The following data protection declaration provides information on how your personal data is processed in connection with the website www.lezzilegal.ch (website) or in the context of the client relationship by LezziLegal (LezziLegal, us).

The following information is regularly reviewed and updated to ensure it is current.

The aim of this information is:

·       to provide you with comprehensive information about the processing of your personal data by LezziLegal;

·       to inform you of your rights in relation to the processing of your personal data; and

·       to provide you with the contact details of the entity responsible for the processing of your personal data.

Your trust is important to us, therefore we take the issue of data protection seriously and pay attention to appropriate security. We commit ourself to a responsible handling of your personal data. Of course, we comply with the provisions of the Federal Act on Data Protection (FADP), the Ordinance to the Federal Act on Data Protection (FADP), General Data Protection Regulation (GDPR) (EU) 2016/679, the Telecommunications Act (TCA) and, as far as applicable, other provisions of data protection law.

In order for you to know what personal data we collect from you and for what purposes LezziLegal uses it, please take note of the following information.

1.Scope and purpose of the collection, processing and use of personal data

1.1 Visiting the website

When you visit the website, the servers of Hostpoint.ch, Hostpoint AG, Neue Jonastrasse 60 8640 Rapperswil-Jona Switzerland, temporarily stores each access in a log file. The following data is collected without your intervention and stored until automated deletion by LezziLegal:

·       Date and time of the access

·       IP address

·       By IP address the approximate location of the Internet connection is tracked

·       The operating system used e.g. Apple or Windows

·       The browser type e.g. Safari, Firefox, Explorer etc.

·       Where the access comes from; via Google, Yahoo etc. or directly by entering the https:// domain.

·       Error messages

·       Details of the transferred data (e.g. the size of a question, answer or comment in the case of a blog post, for example).

The collection and processing of this data is done for the purpose of enabling the use of the website (connection establishment), to ensure system security and stability on a permanent basis and to enable the optimization of our Internet offer as well as for internal statistical purposes. In the purposes described above, there is a legitimate interest in data processing within the meaning of Art. 6 para. 1 lit. f GDPR.

In the event of an attack on the network infrastructure or suspicion of other unauthorized or abusive website use, the IP address will be evaluated for reconnaissance and defense and, if necessary, used in criminal proceedings for identification and civil or criminal action against the users concerned. In the purposes described above, there is our legitimate interest in data processing within the meaning of Art. 6 para. 1 lit. f GDPR.

Finally, cookies and other applications based on cookies are used when you visit the website. For further information, please refer to section 3 “Cookies”.

1.2 Contact by e-mail

You are responsible for the message and/or the transmitted content that you send to LezziLegal. Personal data is only collected if you provide it to LezziLegal voluntarily. Therefore, you are responsible for what data you transmit. In order to answer your questions, we may ask you to provide us with additional information, such as your address, telephone number, etc. LezziLegal only collects personal data from you if this is necessary to answer your questions or to provide the services you have requested.

When processing your inquiry by e-mail, there is a legitimate interest in data processing within the meaning of Art. 6 para. 1 lit. f GDPR. You can object to this data processing at any time.

1.3 Contact via contact form

On our website, you can contact us via the contact form. Although the connection is secure, we ask you not to send us confidential data via this channel.

1.4 Mandate relationship

In the context of a mandate relationship, LezziLegal processes the following personal data, among others:

·       Your name and contact details (for example, name, address, telephone number or email address), information about the company for which you represent, your position or title and/or your relationship with a person, and other basic information);

·       Identification and background information that you provide to us or that we collect from you in the course of establishing the client relationship;

·       Billing and financial information, such as payment information;

·       Information that you have provided to us or that we collect from you in the course of providing services to you in connection with and for the purposes of the engagement, including communications related to the engagement

·       Information related to documents and communications that we send to you electronically.

·       Any other information related to you that you provide to us.

LezziLegal processes the information in order to communicate with you, to carry out money laundering, conflict and reputation checks before opening a mandate, to be able to offer you the services or legal advice you have requested, to bill you for the services and to manage the business relationship with you, including the assertion, enforcement and defense of legal claims.

The legal basis for the processing of your personal data for the preceding purposes lies in pre-contractual measures and the execution of a contract within the meaning of Art. 6 para. 1 lit. b GDPR, in the fulfillment of legal obligations according to Art. 6 para. 1 lit. c GDPR and, if applicable, in our legitimate interest in the targeted and efficient support of the client relationship within the meaning of Art. 6 para. 1 lit. f GDPR.

2. Place of data storage

The personal data affected by and mentioned in the data protection regulations are stored on local data carriers in the office premises of LezziLegal in addition to the servers of our IT-provider (JMC Software AG).

All data is processed in Switzerland. In exceptional cases, data collected as part of the use of Google Analytics may be transferred to the USA

3. Cookies                                                        

A cookie is a small record stored in text files that are placed on your browser or other device when websites are loaded in the browser. Cookies are used to “remember” you and your preferences when you visit our website, either for a single visit (through a “session cookie”) or for multiple repeat visits (referred to as a “persistent cookie”). A session cookie is deleted when you close your browser or after a short period of time. A persistent cookie is kept for a specified period of time, after which it expires and is deleted.

Both the technical data LezziLegal collects and cookies generally do not contain any personal data. However, personal data that LezziLegal or third-party providers contracted by us store from you (e.g., if you have a user account with us or these providers) may be linked to the technical data or to the information stored in and obtained from cookies and thus possibly to your person.

LezziLegal uses session cookies and persistent cookies on our website to provide a consistent and efficient experience for users of our website. Cookies also perform functions that allow users to remain logged in to the website, if that is the case.

There are basically the following types of cookies:

·       Strictly necessary: These cookies are essential to allow you to use our website and its features. The information collected by these cookies relates to the operation of our website, such as language recognition, website scripting language, and security tokens to maintain secure areas of our website.

·       Performance and analytics: these cookies collect anonymous information about how you use our website, such as which pages you visit most often, whether you receive error messages, and how you arrived at our website. They are also used to track details such as the number of unique visitors and page views to improve the user experience. The information collected by these cookies is only used to improve the use of our website, and never to identify you. These cookies are sometimes set by trusted third parties.

·       Functionality: These cookies store the choices you make, such as the country from which you visit our website and any changes you have made to the text size or other parts of web pages that you can customize to improve your experience with  our website and make your visits more tailored and enjoyable. The information collected by these cookies can be anonymized and cannot be used to track your browsing activity on other websites.

·       Third-party / embedded content: These cookies improve the experience of users of the website. These cookies allow you to share your activity on our website with social media such as Facebook and Twitter. We have no control over the information collected by these cookies.

Our website automatically uses only strictly necessary cookies to enable you to use our website and its features and to ensure the functionality of our website. Other cookies can be activated in the cookie banner

In the purposes described above, there is our legitimate interest in maintaining a stable and functioning website within the meaning of Art. 6 para. 1 lit. f GDPR.

4. Google Analytics 

We use Google Analytics, an analysis tool from Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, or Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (Google). Google Analytics uses methods that make it possible to analyse the use of our website, such as cookies. The information generated by the cookie about your use of our website:

·       Browser information,

·       Click path,

·       Date and time of the visit,

·       Device information,

·       downloads,

·       Flash version,

·       Location information,

·       IP address,

·       JavaScript support,

·       pages visited,

·       purchase activity,

·       referrer URL,

·       Usage data,

·       widget interactions,

·       Navigation path followed by a visitor on the websites

·       Time spent on the websites and subpages,

·       The subpage on which the websites are left,

·       The country, region or city from which access is made,

·       End device (type, version, colour depth, resolution, width and height of the browser window),

·       Returning or new visitor,

·       Browser provider/version,

·       The operating system used,

·       The referrer URL (previously visited website),

·       Host name of the accessing computer (IP address),

·       Time of the server enquiry,

are generally transmitted to a Google server in the USA and stored there. The IP address is shortened by activating IP anonymisation (“anonymizeIP”) before transmission within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area or Switzerland. According to Google, the masked IP address transmitted by Google Analytics will not be merged with other Google data. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there. In these cases, we ensure through contractual guarantees that Google complies with an adequate level of data protection.

The information is used to analyse the use of lezzilegal.ch, to compile reports on activities and to provide other services associated with the use of lezzilegal.ch for the purposes of market research and the needs-based design of lezzilegal.ch. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf.

The legal basis for this data processing with the following tools is your consent within the meaning of Art. 6 para. 1 lit. a EU-DSGVO. You can revoke your consent or refuse processing at any time by rejecting or switching off the relevant cookies in your web browser settings or by making use of the service-specific options described below.

5. Data transfer to the USA

Google is based in the USA. For the sake of completeness, we would like to point out to users resident or domiciled in Switzerland that surveillance measures are in place in the USA by US authorities, which generally allow the storage of all personal data of all persons whose data has been transferred from Switzerland to the USA. This is done without differentiation, restriction or exception based on the objective pursued and without an objective criterion that would make it possible to restrict the US authorities’ access to the data and its subsequent use to very specific, strictly limited purposes that justify the interference associated with both access to this data and its use. We would also like to point out that there are no legal remedies available in the USA for data subjects from Switzerland that would allow them to gain access to the data concerning them and to obtain its correction or deletion, or that there is no effective legal protection against general access rights of US authorities. We explicitly draw the attention of data subjects to this legal and factual situation so that they can make an appropriately informed decision to consent to the use of their data.

We would like to point out to users residing in Switzerland that the USA does not have an adequate level of data protection from the Swiss perspective – partly due to the issues mentioned in this section. Insofar as we have explained in this privacy policy that recipients of data (such as Google) are based in the USA, we will ensure that your data is protected at an appropriate level by our partners through contractual arrangements with these companies and any additional appropriate safeguards that may be required to protect the rights of persons whose personal data is transferred to a third country.

6. Google Ads

This website uses Google Conversion Tracking. If you have reached our website via an advert placed by Google, Google Ads will set a cookie on your computer. The cookie for conversion tracking is set when a user clicks on an advert placed by Google. These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of our website and the cookie has not yet expired, we and Google can recognise that the user clicked on the ad and was redirected to this page. Each Google Ads customer receives a different cookie. Cookies can therefore not be tracked via the websites of Ads customers. The information collected using the conversion cookie is used to generate conversion statistics for Ads customers who have opted for conversion tracking. Customers are told the total number of users who clicked on their advert and were redirected to a page with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.

If you do not wish to participate in tracking, you can refuse the setting of a cookie required for this – for example, by setting your browser to generally deactivate the automatic setting of cookies or to set your browser to block cookies from the domain “googleleadservices.com”.

Please note that you may not delete the opt-out cookies as long as you do not wish measurement data to be recorded. If you have deleted all your cookies in the browser, you must set the respective opt-out cookie again.

7. Links to our social media appearances

We also use social media plug-ins, which are small pieces of software that create a connection between your visit to our website and a third-party provider. The social media plug-in tells the third-party provider that you have visited our website and may send the third-party provider cookies that the third-party provider has previously placed on your web browser. For more information about how these third-party providers use your personal data collected through their social media plug-ins, please see below.

There are links on the Website to our social media appearances on the following social networks:

– LinkedIn Corp, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA;

If you click on the corresponding icons of the social networks, you will automatically be redirected to our profile of the respective social network. In order to use the functions of the respective network there, you must partially log into your user account for the respective network.

When you open a link to one of our social media profiles, a direct connection is established between your browser and the server of the social network in question. This provides the network with the information that you have visited our website with your IP address and accessed the link. If you access a link to a network while logged into your account on the network in question, the content of our site may be linked to your profile on the network, i.e. the network may link your visit to our website directly to your user account. If you want to prevent this, you should log out before clicking on the relevant links. An assignment is made in any case when you log into the relevant network after clicking on the link.

We thereby receive data from you (e.g., when you communicate with me or comment on our content) and from the platforms (e.g., statistics). The providers of the platforms may analyze your usage and process this data together with other data they have about you. They also process this data for their own purposes (e.g., marketing and market research purposes and to manage their platforms), and act as their own data controllers for this purpose. For more information on processing by the platform operators, please refer to the privacy statements of the respective platforms.

If you click on one of these links, you thereby give your consent within the meaning of Art. 6 para. 1 lit. a GDPR to the following data processing.

8. Disclosure of data to third parties

Personal data is passed on for the purpose of providing and maintaining the functionalities of the websites.

We share your personal data with the following categories of recipients:

Service providers: We work with service providers in Switzerland who process data about you on our behalf or in joint responsibility with us, or who receive data about you from us in their own responsibility (e.g. IT providers and accounting). We agree on contracts with these third parties regarding the use and protection of personal data.

The central service provider in the IT area for us is JMC Software AG.

Central service provider in accounting is bexio AG (located in 8640 Rapperswil SG).

Authorities: we may disclose personal data to offices, courts and other authorities in Switzerland and abroad if we are legally obliged to do so. The authorities then process this data on their own responsibility.

Counterparties and persons involved: If necessary for the fulfillment of our contractual obligations, in particular for the management of the mandate, we will also disclose your personal data to counterparties and other involved persons (e.g. guarantors, financiers, affiliated companies, other law firms, respondents or experts, etc.).

Other persons: This refers to other cases where the inclusion of third parties results from the purposes according to section 3. This concerns, for example, delivery addressees or payment recipients specified by you, third parties in the context of agency relationships (e.g. your lawyer or your bank) or persons involved in official or legal proceedings. We may also disclose your personal data to our supervisory authority, in particular if this is necessary in individual cases to release you from our professional duty of confidentiality. If we cooperate with the media and provide them with material (e.g. photos), you may also be affected. In the course of business development, we may sell or acquire businesses, parts of businesses, assets or companies, or enter into partnerships, which may also result in the disclosure of data (including data about you, e.g. as a client or supplier or as their representative) to the persons involved in these transactions. Communications with our competitors, industry organizations, associations and other bodies may also involve the exchange of data relating to you.

All of these categories of recipients may in turn involve third parties, so that your data may also be made available to them. We can restrict the processing by certain third parties (e.g. IT providers), but not by other third parties (e.g. authorities).

9. Job application

If you apply for a job with us, we obtain and process the relevant data for the purpose of reviewing the application, conducting the application process and, in the case of successful applications, for the preparation and conclusion of a corresponding contract. For this purpose, in addition to your contact details and the information from the corresponding communication, we also process in particular the data contained in your application documents and the data as we can additionally obtain about you, for example from job-related social networks, the internet, the media and from references, if you consent to our obtaining references. Data processing in connection with the employment relationship is the subject of a separate privacy policy.

10. Right to information, deletion and correction

You can object to data processing at any time. You have the following rights:

Right to information: you have the right to request at any time, free of charge, to inspect your personal data stored by us, if we process them. This gives you the opportunity to check what personal data we process about you and that we use it in accordance with the applicable data protection regulations.

Right to rectification: you have the right to have inaccurate or incomplete personal data rectified and to be informed about the rectification. In this case, we will inform the recipients of the data concerned of the adjustments made, unless this is impossible or involves disproportionate effort.

Right to erasure: You have the right to have your personal data erased under certain circumstances. In individual cases, the right to erasure may be excluded.

Right to restriction of processing: you have the right, under certain circumstances, to request that the processing of your personal data be restricted.

Right to data portability: you have the right, under certain circumstances, to receive the personal data you have provided to me free of charge in a readable format.

Right to lodge a complaint with a supervisory authority: you have the right to lodge a complaint with a competent supervisory authority about the way in which your personal data is processed.

Right of revocation: You generally have the right to revoke any consent you have given at any time. However, processing activities based on your consent in the past will not become unlawful as a result of your revocation.

If you wish to exercise your rights, please contact us; you will find our contact details below. In order to exclude misuse, we need to identify you (e.g. with a copy of your ID, if necessary). Please note that conditions, exceptions or limitations apply to these rights (e.g., to protect third parties or trade secrets, or due to our professional duty of confidentiality). We reserve the right to black out copies or to provide only excerpts for reasons of data protection or confidentiality.

11. Retention periods

We will only retain your personal data for as long as necessary to provide you with services you have requested or for purposes for which you have given your consent.

Please note that certain data may be subject to special legal retention periods. This data must be stored by us until the end of the retention period. After that, business communication or concluded contracts, for example, must be stored for up to 10 years. We use them exclusively to fulfill our legal obligations.

12. Data Security

We protect your personal data with appropriate physical, electronic and procedural safeguards, including firewalls, personal passwords, encryption and authentication technologies. Where personal data is collected via the website in individual cases, transmission is encrypted using the most common and secure data transmission method currently available, SSL “Secure-Socket-Layer”.

In this context, please also note that data transmitted via an open network such as the Internet or an e-mail service is openly accessible. If you share personal data over an open network, you should be aware that third parties can access this data and collect and use it for their own purposes.

13. Contact

If you have any questions about data protection, if you would like information, or if you would like to request the deletion of your personal data, please contact us by email at lezzi@lezzilegal.ch. Alternatively, you can write to:

LezziLegal Dr.iur. Lukas Lezzi Postfach Etzelstrasse 3 8038 Zürich

LezziLegal has the following data protection representation pursuant to Art. 27 GDPR in the European Economic Area (EEA) including the European Union (EU) and the Principality of Liechtenstein as an additional point of contact for supervisory authorities and data subjects for inquiries related to the General Data Protection Regulation (GDPR):

VGS Datenschutzpartner UG Am Kaiserkai 69 20457 Hamburg Deutschland info@datenschutzpartner.eu

Date: August 31, 2023