(Version 2.1; valid from November 23, 2023)

We, ambralaw Rechtsanwälte Notare (hereinafter "ambralaw" or "we"), inform you with this Privacy Policy about the nature, scope and purpose of the processing of personal data in connection with our professional activities and operations, including the operation of this website, as well as about the rights of persons whose data we process.

Other or additional privacy policies and other legal documents such as terms of use or individual agreements with the data subjects may apply to individual activities and operations.

We process personal data in accordance with the relevant data protection provisions in Switzerland and the Canton of Bern, in particular the provisions of the Federal Act on Data Protection (FADP) and the Data Protection Act of the Canton of Bern (DPA), and - if and insofar as applicable - the EU General Data Protection Regulation (GDPR) and the principles described below.

I. CONTROLLER AND CONTACT DETAILS

The controller for the processing of personal data (within the meaning of Art. 5 lit. j and Art. 19 para. 2 lit. a FADP) is

Ambralaw Attorneys at law Notaries
Bundesgasse 26
CH 3001 Berne

E-Mail: office.rueetschi(at)ambralaw.ch

Data protection concerns and questions relating to this privacy policy and declarations on the exercise of rights in accordance with section VII can be sent at any time by post or e-mail to the above-mentioned delivery addresses.

II. PROCUREMENT AND PROCESSING OF PERSONAL DATA

Primarily, we process personal data received by our clients and other business partners as part of our client relationships and other contractual relationships with them or that we obtain when operating this website. To the extent permitted by law, we also obtain data from public sources such as public registers, the press or the internet in general. In some cases, we also receive data from authorities, (arbitration) courts and other third parties such as contractual and business partners or counterparties.

We only retain (store, archive) personal data for as long as is necessary to process the client relationship, for as long as there is a statutory retention and documentation obligation or for as long as we have an overriding private or public interest (e.g. defence against liability claims until the absolute limitation period expires). The following legal provisions, among others, are decisive for the duration of the storage of client data:

• Pursuant to Art. 11 of the Cantonal Lawyers Act (KAG) of the Canton of Bern, lawyers' files (client files) must be retained for 10 years;
• Pursuant to Art. 958 f. CO account books and accounting documents (e.g. invoices to clients) must be kept for 5 years;
• Pursuant to Art. 127 of the Swiss Code of Obligations, claims arising from the breach of contractual obligations (e.g. expert opinions and legal mandates) expire after 10 years.

If clients provide us with personal data via a third party (e.g. via their employees or other contact persons), it is up to the client to inform this party in a general manner about the processing by legal service providers (such as ambralaw) or other external service providers (e.g. in a data protection declaration for employees).

III.  PURPOSES AND LEGAL BASIS OF DATA PROCESSING

We process your personal data primarily in connection with the contractual relationship between us (as a provider of legal and notarial services) and you (as a client) and/or any third parties involved and therefore also for the following purposes:

• Initiating, concluding, managing and processing contracts, for example for clarifications with banks, insurance companies, asset managers and in non-public registers.
• Obtaining powers of attorney; balancing bank accounts; obtaining private documents for the establishment of an inventory; receipt and disbursement of funds in connection with the execution of notarised contracts; drafting articles of association and contracts (not requiring notarisation).
• Conducting contract negotiations; legal and tax advice; fiduciary functions.
• Legal representation of clients in civil, criminal and administrative proceedings, claims settlement and conducting investigations.
• Activities as executor; other services, e.g. negotiations with authorities, legal representation, obtaining building permits, etc.

In addition, we process personal data of you and other persons insofar this is permissible and necessary in our judgment also for the following purposes in which we have a legitimate interest corresponding to the respective purpose and/or based on your consent:

• Further development of our offers, services and our website.
• Communication (e.g. to organise online meetings) and marketing, in particular sending invitations to customer events or workshops.
• Assertion of legal claims and defence in connection with legal disputes and official proceedings.
• Preventing and investigating criminal offences and other misconduct (e.g. conducting internal investigations, data analyses to combat fraud).
• Safeguarding our operations, particularly in the area of IT systems.

• Any transactions under company law and associated transfers of personal data as well as measures for business management and compliance with legal and regulatory obligations and internal regulations of ambralaw Rechtsanwälte Notare.

IV. USE OF COOKIES AND OTHER TECHNOLOGIES IN CONNECTION WITH THE USE OF THE WEBSITE

A) Cookies

We may use cookies and similar technologies on our website. Cookies - both our own cookies (so-called first-party cookies) and cookies from third parties whose services we use (so-called third-party cookies) - are data that are stored in the browser. This stored data does not have to be limited to conventional cookies in text form. You can set your browser so that it rejects cookies, only stores them for one session or otherwise deletes them prematurely. Most browsers are preset to accept cookies.

If and as soon as we use cookies and/or comparable technologies on our website for which the applicable data protection law requires the clear and informed consent of the user, e.g. for the use of non-essential cookies, we actively ask the users of our website for their express consent to the respective use.

B) Tracking and other technologies in connection with the use of our website

We do not use Google Analytics or similar tracking technologies on our website.

C) Social media plugins

We do not use any social media plugins from social networks on our website.

D) Framing

We do not embed any videos, photos, text messages or other content from social networks or other online services on our website.

V. COMMISSIONED DATA PROCESSING AND CROSS-BORDER DATA TRANSFER

ambralaw Rechtsanwälte Notare shall be authorised to commission data processors in Switzerland and abroad with the processing of personal data and to disclose to them the personal data collected by ambralaw Rechtsanwälte Notare for this purpose, provided that they offer sufficient guarantee that all requirements of applicable law, in particular notarial, legal and data protection law, are met and contractually undertake to process the personal data only on behalf of and for the purposes specified by ambralaw Rechtsanwälte Notare and in compliance with other necessary regulations and requirements. These are in particular auxiliary persons (such as in particular lawyers and law firms and experts in Switzerland and abroad) and other business partners.

VI. DATA SECURITY AND CONFIDENTIALITY

We take appropriate technical and organisational security measures to protect your personal data from unauthorised access by third parties and misuse, e.g. by encrypting data carriers and connections for the transmission of confidential content, anonymising and pseudonymising data, issuing internal directives, training our employees, IT and network security solutions, access controls and restrictions. These security measures are always adapted to the current state of the art.

We recommend that sensitive and confidential messages and documents are not sent unencrypted by e-mail, particularly in the context of the client relationship with our clients, but rather via a trustworthy and reliable secure messaging platform with server locations in Switzerland (e.g. IncaMail from Swiss Post or PrivaSphere Secure Messaging). We assume that people who nevertheless send us unencrypted e-mails agree to this type of communication, which is insecure from a confidentiality point of view.

VII. RIGHTS OF THE DATA SUBJECT

Within the framework of the data protection law applicable to you, you have the right to information, correction of incorrect personal data, blocking and deletion of your personal data at any time, provided that this does not conflict with any statutory retention obligation or the personal data is absolutely necessary for the fulfilment of the contract. You also have the right to the disclosure of certain personal data for the purpose of transferring it to another organisation (so-called data portability).

Furthermore, consent to the collection and processing of data can be revoked at any time with effect for the future.

Requests for information, correction and deletion as well as a revocation of consent to data processing and a request for data transfer must be sent by post or e-mail to the contact address listed in Section I above.

As a rule, exercising the rights under this Section VII requires that you provide clear proof of your identity (e.g. by means of a copy of an identity document where your identity is otherwise not clear or cannot be verified). Please also note that exercising these rights may conflict with contractual agreements and may have legal consequences, such as premature termination of the contract or cost consequences. In such a case, we will inform you in advance if the corresponding legal consequences are not already contractually and/or legally regulated.

As a data subject, you also have the right to enforce your claims in court or to lodge a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (https://www.edoeb.admin.ch).

VIII. ENTRY INTO FORCE AND AMENDMENTS

This Privacy Policy enters into force on November 23, 2023 and replaces the Privacy Policy of ambralaw Rechtsanwälte Notare dated 1 September 2023.

By using this website, you consent to the collection and processing of your personal data in accordance with this Privacy Policy.

You also acknowledge that we may amend, supplement or update this Privacy Policy at any time at our own discretion and without prior notice. The current version published on our website shall apply. By continuing to use this website, you agree to the changes.

This privacy policy does not apply to websites of third-party operators that can be accessed via this website. We have no influence on the data processing by these third-party providers and assume no warranty or liability in connection with these websites.