1. WHAT IS THE CONTENT OF THIS DATA PROTECTION NOTICE?

CSNLaw® (hereinafter "CSNLaw®" or "we") is a law and notary firm based in Lugano.

With this Data Protection Notice, we would like to explain to you how CSNLaw® processes your personal data, and best in accordance with the principles prescribed by the regulations applicable in the individual case, in particular with the Federal Data Protection Act of 09/25/2020 (DPA), effective as of 09/1/2023, and the European Regulation No. 2016/679 (General Data Protection Regulation or GDPR).

Please read this Policy carefully before providing us with your personal information.

As part of our professional activities, we collect and process personal data, especially data related to our clients, related people, counterparts, courts and authorities, affiliated law firms, professional associations and other organizations, visitors to our website, etc.

If you provide us with personal data about other people (e.g., members of your family, legal representatives, or other related people), we assume that you are authorized to do so, that these data are correct, and that, to the extent specifically necessary, you have ensured that these people are informed of your disclosure to us.

In this Notice, personal data means any information that identifies or can reasonably be used to identify a natural person concerned; processing, on the other hand, means any operation relating to personal data, namely the collection, recording, storage, use, modification, communication, communication, archiving, deletion, or destruction of data, whether on paper, or electronically.

The personal data you provide to us are processed using appropriate and proportional technical and organizational tools in paper, electronic and/or telematic form, in such a way as to ensure their confidentiality. Specific security measures are observed to prevent the loss, unlawful, unauthorized, or incorrect use of processed personal data.

2. WHO IS THE CONTROLLER OF YOUR PERSONAL DATA?

The controller of your personal data is CSNLaw® studio legale e notarile degli avv. Claudio Simonetti, Daniele Calvarese, Francesco Naef e Costantino Castelli, Via Nassa 21, 6901 Lugano, info@csnlaw.com, 091/913 84 60; you can contact us if you have any questions regarding the processing of your personal data or its protection.

3. OBJECT AND PURPOSE OF THE PROCESSING OF YOUR PERSONAL DATA

When you use our services, browse www.csnlaw.com (hereafter referred to as the "Website") or contact us in any other way, we collect and process different categories of personal data. We generally do this for the following purposes:

- Communication: we process personal data in order to be able to communicate with you or third parties, e.g., litigants, courts, or authorities (e.g., to respond to requests in the context of legal advice and representation and the preparation or execution of contracts) and this via e-mail, phone, letter, or in any other way.

- Preparation and conclusion of contracts: for the purpose of concluding a contract, particularly the mandate you give us, which also includes clarifying any conflicts of interest; in this context we may collect in particular your name, contact details, powers of attorney, information about third parties (e.g., contact people, information about your company and its activities, etc.), information about the content of the contract, the date of contracting, creditworthiness information, and any other data that you make available to us or that we collect from public sources or third parties (e.g., Commercial Registry, Criminal Records, media, legal protection insurance, or on the Internet).

- Contract management and execution: we collect and process personal data to fulfill our contractual obligations to our clients and other contractual partners (e.g., service providers, affiliated law firms, etc.) and to provide and benefit from contractual services. This also includes the processing of personal data for the management of mandates (e.g., legal advice and representation of our clients before courts and authorities), as well as the processing of data for contract performance, accounting, and public communication (if authorized). To this end, we process data we receive or have collected during pre-contractual procedures, contract conclusion and execution, which we collect from public sources or third parties (e.g., courts, authorities, adverse parties, media, on the Internet). This data may include, in particular, reports of interviews and consultations, notes, internal and external correspondence, contract documents, documents that we prepare and receive in the course of proceedings before courts and authorities (e.g., documents relating to complaints, petitions, appeals or appeals, judgments and decisions), general information about you, the other party, and other people, as well as other information related to the mandate, invoices, and financial and payment information.

- Operation of our site: to make our website work securely and stably, we collect technical data such as IP address, information about the operating system and browser used, the duration/frequency of visits, etc. We also use cookies and similar technologies. For more information, please click here.

- Compliance with laws, regulations and recommendations of authorities and internal regulations ("compliance"): we collect and process personal data in order to comply with applicable laws (e.g., the Federal Anti-Money Laundering Act, tax laws, rules of ethics), self-regulations, certifications, industry standards, our "corporate governance," as well as for internal and external investigations in which we are a party (to the proceedings), e.g., by a criminal or supervisory authority, or a mandated private entity.

- Applying for a position: if you apply for a position with our company, we collect and process relevant data in order to examine your application, conduct the selection procedure and, if appropriate, prepare and conclude the relevant contract. For this purpose, we process not only your contact data and the information contained in the corresponding communication, but also and especially the personal data contained in your application file, as well as additional data that we may obtain about you, e.g. from professional social networks, Internet, media, and references.

4. TO WHOM ARE YOUR PERSONAL DATA TRANSMITTED?

In connection with the purposes stated in Section 3, we transmit your personal data specifically to the categories of recipients listed below. If necessary, we will seek your consent or release from professional secrecy from the relevant supervisory authority to transmit your personal data to other categories of recipients.

- Service Providers: we work with service providers in Switzerland and abroad who (i) process on our behalf, (ii) in cooperation with us or (iii) under their responsibility - data they have received from us or collected on our behalf. These service providers include, for example, IT service providers, banks, insurance companies, debt collection agencies, financial information companies, and consulting firms. As a rule, we enter into agreements with these third parties regarding the use and protection of personal data.

- Authorities and courts: we may transmit personal data to offices, courts, and other authorities in Switzerland and abroad if this is necessary for the fulfilment of our contractual obligations, in particular for mandate management, or if we are legally obliged or authorized to do so, or if it appears necessary to safeguard our interests. These recipients process the data under their own responsibility.

- Counterparties and other people involved: to the extent that this is necessary for the fulfilment of our contractual obligations, for the management of the mandate, we also transmit your personal data to counterparties and other people involved (related companies, other law firms, arbitrators, or experts, etc.).

- Other people: these are other cases in which the involvement of third parties arises from the purposes set out in section 3. For example, of the recipients of deliveries or recipients of payments indicated by you, third parties in the context of representation relationships (e.g. your lawyer or your bank), or people involved in administrative or legal proceedings. We may also transmit your personal data to our supervisory authority, particularly if this is necessary to release us from our duty of professional secrecy in a particular case

All these categories of recipients may in turn use third parties, so your data may also be accessible to them. We may restrict processing by some third parties (e.g., IT service providers), but not others (authorities, banks, etc.). To the extent that we are not decisively involved in such data collection, these third parties are solely responsible for it. If you have any concerns or wish to assert your data protection rights, please contact these third parties directly (see section 6 for your rights).

5. WILL YOUR PERSONAL DATA ALSO BE TRANSFERRED ABROAD?

We process and store personal data primarily in Switzerland and the European Economic Area (EEA), but also potentially - for example, in the context of proceedings before foreign authorities or courts - in any country in the world. In the context of our activities on behalf of clients, your personal data may also be transferred to any country in the world.

If a recipient is in a country that does not have adequate data protection, that recipient is contractually obligated to us to comply with an adequate level of data protection, to the extent that this same recipient is not already subject to a legally recognized set of rules to ensure data protection. We may also disclose personal data to a country that does not have adequate protection, without entering a specific contract, if we can rely on a legal basis that provides an exception in this regard. This exception may apply particularly in the case of legal proceedings abroad, but also in the case of overriding public interest or when the performance of a contract requires such disclosure in your interest (e.g., when we disclose data to a third party), if you have given your consent or if it is not possible to obtain your consent within a reasonable period of time, and if the disclosure is necessary to protect your life or physical integrity, or that of a third party, or if the data in question have been made generally accessible by you and you have not refused their processing.

6. WHAT ARE YOUR RIGHTS REGARDING THE PERSONAL DATA PROCESSED?

In relation to the processing of your personal data by us, you have several rights in accordance with the applicable legislation, and thus you can in particular: request information about the processing of your personal data, have inaccurate data corrected, request deletion of data, oppose to the processing of data, request that certain personal data be provided in a current digital format or transferred to other data controllers.

If you wish to exercise your rights against us, please contact us using the details provided in Section 2. In order to rule out any abuse, we need to identify you (e.g., with a copy of your ID card, if necessary).

Please note that conditions, exceptions, or restrictions apply to these rights (e.g., to protect third parties or trade secrets or the obligation of professional secrecy). We reserve the right to review documents or provide only some excerpt.

7. CAN THIS DATA PROTECTION NOTICE BE CHANGED?

This data protection notice does not form the basis of a contractual relationship or form part of any mandate entered with CSNLaw®. Therefore, we may change it at any time. The version published on our website is the one currently in effect.