Privacy Declaration

  1. We process personal data (data that directly or indirectly identifies natural persons) that we receive from you or involved third parties within the scope of the client relationship or that we collect ourselves. Blesi & Papa is responsible for the processing of personal data as described in this privacy policy.
  2. Some of the personal data you or the data subjects provide to us yourself when you or they contact us by email or telephone and request our services. This includes, for example, name and contact details and information about the data subject's role with the company or organisation for which you or the relevant contact person works or on whose behalf you or they contact us. We also process personal data that we receive in our correspondence with third parties (namely clients, counterparties, authorities and courts and their employees or other contact persons) in the context of the attorney-client relationship (e.g. name, contact details, date of birth, information on employment, income situation, family relationships or state of health). We also collect some personal data ourselves, e.g. from public registers or websites.
  3. We process the aforementioned types of personal data primarily in order to provide, document and bill our legal services.
  4. In addition, we process the contact details of clients or their staff or other contacts for marketing purposes to inform them about publications, events, news or services that may be of interest.
  5. In order to achieve the purposes described in this privacy statement, it may be necessary for us to disclose personal data to the following categories of recipients: External service providers, clients, counterparties and their legal representatives, business partners with whom we may need to coordinate the provision of legal services, and public authorities and courts.
  6. We process personal data in our area of responsibility in Switzerland. However, we may transfer the personal data to recipients (namely clients, counterparties or authorities) who in turn process the personal data in other countries, including those that do not guarantee a level of data protection comparable to Swiss law. We will do the latter based on consent or standard contractual clauses, or if it is necessary for the performance of a contract or the enforcement of legal claims.
  7. We only store personal data for as long as is necessary to process the mandate, for as long as there is a legal obligation to retain and document the data or for as long as we have an overriding private or public interest in doing so. We take reasonable and proportionate precautions to protect personal data from loss, unauthorised modification or unauthorised access by third parties. If you provide us with personal data via a third party (e.g. via your employees or other contacts), it is up to you to inform them in a general way about the processing by legal service providers (such as us) or other external service providers (e.g. in a privacy policy for employees).
  8. We would like to point out that we use external IT service providers and cloud providers with servers in Switzerland to manage our mandates. We then use certain IT services as well as means of communication which may be associated with data security risks (e.g. e-mail, video conferencing). It is your responsibility to inform us of your desire for special security measures.
  9. We have a legitimate interest in the processing of the personal data corresponding to the aforementioned purposes. Some processing is also necessary so that we can fulfil our contractual obligations to you or our legal obligations (e.g. retention obligations).
  10. In particular, data subjects have the right to information about the personal data stored about them and the purpose of the data processing, the right to rectification as well as to deletion or restriction of the processing of their personal data, the right to object to the processing, the right to take legal action before a competent supervisory authority as well as to data transmission/transferability. However, please note that conditions and exceptions apply to these rights. Where legally permitted or required, we may refuse requests to exercise these rights. For example, we may or must retain or otherwise continue to process personal data despite a request to delete the personal data or restrict processing for legal reasons.
  11. No consent to the privacy policy is required from the client, their employees or other contact persons. The data protection declaration is merely information about the nature, scope and purpose of the use of personal data by Blesi & Papa. Blesi & Papa reserves the right to unilaterally change the content of the aforementioned data protection declaration at any time and without notice. It is therefore recommended that you consult Blesi & Papa's privacy policy regularly on our website.
  12. If you have any questions or if you or your employees or other contact persons would like to exercise your or their data protection rights, please contact us at or by post.