Privacy policy

Privacy policy

Dr. Eschmann Rechtsanwälte is an internationally oriented law firm for which the EU General Data Protection Regulation (GDPR) is important in addition to Swiss data protection regulations. We have aligned this privacy policy with the stricter standard of the GDPR. With this privacy policy, we would like to inform you about how we process personal data as part of our business activities and inform you about your rights.

1. The responsible persons

The person responsible for the processing of personal data within the meaning of data protection legislation


Dr. Stephan Eschmann, Attorney-at-Law, St. Peterstrasse 1, P.O. Box 2618, 8022 Zurich and Wolleraustrasse 31, 8834 Schindellegi;

Jigme Ribi, Attorney-at-Law, St. Peterstrasse 1, P.O. Box 2618, 8022 Zurich,

hereinafter: "Dr Eschmann Rechtsanwälte". References in this Privacy Policy to "we" or "us" are references to Dr. Eschmann Rechtsanwälte.


Dr. Eschmann Rechtsanwälte determines the purposes and means of the processing of your personal data and is therefore responsible for the processing and use of your personal data in accordance with this Privacy Policy.

2. Data protection officer

The data protection officer is Anil Akikol, Attorney-at-Law.

If you have any questions or concerns about this privacy policy or the processing of your personal data, please contact us at any time by sending an email to

3. Where do we obtain the personal data?

We primarily receive personal data directly from our clients or you as part of our client relationship. We may also receive or collect personal data from business partners or other third parties involved, such as counterparties, authorities, courts and their employees or other contact persons within the scope of the client relationship. We also collect some personal data ourselves, e.g. from public registers (e.g. debt collection and criminal registers) or websites.

4. Categories of personal data

The categories of personal data include in particular, but are not exhaustive:

  • Names and contact details (e.g. postal address, telephone number or e-mail address);
  • Information about the company you work for, your professional functions (position/title) and activities;
  • Identification and background information that you provide to us or that is collected from you when we open a mandate;
  • Financial and payment information;
  • Information which is disclosed to us by or on behalf of our clients or which we create as part of our services to clients;
  • Information provided to us for the purpose of attending meetings, seminars or events;
  • information in connection with documents and communications that we send to you electronically and
  • any other information relating to you that you provide to us.

5. Purpose of the collection of personal data

Where necessary, we process personal data in particular, but not exclusively, for the following purposes in which we (and third parties) have a legitimate interest corresponding to the purpose:

  • Communication purposes;
  • Assertion, enforcement and defence of legal claims in connection with legal disputes and official proceedings;
  • Preventing and investigating criminal offences and other misconduct (e.g. conducting internal investigations);
  • Transactions under company law and the associated transfer of personal data as well as business management measures;
  • Administration of companies;
  • Compliance with/fulfilment of legal, regulatory and risk management obligations;
  • Conducting audits relating to money laundering and conflicts of interest;
  • Maintaining business relationships with you and our clients;
  • Invoicing;
  • Measures for IT, building and asset security and protection of our employees, other persons and assets and documents entrusted to us;
  • Maintenance, provision and improvement of our website;
  • to provide and improve our services to you and our clients, including personal data of third parties that is disclosed to us or that we collect on behalf of our clients, for example as part of the client onboarding process and in our administrative and marketing processes;
  • Advertising our services.

6. On what legal basis do we process personal data about you?

The processing of the above-mentioned personal data is based on the following legal bases:

  • your consent, only if it can be revoked at any time,
  • for the fulfilment of a contract with you or for the intention of concluding a contract with you,
  • to fulfil a legal obligation (e.g. for tax reasons or for the purpose of legal investigations or proceedings) or
  • to protect our legitimate interests (e.g. protection and security of our services, systems, assets; compliance with legal, regulatory and contractual obligations; assertion, exercise or defence of legal claims; maintenance and efficient organisation of business operations; improvement and development of our services as well as sale and marketing of our services).


If the processing is based on your consent or our legitimate interests, you can withdraw your consent or object to this processing at any time by contacting us directly at Please note, however, that the withdrawal of your consent does not affect the lawfulness of processing based on consent before its withdrawal.

7. To whom do we pass on your personal data?

We take the necessary measures to ensure that only our authorised personnel and our auxiliary persons who have the necessary knowledge have access to your personal data in order to fulfil the purposes for which your personal data was collected.

We may disclose your personal data to the following possible categories of recipients in accordance with the purposes and legal bases of processing described above, insofar as this is necessary for the intended data processing:

  • Service providers who process the personal data on behalf of and on the instructions of Dr. Eschmann Rechtsanwälte (so-called processors such as in the area of IT, hosting, providers of translation services or document checks);
  • Auditing companies;
  • Banks;
  • Services provided by third parties to our clients with prior consent, e.g. other law firms;
  • For the purposes set out in this Privacy Policy and as necessary to courts, arbitration bodies, law enforcement agencies, regulators, government agencies, law enforcement agencies, lawyers and other parties.
  • We may also be required to disclose your personal data to comply with legal and regulatory requirements.


We select our partners and processors carefully and only if we have sufficient guarantees that they have suitable technical and organisational measures in place in accordance with the legal requirements. Our processors may only process personal data on our documented instructions. They are all subject to confidentiality requirements and may only use your personal data to the extent necessary to fulfil the purpose for which your personal data was collected, unless otherwise required by law.

8. Transfer of personal data to countries outside the EEA

The personal data collected via our website is stored in Switzerland. In addition, we may transfer, store and process your personal data at data locations around the world, e.g. where our third-party providers or partners are located. Therefore, we may transfer your personal data outside the European Economic Area (EEA) if this is necessary for the data processing described in this Privacy Policy in accordance with applicable law. 

Where data is transferred to countries that do not ensure an adequate level of protection, we ensure an adequate level of data protection by putting in place appropriate safeguards, such as contractual safeguards (e.g. based on EU standard clauses), based on binding corporate rules, the transfer of data in accordance with your explicit consent, for the conclusion or fulfilment of a contract with you or in connection with the establishment, exercise or enforcement of legal claims. For more information about our appropriate safeguards, please contact us by email at

9. How long do we keep information about you?

In principle, personal data is deleted as soon as it is no longer required to achieve the purpose for which it was collected, unless longer storage is necessary to fulfil legal obligations (e.g. storage and documentation obligations), contractual or pre-contractual obligations or our legitimate business interests (e.g. to assert, exercise or defend legal claims).

On this basis, we generally process personal data in compliance with the following rules and obligations:

  • The personal data automatically transmitted by you through the use of our portal for the purpose of displaying, operating and ensuring the functionality of the portal will be deleted within three to six months.
  • The personal data you transmit to us in connection with the use of our services and products offered on our portal or which you otherwise transmit to us via the e-mail contact address will generally be stored by us until you request us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your enquiry has been processed).
  • For contract-related personal data (including business documents and communications), we store personal data for as long as the contractual relationship exists and thereafter for a further ten years after termination of the contractual relationship, unless (i) a shorter or longer statutory retention obligation applies in individual cases, (ii) retention is required for reasons of proof or for another valid reason under applicable law, or (iii) deletion of the data is required earlier (e.g. because the data is no longer required or we have to delete the corresponding data).

10. Cookies and web analysis tools

We do not currently use cookies or web analysis tools on our website. However, we may use cookies at any time to optimise our offer. Cookies are text files that are stored on your computer and enable us to analyse the use of our website. You can configure your browser so that no cookies are stored on your computer or so that a message always appears before a cookie is installed. Complete deactivation of cookies may result in the website not functioning or not functioning fully. The data processed by cookies is required for the purposes mentioned to safeguard our legitimate interests.

11. No social media plug-ins/No newsletters for advertising purposes

We do not currently use any social media plug-ins on our website. We also do not currently send newsletters or emails for advertising purposes.

12. Contact form and e-mail contact

There is a contact form on our website that can be used to contact us electronically. If a user makes use of this option, the data entered in the input mask will be transmitted to us and stored. These data are First and last name, telephone, e-mail, your message, IP address, date and time of sending. Alternatively, you can contact us via the e-mail address provided. In this case, the personal data you send by e-mail will be stored. The processing of the personal data from the input mask or from the e-mail you send us serves us solely to process the contact. If the contact is aimed at the conclusion of a contract, the data processing is also necessary for the purpose of implementing pre-contractual measures and for the fulfilment and processing of the contract. In order to ensure compliance with our contractual and legal obligations (in particular with regard to retention and documentation obligations as an authorised lawyer), we require access to all user communication. Consequently, the personal data from the contact form or the personal data sent by e-mail will be deleted after ten years at the earliest. With regard to your rights, please refer to section 16 of this privacy policy.

13. No automated decisions including profiling with legal effect

We will not make any decision about you that is based solely on automated processing - including profiling - and which produces legal effects concerning you or similarly significantly affects you.

14. Safety

Dr. Eschmann Rechtsanwälte has implemented organisational and technical measures to safeguard the security of personal data and to protect it against unauthorised or unlawful processing, accidental loss, alteration, disclosure or access.

Dr. Eschmann Rechtsanwälte may use third parties as data processors to collect and process your personal data. The data processors engaged by us will only process your personal data in accordance with our instructions and are legally obliged to take strict security precautions when handling personal data.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. For this reason, you are always free to transmit your personal data to us by other means, e.g. by telephone. Once we have received your data, we apply strict procedures and stringent security measures to prevent unauthorised access.

15. Data protection declarations of third-party providers

Please note that if you click on the link to a third-party website (e.g. Google or social media or other websites), you will be redirected to a website that we do not control and our Privacy Policy will no longer apply. Your browsing and interaction on another website is subject to the terms of use and privacy policies and notices of those third party websites. Furthermore, we cannot guarantee the accuracy and timeliness of these links.

We recommend that you read the terms of use and the data protection declarations and notices of other websites carefully before you transmit personal data via this website. We are not responsible or liable for the information content and data processing of such third-party websites.

16. What are your rights?

You may request information from Dr. Eschmann Rechtsanwälte as to whether personal data concerning you is being processed. In addition, you have the right to request the rectification, erasure or restriction of personal data concerning you and to object to the processing of your personal data. If the processing is based on your consent or our legitimate interests, you can withdraw your consent or object to this processing at any time by contacting us directly by email at In certain cases, you have the right to receive personal data generated when using online services in a structured, common and machine-readable format, so that further use and transmission to any third-party provider is possible.

Enquiries in this regard should be addressed to Dr. Eschmann Rechtsanwälte via the following e-mail address: Dr Eschmann Rechtsanwälte reserves the right to restrict your rights within the framework of applicable law and, for example, not to disclose comprehensive information or to delete personal data.

If we reject your request or you are not satisfied with our processing, you are also entitled to lodge a complaint with the competent supervisory authority and to lodge an appeal with the competent authority. For users based in Switzerland, the competent authority is the Federal Data Protection and Information Commissioner (FDPIC) ( For users based in EU countries, you can find a list of supervisory authorities at .

17. Changes to the privacy policy

Dr. Eschmann Rechtsanwälte reserves the right to amend, supplement or otherwise change this personal data protection declaration at any time and without giving reasons. The current personal data protection declaration as published on the portal shall apply.