Last name*
  • Email*

The fields marked with * are mandatory.

Our newsletter contains a so-called web beacon (tracking pixel) or similar technical means. A web beacon is a 1×1 pixel, non-visible graphic that is related to the user ID of each newsletter subscriber.

For each newsletter sent, there is information about the address file used, the subject and the number of newsletters sent. In addition, it can be seen which addresses have not yet received the newsletter, to which address it was sent and at which addresses the delivery failed. Moreover the opening rate including the information as to which addresses have opened the newsletter is available. Finally, the information as to which addresses have unsubscribed is collected. We use this data for statistical purposes and to optimize the content and structure of the newsletter. This allows us to better align the information and offers in our newsletter with the individual interests of the recipients. The tracking pixel is deleted when you delete the newsletter.

In order to prevent the use of the web beacon in our newsletter, to the extent it is not already the case by default, please set your email program so that no HTML is displayed in messages. On the following pages, you will find explanations on how to activate this setting for the most common email programs:

With your subscription to our newsletter on www.mll-legal.com and/or www.mll-news.com, you consent, within the meaning of Art. 6 para. 1 lit. a GDPR to the processing by us of the above mentioned personal data provided by you for marketing purposes, such as sending emails with advertising or marketing content (newsletters), sending event invitations, and providing customer-specific advertising.

We may contract third parties for the technical handling of our marketing activities and may disclose your data to such third parties for this purpose (see Section 8 “Disclosure of data to third parties”).

Your email address will be used for advertising/marketing purposes until you withdraw your consent. You may withdraw your consent and unsubscribe from all marketing campaigns at any time either by contacting us (see Section 14 “Contact”) or by unsubscribing through the unsubscribe link at the end of each respective newsletter.

1.5              When you create a user account for MLL-Docs

On our website you have the option to register a user account. When registering, we collect the following data:

  • Username/Email address*
  • Password*

The fields marked with * are mandatory.

Once the login to your user account has been created, you may update your profile with the following information:

  • First Name
  • Last Name
  • Display Name

We need this information to provide you with an overview of your orders and the contracts concluded with you in this context. The legal basis for processing your personal data lies in pre-contractual actions and the execution of a contract within the meaning of Art. 6 para. 1 lit. b GDPR, as well as our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. You can object to this data processing at any time (see Section 14 “Contact”).

1.6              When you buy a product on MLL-Docs

In order to buy a product you either must already have a user account or a user account will be created. When buying products from our online shop on MLL-Docs, we collect the following data:

  • First name*
  • Last name*
  • Company name*
  • Country*
  • Street address*
  • Postcode/ZIP*
  • Town/City*
  • Canton
  • Phone*
  • Email address*
  • Order notes
  • Acceptance of T&C’s and Privacy Policy*

The fields marked with * are mandatory.

We need this information to process your order and to deliver the desired product/services to you. The legal basis for processing your personal data lies in pre-contractual actions and the execution of a contract within the meaning of Art. 6 para. 1 lit. b GDPR.

Finally, we transfer your contact and credit card information to process the credit card payment on the website to your credit card issuer and to the credit card acquirer. We work with the software platform “Stripe” of Stripe Inc., 185 Berry Street, Suite 550, CA 94107 San Francisco, USA. If you would like to make a credit card payment, you will be asked to enter all mandatory information. The legal basis for the transfer of the data lies in the performance of a contract in accordance with Art. 6 para. 1 lit. b GDPR. Regarding the processing of your credit card information and contact details by Stripe, we ask you to read the general terms and conditions and the privacy policy of Stripe available here.

1.7              When you generate a specific automated template purchased on MLL-Docs

In order to generate a more specific template purchased our MLL-Docs you have to enter certain information during the Q&A-process. Such data will not be stored permanently by us directly. However, data to generate the template will be stored temporarily on a server of Metanet (Josefstrasse 218, 8005 Zurich, Switzerland) in Switzerland for a period of 90 days.

In addition data may be collected and stored by the hosting platform of Exari Solutions (Europe) Limited, 20 St Dunstan’s Hill, London EC3R 8HL (Exari). Exari provides the software with which automated templates offered are being created. Exari’s current hosting platform provider is Amazon Web Services which stores the data in Dublin, Ireland.

The legal basis for the transfer of the data lies in the performance of a contract in accordance with Art. 6 para. 1 lit. b GDPR.

1.8              When you apply for a job

When you submit your application for a job at Meyerlustenberger Lachenal Ltd. by email or post, we process the personal data you provide us for the purpose of examining your job application and to contact you in this context if necessary.

The legal basis for processing your personal data lies in pre-contractual actions and the execution of a contract within the meaning of Art. 6 para. 1 lit. b GDPR, as well as our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. You can object to this data processing at any time (see Section 14 “Contact”).

2.                Central Storage

We save the data specified in the previous mentioned sections in a central electronic data processing system. The data relating to you will be systematically recorded, linked and evaluated in order to process your requests and provide our services. In this respect we work with the software platform of STP, Herostrasse 9, 8048 Zurich, Switzerland.

This processing is based on our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR for customer-friendly and efficient management of customer data. We also base the processing of this data on the fulfilment of the contract within the meaning of Art. 6 para. 1 lit. b GDPR. You can object to this data processing at any time (see Section 14 “Contact”).

3.                Cookies

When you access our websites we collect information by means of cookies and tracking.

Cookies are information files that your web browser automatically stores on your device’s hard drive when you visit our website. Cookies neither damage the hard disk of your device nor do they transmit your personal data to us.

Among other things, cookies help us make your visit on our websites easier, more pleasant and more meaningful.

Most Internet browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your device or that a warning message will always appear when a new cookie is set.

On the following pages, you will find explanations as to how to configure the processing of cookies in the most common browsers:

Please note that deactivating cookies may prevent you from using all the features of our websites.

4.                Tracking-Tools

4.1              Google Analytics

We use Google Analytics, a web analysis service of Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland respectively Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. Google Analytics uses methods that allow an analysis of the use of the website, such as cookies. These generate information about your use of this website such as

  • Navigation path that a visitor takes on the site,
  • Length of stay on the website or sub-page,
  • The sub-page on which the website is left,
  • The country, region, or city from where access takes place,
  • Device (type, version, colour depth, resolution, width and height of the browser window),
  • Recurring or new visitors,
  • Browser type/version,
  • The operating system used,
  • The referrer URL (the page previously visited),
  • Host name of the accessing computer (IP address), and
  • Time of the server query

that are transferred to the USA and stored there on servers of Google, a company of the holding company Alphabet Inc. The IP-address will be shortened by the activation of IP anonymisation (“anonymiseIP”) on this website, before transmission within the member states of the European Union or other states that are party to the agreement on the European Economic Area, as well as in Switzerland. Pursuant to Google, the anonymised IP address that the user’s browser transmits within the scope of Google Analytics will not be merged with any other data held by Google. In exceptional cases only, the complete IP address may be transmitted to a Google server in the USA and shortened there. In these cases, we ensure through contractual guarantees that Google complies with a sufficient level of data protection.

The information is used in order to evaluate the use of the website, to compile reports on the activities on the website and to provide other services related to the use of the website and the Internet for the purposes of market research and tailor-made website design. Google may also pass this information on to third parties insofar as this is required by law or if third parties process the data on Google’s behalf. According to Google, no connection is ever made between the IP address and other data relating to the user.

This processing is based on our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. You can object to this data processing at any time (see Section 14 “Contact”).

Users can prevent the collection of the data (including the IP address) generated by the cookie and related to the website use by the respective user’s personal data by Google, as well as the processing of this data by Google, by downloading and installing the browser plug-in available under the following link:

http://tools.google.com/dlpage/gaoptout?hl=en

An opt-out cookie is stored on your device. If you delete cookies, the link must be clicked again.

4.2              Google Tag Manager

We use Google Tag Manager a service of Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, respectively Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA, in order to manage cookies and pixels for tracking tools and other tools. The Tag Manager tool itself is a cookie-free domain and does not collect any personal data. Instead, the tool triggers other tags that may in turn collect data. If you have performed a deactivation at domain or cookie level, this remains in place for all tracking tags implemented using Google Tag Manager.

This processing is based on our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. You can object to this data processing at any time (see Section 14 “Contact”).

4.3              DoubleClick by Google

We further use DoubleClick by Google, a service of Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, respectively Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. For this purpose Google uses the so-called DoubleClick cookie, which makes it possible to recognize the browser used by the user when visiting other websites. The information generated by the cookie about visiting these websites (including the IP address) will be transmitted to and stored on a Google server in the United States.

Google will use this information to evaluate the use of the website concerning the advertising to be shown in order to compile reports for the operator of the website regarding the website activities and advertisements, and to provide further services relating to the use of the website and internet usage. Google may also pass this information on to third parties insofar as this is required by law or if third parties process the data on Google’s behalf. Google will not under any circumstances, however, associate the IP address of a user with any other data held by Google.

Due to the marketing tools used, your browser automatically establishes a direct connection to the Google server. We have no influence on the scope and further use of the data that is collected by Google through the use of this tool and therefore we inform you accordingly: By integrating DoubleClick, Google receives the information that you have accessed the corresponding part of our website or have clicked on a display from us. If you are registered with a Google service, then Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is the possibility that the provider will provide and store your IP address.

For more information on DoubleClick by Google, please visit https://www.google.de/doubleclick, as well as for data protection at Google in general: https://www.google.de/intl/de/policies/privacy.

We base the creation of pseudonymised user profiles for advertising and analysis purposes on our legitimate interest within the meaning of Art. 6 para. 1 (f) of the EU GDPR. This applies to all data processing operations listed. We have a legitimate interest in direct marketing and the analysis of the use of the newsletter. You can object to the previously listed data processing in a different way:

  • by an appropriate setting of your browser software, in particular, the rejection of third-party cookies that causes you not to receive third-party advertisements;
  • by disabling the cookies for conversion tracking by setting your browser in such a way that cookies are blocked by the domain, https://www.google.de/settings/ads, where this setting is deleted when you delete your cookies;
  • by disabling the interest-related advertisements of the providers who are part of the self-regulatory campaign “About Ads”, via the link http://www.aboutads.info/choices, where this setting is deleted when you delete your cookies;
  • through permanent deactivation in your browsers Firefox, Internet Explorer or Google Chrome under the link http://www.google.com/settings/ads/plugin.

5.                Google Maps

We use Google Maps API (Application Programming Interface, “Google Maps”) from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, respectively Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA, on our website for the visual display of geographical information (maps). By using Google Maps, information about the use of our website, including your IP address, is transmitted to a Google server in the USA and stored there.

The legal basis for the processing of data for this purpose is in our legitimate interest according to Art. 6 para. 1 lit. f GDPR. You can object to this data processing at any time (see Section 14 “Contact”).

It is possible to deactivate the Google Maps service and prevent data transfers to Google if you deactivate JavaScript in your browser. However, we would like to point out that in this case you will not be able to use the map display.

More information about the collection, processing and use of your data by Google and your rights in this regard can be found in the Google privacy policy at https://policies.google.com/privacy, as well as in the additional terms of use for Google Maps or Google Earth at https://www.google.com/help/terms_maps/.

6.                Social media plug-ins

On our www.mll-news.com website, we provide you with certain social media functionalities, in particular the option to share a link to an article on Twitter, Facebook, Google+, LinkedIn, etc.

The option to share a link is available for the following social networks:

  • Twitter Inc.,1355 Market Street, Suite 900, San Francisco, CA 94103, USA
  • Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA,
  • Google+ of Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA,
  • LinkedIn, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA, and
  • XING SE, Dammtorstrasse 30, 20354 Hamburg, Germany.

When you click on the relevant social network icons, you will be linked to the relevant social network to share the link to our article on Facebook or on Twitter, for instance. To do this, however, you must log into your corresponding user account or already be logged in. If you click on the icon of the relevant social network, a direct connection is established between your browser and the server of the relevant social network. This gives the network the information that you have visited our website with your IP address and accessed the link to the social network. If you access a link to a network while you are logged in to your account on the relevant network, the contents of our page may be linked to your profile in the network, which means that the network can link your visit to our website directly to your user account. If you want to prevent this, you should log out before clicking on the relevant links. An assignment takes place in any case, if you log into the relevant network after clicking on the link.

In the above cases, we have not disclosed the data within the meaning of the Swiss Federal Data Protection Act. We would like to point out that, as website provider, we are not aware of the content of any data transmitted, or of the use of data by the providers of the social media plug-ins. For further information on this matter, please refer to the privacy policies of the respective social media providers.

7.                Links to our social media presence

On our websites, we have incorporated links to our social media profiles on the following social networks:

  • LinkedIn Corp., 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA;
  • Twitter Inc., 1355 Market Street Suite 900 San Francisco, CA 94103, USA.

If you click on the relevant social network icons, you will be automatically redirected to our profile on the relevant social network. In order to use the functions of the relevant network there, you must partially log in to your user account for the relevant network.

When you open a link to one of our social media profiles, a direct connection is established between your browser and the server of the relevant social network. This gives the network the information that you have visited our website with your IP address and accessed the link. If you access a link to a network while logged in to your account on the relevant network, the contents of our page may be linked to your profile in the network, which means that the network can link your visit to our website directly to your user account. If you want to prevent this, you should log out before clicking on the relevant links. An assignment takes place in any case, if you log into the relevant network after clicking on the link.

For more information about the purpose and scope of the data collection and further data processing by the above social media networks and your respective rights and data protection options, please see their respective privacy policies.

8.                Disclosure of data to third parties

We will only transfer your personal data to third parties if you have given your express con-sent, if there is a legal obligation to do so, or if it is necessary for the enforcement of our rights, in particular to assert claims arising out of the contractual relationship. In addition, we will transfer your data to third parties as far as it is necessary for the use of the websites, the processing of your contact requests, the sending of marketing communications, and the analysis of your user behaviour. The use of the data forwarded for these purposes by third parties is strictly limited to the stated purposes.

Various third-party service providers are explicitly mentioned in this Privacy Policy (e. g. in Section 4 “Tracking Tools”). Additional service providers to whom personal data collected via the websites is passed on or who have or may have access to are the companies that implement our websites, namely Nemuk AG, Agentur für digitales Marketing, Kanzleistrasse 53, 8004 Zurich, Switzerland, and Webeo GmbH, Grütstrasse 27, 8134 Adliswil, Switzerland . The data is passed on for the purpose of providing and maintaining the functionalities of our websites. For this processing we rely on our legitimate interests within the meaning of Art. 6 para. 1 lit. f GDPR.

9.                Transmission of personal data abroad

We may transfer your data to third parties (contracted service providers) located abroad for the purpose of the data processing described in this data privacy policy.

Any such third-party companies are obliged to protect the privacy of individuals to the same extent as we do. If the level of data protection in a country does not correspond to the Swiss or European level, we shall ensure by contract that the protection of your personal data corresponds at all times to that in Switzerland or the EU.

Certain third-party service providers mentioned in this privacy policy have their registered office in the US (see Section 4 “Tracking Tools”). Further explanations on the data that may be transferred to the US can be found under Section 4 “Tracking Tools” and Section 10 “Note on data transfers to the US”.

10.              Note on data transfers to the US

For the sake of completeness, we note that, as part of US legislation, US authorities are able to take surveillance measures, under which the general storage of all data sent from the European Union or Switzerland to the US is possible. This takes place without distinction, limitation or exception, on the basis of the objective pursued and without objective criteria that would allow it to limit access by US authorities to personal data and its subsequent use to specific, strictly limited purposes that justify access to this data.

Furthermore, we would like to point out that there are no legal remedies available in the USA for the data subjects from EU Member States or Switzerland that would allow them to gain access to the data concerning them and to obtain their correction or deletion, and there is no effective legal protection against general access rights of US authorities. We explicitly draw attention to this legal and factual situation to the data subject so that he or she may make an informed decision as to the consent to the use of his or her data.

For individuals residing in EU Member States or Switzerland, please note that, from the point of view of the European Union and Switzerland, the US does not have sufficient data protection levels due, inter alia, to the issues mentioned in this Section. To the extent that we have explained in this privacy policy that recipients of data (such as Google) are located in the US, we will ensure, either by way of a contract or by requiring certifications from the companies at issue under the EU-US/Swiss-US-Privacy Shield, that your data is adequately protected by our partners.

11.              Right to information, deletion and correction

You can any time object to data processing, particularly to data processing in connection with direct marketing (e.g. against advertising e-mails). You have the following rights:

Right to information: You have the right to demand insight into your personal data saved with us any time and free of charge if we are processing this data. You can check as to which of your personal data is being processed by us, and that we are using it according to the applicable data protection regulations.

Right to rectification: You have the right to have incorrect or incomplete personal data rectified and to be informed about the rectification. In this case, we inform the recipients of the data concerned about the rectifications made unless this is impossible or associated with disproportionate effort.

Right to erasure: You have the right to have your personal data deleted under certain circumstances. In certain cases, the right to erasure may be excluded.

Right to restriction of processing: Under certain circumstances, you have the right to demand restriction of the processing of your personal data.

Right to data portability: If you are domiciled outside Switzerland with residence in an EU/EEA Member State under certain circumstances, you have the right to receive from us personal data that you provided to us free of charge and in a readable format.

Right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with a competent supervisory authority if you consider that the processing of personal data relating to you infringes applicable data protection regulations.

Right of revocation: You have the right to revoke an issued consent at any time with effect for the future.

12.              Data retention

We only store personal data for as long as necessary to:

  • provide you with services that you have requested or for purposes as to which you have given your consent, and/or
  • enable the above-mentioned tracking, advertising and analysis services within the scope of our legitimate interests.

Please note that specific legal retention periods may apply for certain data. Such data must be stored by us until the end of the retention period. According to such provisions, e.g. business communication or concluded contracts must be stored for up to 10 years. We block any such data in our system and use them exclusively to comply with our legal obligations.

13.              Data security

We take reasonable technical and organizational security measures that we deem appropriate in order to protect your stored data against manipulation, loss, or unauthorized third party access. Our security measures are continually adapted to technological developments.

We also take internal data privacy very seriously. Our employees and the service providers that we retain are required to maintain secrecy and to comply with applicable data protection legislation. In addition, they are granted access to personal data only insofar as this is necessary for them to carry out their respective tasks or mandate.

14.              Contact

If you have any questions regarding data protection, if you would like to receive information or if you would like to request the deletion of your personal data, please contact us by email at privacy@mll-legal.com. Alternatively, you can write to:

Meyerlustenberger Lachenal Ltd.
Privacy Coordination
Schiffbaustrasse 2
Postfach
8031 Zurich
Switzerland

Date: February 2020