Privacy Notice

Every day, we strive to cultivate an approach of transparency and respect towards our clients.

To this end, we commit to (among other things) processing your personal data in compliance with personal data protection principles. Our Privacy Notice sets out how we process personal data (our processing activities).

Just to make it clear, we of course abstain from selling any of your personal data to anyone.

Legal Light Sàrl, Avenue d’Ouchy 4, 1006 Lausanne, Switzerland, CH-550-1199902-5 (“Legal Light” or “we“), is responsible for all processing of your personal data (the “Data Controller”).

It may happen that we process your data jointly with another organization as a joint controller, in which case we will naturally inform you.

Feel free to contact your usual contact person with us or to write to hello@legal-light.ch or even write us at Legal Light Sàrl, Avenue d’Ouchy 4, 1006 Lausanne.

First, let’s clarify what we are talking about:

• Personal data is any information concerning an identified or identifiable natural person (cf. Swiss Federal Act on Data Protection (FADP)).
• Processing is any operation related to personal data, regardless of the means and processes used (e.g., collection, recording, storage, use, modification, communication, archiving, erasure, or destruction of data).

Systematically or on a case-by-case basis, depending on the situation, we process the following personal data:

• Identification data (e.g., first and last name, email and/or physical address, phone number)
• Personal characteristics (e.g., your date of birth)
• Professional data (e.g., your position, title, professional background, power of attorney)
• Financial information (e.g., your financial data and documents)
• Public institution identifiers (e.g., your passport, identity card, OASI (AVS) number, tax identification number)

We process your personal data if and only if it is necessary for the relevant processing activity, e.g., to identify you, to respond to your questions in the best possible way, or to provide the services you have requested.

We collect and process the personal data that you choose to provide us in connection with our Professional Relationship (see §6 below), e.g., via email, by uploading to a cloud storage space, or through a document transfer service.

You are solely responsible for the messages or content that you send to us in this way, and we recommend avoiding the transmission of sensitive information (broadly defined) via email.

We process your personal data on the following grounds:

• The performance of one or more contracts (see §6 below, our Professional Relationship).
• Your consent (see §11 ci-dessous).
• Compliance with our legal obligations.

In short, to serve you and fulfil the mandate you have entrusted to us.

We process your personal data in connection with our prospective professional relationship (if we are discussing a potential collaboration) and/or an existing professional relationship (if we have formalized a collaboration in a mandate); we call this a “Professional Relationship“.

More specifically, the main purposes of our processing activities are:

• Providing our services, i.e., everything we do because you have entrusted us with the responsibility to do so and we are contractually committed to carrying it out, which requires us to process your personal data
• Our administration, i.e., our communications, invoicing – yes, we aim to ensure the sustainability of Legal Light – and the improvement of our work processes
• Our marketing, i.e., even very limited, sometimes we may wish to share a newsletter or invite you to an event
• Our legal obligations (e.g., related to accounting, cooperation with public bodies or competent authorities).

Only our partners and employees have regular access to your data.

We are personally sensitive to data security and are also legally required to implement technical and organizational measures to ensure that we process your personal data securely.

Security involves ensuring the Confidentiality, Integrity, and Availability – C.I.A. – of your data, as well as its Traceability.

We are trained in law, not IT security; therefore, we quickly chose to focus our efforts on selecting a service provider (processor) to help us implement these security measures:

• We chose to work with Swisscom SA and adopted their IT solutions for SMEs; we use Microsoft 365 applications, hosted in Switzerland or the European Union
• Leaving the Microsoft 365 suite aside, Swisscom SA further hosts our data exclusively in Switzerland
• Swisscom’s privacy notice is available here.

In addition, we organized ourselves to implement the level of security we require and that you expect, e.g., by adjusting access rights and protecting files with passwords when necessary.

As a rule, no, concerning all our processing activities related to support and services that we offer and carry out directly.

Yes, in the following cases:

• If our services involve, with your agreement, communicating data to third parties as part of the service for which you have hired Legal Light Sàrl, e.g., to a public authority with which you must communicate, or one of your service providers.
• In the context of our accounting management, which we outsourced to a professional service provider; in this case, we share certain personal data with our accountant to enable them to perform their accounting work.

Our service provider is based in Switzerland and hosts its data in Switzerland. If you would like further details about this provider, we will gladly provide them (see §2 above).

Yes, we use:

• The invoicing and client management solution provided by Swiss21.org (see Swiss21.org Privacy Notice in French because it is not available in English).
• The Microsoft 365 solution, via Swisscom SA (see §8 above).

We serve you within the context of the mandate you chose to entrust to us. If we determine that our processing of your personal data requires your explicit and additional consent, we will inform you and invite you to provide it expressly and freely.

If applicable, you may withdraw your consent at any time as easily as you provided it. More broadly, you are also free to terminate your mandate at any time (404 I CO).

Naturally, keep in mind that withdrawing your consent – and even more so, terminating the mandate – will impact our ability to process the relevant personal data from the moment of withdrawal (not retroactively).

We retain your personal data for as long as necessary for the purposes for which we process it, in particular fulfilling the mandate you entrusted to us; meeting our legal obligations, e.g., maintaining our accounting / tax archives [1] or even a legitimate interest, e.g., an ongoing legal dispute.

If we only need the personal data to comply with our accounting / tax obligations, we will restrict access to it accordingly.

[1]: According to this regulation, commercial communications, contracts concluded and accounting documents must be kept for ten years after the end of the year in which they were last processed.

The website www.legal-light.ch includes a contact form, which is optional to use. If you submit a message, your data will be stored temporarily on our Swiss-based hosting provider’s servers. We implemented organizational and technical measures to delete this data within the quarter following our processing of your message.

Beyond this, we have chosen not to collect or analyze any personal data when you visit www.legal-light.ch. In particular, we do not collect:

• Personal information such as IP addresses, location, access time and date, or pages visited
• Cookies or similar tracking technologies, except for those strictly necessary for the website’s functionality (we neither store nor access such cookies)
• Usage logs when you view or click on content
• Personal data from other sources, such as social media
• Data from contact forms or newsletter subscriptions

If you contact us directly by email or phone, we will record your contact details so that we can respond and track our exchanges.

If you choose to visit our LinkedIn page, please note that the information you provide there is subject to LinkedIn’s privacy policy.

* * *

Final reminder: For any questions, you can contact us at the details provided in §2 above.