Privacy Policy

1. Privacy at LegalForCode - Overview

The confidential and professional handling of your data is a fundamental concern for LegalForCode. This Privacy Policy informs you comprehensively and transparently about what types of data we collect for what purposes, how we process this data, and what rights you have as a data subject. We are committed to complying with all applicable data protection regulations and to protecting your privacy.

For the data protection terms used in this statement, the definitions of the Swiss Data Protection Act (DPA) and the General Data Protection Regulation (GDPR) apply where applicable.

2. Responsibility and Contact Information

The entity responsible for the processing of personal data in connection with our IT legal services is:

LegalForCode
Gerbergasse 32
8001 Zurich
Switzerland

Email: info@LegalForCode.com
Phone: +41 44 567 39 21

3. Collected Data and Collection Methods

  • Contact and identification data (name, address, phone number, email)
  • Company-related data (industry, number of employees, business structure)
  • Legal and business information (licensing structures, intellectual property portfolio, compliance status)
  • Contract data and payment information
  • Communication data (email correspondence, notes from consultation sessions)
  • Usage data from our website (IP address, browser type, access times)
  • Feedback and evaluation data (with your consent)

4. Purposes of Data Processing

  • Implementation and individual adaptation of our IT legal services
  • Contract processing and invoicing
  • Communication on project topics and scheduling
  • Quality assurance and improvement of our services
  • Sending professional information and event notices (only with your consent)
  • Fulfillment of statutory retention obligations
  • Protection of our IT systems against misuse and security threats

5. Legal Basis for Data Processing

The processing of your personal data is based on the following legal grounds:

  • Performance of a contract and pre-contractual measures (Art. 6 para. 1 lit. b GDPR)
  • Compliance with legal obligations (Art. 6 para. 1 lit. c GDPR)
  • Legitimate interests (Art. 6 para. 1 lit. f GDPR)
  • Your explicit consent (Art. 6 para. 1 lit. a GDPR)

Corresponding provisions of the Swiss DPA and other applicable Swiss data protection laws also apply.

6. GDPR Compliance and Special Protection Measures

As a company with clients from the EU, LegalForCode is committed to full compliance with the General Data Protection Regulation (GDPR). This means in particular:

  • We process personal data only in a lawful, fair, and transparent manner
  • We collect data only for specific, explicit, and legitimate purposes
  • We limit data collection to what is necessary for the purposes of processing (data minimization)
  • We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk
  • We conduct data protection impact assessments when required
  • We ensure that all employees are adequately trained and have signed confidentiality agreements

In the event of data protection breaches that are likely to pose a risk to the rights and freedoms of natural persons, we will inform the competent supervisory authority within 72 hours and notify the affected persons immediately if there is a high risk.

For the transfer of personal data to countries outside the EU/EEA, we ensure that appropriate guarantees are in place, e.g., through EU standard contractual clauses or adequacy decisions of the EU Commission.

7. Data Security Measures

To protect your personal data, we have implemented extensive technical and organizational measures, including:

  • Encrypted data transmission (SSL/TLS)
  • Access restrictions and authentication procedures
  • Regular security audits and system updates
  • Data backup systems and emergency concepts
  • Physical security measures for our IT infrastructure
  • Awareness raising and regular training of our employees

8. Storage Duration and Deletion Concept

We store your personal data only for as long as necessary for the purposes for which it was collected or as required by statutory retention obligations. After these periods expire, your data will be securely and completely deleted or anonymized.

Contract data is typically retained for the duration of the business relationship plus 10 years to comply with our legal retention obligations. Communication data is typically deleted 3 years after the last contact, unless longer retention is required.

9. Your Rights as a Data Subject

As a data subject, you have the following rights:

  • Right to information about the data stored about you
  • Right to rectification of inaccurate or incomplete data
  • Right to erasure ("right to be forgotten")
  • Right to restriction of processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent given, with effect for the future
  • Right to lodge a complaint with the competent supervisory authority

To exercise your rights, please contact us using the contact details provided above.

10. Disclosure of Data to Third Parties

We disclose your personal data to third parties only in the following cases:

  • To service providers acting on our behalf and according to our instructions (processors)
  • To external consultants who are contractually obligated to maintain confidentiality
  • When there is a legal obligation to disclose data
  • When you have expressly consented

All processors have been carefully selected and are contractually obligated to comply with data protection regulations.

11. Updates to the Privacy Policy

We reserve the right to update this Privacy Policy as needed to adapt it to changed legal situations or changes in our data processing activities. The current version is always available on our website.

We recommend that you regularly review this Privacy Policy to stay informed about changes. In the event of significant changes, we will inform you in an appropriate manner.

Last update: April 2025