NKF Data Protection Policy
1. NKF collects personal data from the client. As the controller, NKF processes the personal data in accordance with the provisions of the Federal Act on Data Protection (“FADP”) and the General Data Protection Regulation (“GDPR”), as amended from time to time (jointly referred to as “Regulation”). This Data Protection Policy describes how NKF processes the personal data that we have collected from the client.
2. As part of its advisory activities, NKF processes the following personal data: (i) contact details: First and last name, e-mail address, address, telephone numbers, position, associated company/office; (ii) consultancy data: contents of enquiries, advisory communications, documents, memos; and (iii) engagement data: consultancy documentation, performance records, statements of account.
3. NKF processes the client’s personal data for purposes of the establishment and performance of the client relationship and fulfilling legal requirements. NKF also processes the personal data in order to inform the client about current legal developments, news about NKF or NKF events. Further, we process personal data which we receive from correspondence with third parties (e.g. counterparties, authorities, courts and their employees). The legal basis for the processing is Art. 6 para. 1 lit. b, c and f GDPR as well as the corresponding provisions of the DPA.
4. In order to achieve the purposes described in this Data Protection Policy, it may be necessary for us to disclose personal data to the following categories of recipients: external service providers, counterparties and their legal representatives, business partners with whom we may need to coordinate the provision of legal services, as well as authorities and courts.
5. We store personal data only for as long as is necessary to process the client relationship, for as long as there is a legal obligation to retain and document the data, or for as long as we have an overriding private or public interest in doing so.
6. The rights listed below may be restricted by the client attorney privilege. Provided there is no conflict with the client attorney privilege, the client has the following rights:
- a) the client has the right at any time to request information about any personal data that we process from the client;
- b) if personal data are inaccurate or incomplete, the client has the right to rectification and integration;
- c) the client can demand the deletion of his personal data at any time, unless NKF is legally obliged or entitled to further process the personal data;
- d) in the case of legal requirements, the client may request a limitation of the processing of his personal data;
- e) the client has the right to object to the processing if the data is processed for the purpose of profiling. If the processing is based on a balancing of interests, the client may object to the processing by stating reasons resulting from the particular situation;
- f) if data processing is carried out on the basis of consent or within the framework of a contract, the client has the right to data portability of the data furnished by the client, provided that this does not impair the rights and freedoms of other persons;
- g) if NKF processes the personal data on the basis of a consent, the client has the right at any time to revoke this consent with effect for the future. The processing carried out before a revocation remains unaffected by the revocation;
- h) the client also has the right to lodge a complaint with a data protection supervisory authority at any time if he is of the opinion that data processing has taken place in violation of applicable law
7. Generally all personal data from the client is processed and archived in Switzerland. In exceptional cases (see section 4 of the provisions of the Engagement Letter) personal data can be disclosed to external IT providers which are based in the UK or USA. In such events NKF has implemented the necessary measures, i.e. has concluded the EU Standard Contractual Clauses and/or other appropriate measures.
8. Further details regarding the processing of personal data can be found on our website. Moreover, the provisions in the Engagement Letter apply.
9. The client can contact firstname.lastname@example.org at any time with questions regarding data protection law. The representative in the EU is: VGS Datenschutzpartner GmbH, Am Kaiserkai 69, 20457 Hamburg, Germany, email@example.com.