Bright Law AG, Bundesplatz 9, 6302 Zug, (hereinafter referred to as “Bright Law AG“, “we“ or “us“) informs with this privacy notice how and why we collect, use, disclose and otherwise process personal data and what your associated rights are. We protect the confidentiality and security of the personal data that we collect or receive in the course of our business activities. The personal data is processed in accordance with the Swiss Federal Act on Data Protection and, where applicable, the EU General Data Protection Regulation. This is not necessarily an exhaustive description; other privacy notices, individual notices or information may apply to specific matters.

1. Data controller

Bright Law AG is responsible for the processing of your personal data that we collect or receive in our business activities or process for other purposes, as defined in this Privacy Policy. For concerns about data protection, you can contact us using the following contact details:

Bright Law AG 
Philip Oehen 
Bundesplatz 9,
6302 Zug 

p.oehen@brightlaw.ch
Tel: +41 41 555 40 80

2. Collection and processing of personal data

In the course of our business activities, we collect and process personal data about existing and prospective clients, related persons, counterparties, authorities, courts, third parties and other persons as well as their representatives, beneficial owners and (former) employees. Moreover, we collect and process personal data when you offer us services or products, when we examine your products or services and in general, whenever you ask us for or supply us with information.

The type of personal data that we collect includes, for example, names and contact data (such as postal address, e-mail address and telephone number), nationality, business sectors of interest, employment history and all kinds of information from correspondence, contacts and interactions with us. We also process all kinds of information disclosed to or collected by us in relation to our services. Such information may exceptionally include sensitive personal data. Whenever necessary, we will seek your consent before processing sensitive personal data.

Finally our website server temporarily saves information about your use of our website. Such information includes, among other things, the IP address, date and time of access, the name and URL of the file opened, the website from which the access is made, the browser used (including the version), the operating system (including the version) of the computer used and the name of the user’s access provider.

3. Purpose and basis of the data processing

We may process personal data in accordance with applicable data protection law for the following purposes and, if necessary under applicable data protection law, on the basis of the following legal bases:

For the performance of contracts: We process personal data in connection with the conclusion and performance of contracts with our clients and business partners, in particular in the context of providing legal services to our clients and the procurement of products and services from our suppliers and subcontractors (e.g., foreign and domestic law firms or experts), as well as in order to comply with our legal obligations relating thereto. You may be affected by our data processing in your capacity as an employee of a client or business partner. The purposes of data processing and any further data protection information may be found in the respective contracts, terms and conditions and/or other applicable terms.

To fulfill legal obligations: We process personal data in order to comply with our legal or regulatory obligations. Processing purposes include, but are not limited to documenting compliance with legal and regulatory requirements.

To safeguard legitimate interests: We process personal data for the following purposes if this is necessary to protect the legitimate interests of us or of third parties or to protect legitimate public interests:

providing and developing our products, services and websites, applications and other platforms, on which we are active;
communication with third parties and the processing of their requests (e.g., job applications);
advertising and marketing (including organizing events), provided that you have not objected to the use of your data for this purpose;
asserting legal claims and defense in legal disputes and official proceedings;
prevention and investigation of criminal offences and other misconduct (e.g., conducting internal investigations);
ensuring our business operations, including our IT, our websites, apps and other appliances;
video surveillance to protect the domiciliary rights and other measures to ensure the safety of our premises and facilities as well as protection of our employees and other individuals and assets owned by or entrusted to us (such as e.g. network and mail scanners, telephone recordings);
possible corporate transactions and the transfer of personal data related thereto as well as measures for business management and compliance with legal and regulatory obligations as well as internal regulations of Homburger.

With your consent: If you have given us consent to process your personal data for certain purposes, we process your personal data within the scope of and based on this consent, unless we have another legal basis and we require such a basis. Consent given can be revoked at any time, but this has no effect on data processing that has already taken place.

4. Cookies and Tracking

Cookies are small text files that are downloaded to your device by visiting our website. Cookies (including third party cookies such as tracking technologies provided by Google Analytics) are in particular used to improve the website or for general marketing purposes by providing information on interaction of unique browser-device pairs with the website (such as number of sessions and time spent); statistical information on interaction with the website (including referrals thereto, popularity of certain content, accessing users' categories, markets, regions, languages, demographics, browser and device types and similar information); or statistical information on interaction with our marketing emails (such as if they have been opened or forwarded or links have been clicked on).

Third-party service providers such as Google may track your use of our website, combine this information with information from other websites you have visited (and which they also track) and use such combined information for their own purposes. If you have registered with the respective service providers, they may be able to identify you. In these instances, their processing of your Personal Data will be governed by their privacy policies (to see how Google uses your Personal Data when you use our website, please refer here).

You may change your browser settings to delete and block cookies (or to deactivate Google Analytics alternatively download and install the browser add-on from Google available here).

5. Disclosure of personal data

We may disclose personal data to the following categories of recipients:

Clients, their affiliates, opposing parties, transaction parties and other persons involved in matters and proceedings we are working on;
Courts, arbitral tribunals, public authorities, regulatory bodies, self-regulatory bodies;
Business partners, service providers and suppliers we work with (e.g., other lawyers and law firms, experts, banks, insurance companies), who may act as independent data controllers or process personal data for our own purposes (e.g., providers of cloud and other IT services);
The public, including users of our websites and social media;
Competitors, industry organizations, associations, organizations and other bodies.

6. Transfer of personal data abroad

We generally process your personal data in Switzerland. Our cloud servers are located in Switzerland, too. Certain of our service providers send personal data to EU Member States (particularly the Netherlands or Ireland) or the USA or gain access to personal data in those countries for support purposes. EU Member States offer an adequate level of data protection. To ensure continued protection of your personal data when transmitted to the USA, we enter into EU standard contract clauses with the recipients (including the Swiss Annex).

We may exceptionally also send personal data to other countries, if you instruct us to do so or if it is necessary in order to determine, exercise or enforce your claims or ours. If such third parties are based outside Switzerland, the United Kingdom or the EU, we will only share your information on a basis that provides adequate data protection.

7. Data security

We take appropriate technical and organizational security measures to protect your personal data from unauthorized access and misuse, such as the issuance of warnings, training, IT and network security solutions, access controls and restrictions, encryption of data media and transmissions, pseudonymization, controls.

8. Duration of the storage of personal data

We will store your personal data as long as necessary for the purposes for which it is processed. We also store your personal data to comply with our various statutory and regulatory obligations of documentation and record-keeping (e.g. clients’ personal data is stored for ten years after the end of our mandate), as long as claims can be asserted against us or as long as required by our legitimate interests, particularly the security of our data.

9. Rechte der betroffenen Person

You may be entitled to the following rights:

You can request information about your personal data and certain aspects of the processing;
You can request rectification of your personal data;
You can request erasure of your personal data;
You can request limitation of the processing of your personal data;
You can object to the processing of your personal data;
You can request that your personal data be released or transferred to you or to another data controller in a machine-readable format.

If you have consented to the collection, processing or disclosure of your personal data for a certain purpose, you can revoke your consent at any time. Upon receiving notice of the revocation of your consent, we will cease processing your personal data, unless there is another legitimate interest in doing so.

Please note that the granting of such rights may sometimes be refused or restricted for legal reasons or based on the applicable data protection law. We will inform you of the grounds for our decision to the extent permitted or required by law.

In general, you will not have to pay a fee to exercise any of your rights. However, we may charge a fee for access to your personal data if applicable data protection law allows us to do so, in which case we will inform you.

In order to exercise these rights, please contact us at the addresses provided in Section 1 above.

You have the right to enforce your claims in court or to file a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (EDÖB).

10. Modification of the privacy notice

We reserve the right to amend this privacy notice at any time without prior notice. The current version published on our website shall apply.

Änderungsdatum:
May 6, 2025