Privacy policy
Information on the processing of personal data by GWK LAW AG
As a law firm, GWK LAW AG, Gutenbergstrasse 14, P.O. Box, CH-3001 Bern, Switzerland (hereinafter “we”) necessarily processes your personal data. We process your personal data in accordance with the provisions of the Swiss Data Protection Act (hereinafter “DSG”) and strictly adhere to our duty of confidentiality. Unless otherwise notified, we process your personal data as the data controller. We implement technical and organisational security measures to adequately protect personal data against unauthorised access, manipulation, loss and deletion, and review these measures regularly. This privacy policy describes how we process and use the personal data collected from you.
1. What personal data do we collect?
‘Personal data’ is information that relates to you or that we can otherwise link to you. The personal data we collect includes the following details: Company name, first name and surname, title, registered office, postal address, email address, telephone and fax numbers, date of birth, bank details, information regarding employment status, income, family circumstances, state of health, ongoing criminal, civil and administrative proceedings, and all information that you disclose to us or that we otherwise obtain in accordance with section 2.
When accessing our websites, the following data is stored in log files: IP address, date, time, browser request and general information transmitted to the operating system or browser. These server log data are stored for a maximum of 30 days and then automatically deleted, unless they need to be retained for longer to defend against a specific attack or for fault diagnosis.
If clients provide us with personal data via a third party (e.g. via their employees or other contact persons), it is the client’s responsibility to inform them in general terms about the processing by legal service providers (such as us) or other external service providers (e.g. in a privacy policy for employees).
2. How do we process your personal data?
We collect personal data that you have voluntarily provided to us, for example: (i) when you contact us; (ii) when you instruct third parties to provide us with information; (iii) when you ask us to send you communications or newsletters; (iv) when we receive or collect such data ourselves in the course of our client relationship with clients or involved third parties. In general, we also collect personal data from publicly available sources as well as from counterparties, authorities, courts and other involved third parties.
When you visit our websites, technically necessary cookies may be used (see section 5). For analytical purposes (Google Analytics), we seek your explicit consent.
3. For what purpose do we process your personal data?
We require your personal data primarily to provide, document and invoice legal services, as well as to (i) comply with our legal obligations; (ii) administer the websites; (iii) conclude or fulfil contracts; (iv) to pass on data to corresponding lawyers; (v) in connection with lectures, teaching activities and publications; (vi) contractual obligations; (vii) the legitimate interests of GWK LAW AG; and (viii) to send you newsletters and other information, provided you have given your express consent (opt-in).
In the context of fulfilling the mandate, GWK LAW AG has an overriding legitimate interest in the processing of personal data, which justifies such processing (Art. 31(2)(a) DSG).
4. To whom do we disclose your information?
In order to achieve the purposes described in this privacy policy, it may be necessary for us to disclose personal data to the following categories of recipients: external service providers, clients, counterparties and their legal representatives, business partners, IT service providers, correspondent lawyers, as well as public authorities and courts.
Where personal data is disclosed to recipients abroad (in particular to the USA), the transfer is based on the EU-US Data Privacy Framework (DPF), on the European Commission’s Standard Data Protection Clauses (Art. 16(2)(d) DSG) or on other appropriate safeguards in accordance with Art. 16 DSG. Upon request, we will inform you of the safeguards applicable in individual cases
5. How do we use cookies?
Cookies are used on our websites. Cookies are small text files that are stored on the website visitor’s device.
We distinguish between the following categories: (a) Technically necessary cookies: required for the operation of the website; no consent required. (b) Analytical cookies (optional cookies): enable statistical analysis (e.g. Google Analytics); for this, we seek your explicit consent, which you may withdraw at any time.
You can configure your browser to be notified when cookies are set, to allow cookies only on a case-by-case basis, or to block them generally. However, disabling cookies may impair the functionality of our websites.
6. External links and social media
The website contains links to third-party websites, goods and services. Information collected by third parties is subject to their respective privacy policies. We have no influence over how these companies comply with data protection requirements.
6.1 Instagram
A link to our Instagram profile is embedded on our website. This is a simple hyperlink; a connection to Meta’s servers is only established when you actively click on the link. The privacy policy of Meta Platforms Ireland Limited (https://privacycenter.instagram.com/policy) applies.
6.2 LinkedIn
Links to our LinkedIn profiles are embedded on our website. These are simple hyperlinks; a connection to LinkedIn’s servers is only established when you actively click on the link. The privacy policy of LinkedIn Ireland Unlimited Company (https://www.linkedin.com/legal/privacy-policy) applies.
7. Google Maps
Google Maps is integrated into this website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. When you visit the site, data (including your IP address) is transmitted to Google. The transfer of data to the USA is based on the EU-US Data Privacy Framework (DPF) and standard data protection clauses (Art. 16(2)(d) DSG). Further information: https://policies.google.com/privacy
8. Why do we process your personal data and on what legal basis?
We process your personal data on the following legal bases:
(a) Performance of a contract (Art. 31(2)(a) DSG): Processing to fulfil a contractual relationship.
(b) Legal obligation (Art. 31(2)(a) DSG): Retention obligations, duties of care under the BGFA.
(c) Overriding legitimate interests (Art. 31(1) DSG): Communication, website administration, assertion of legal claims.
(d) Consent (Art. 31(1) DSG): For optional services such as Google Analytics and the sending of newsletters. You may withdraw your consent at any time by emailing [email protected] or via the unsubscribe link in the newsletter.
9. How long do we retain your personal data?
We process and store your personal data for as long as is necessary to fulfil our contractual and legal obligations or the purposes set out in section 3. We store personal data for the duration of our entire business relationship and, thereafter, generally for ten years.
The following provisions, among others, apply: Art. 11 KAG BE (file records 10 years); Art. 958f. OR (accounting records 10 years); Art. 127 OR (limitation period 10 years).
Server log data is stored for a maximum of 30 days and is then automatically deleted (see Section 1).
10. Data security
We have implemented appropriate technical and organisational measures to protect your personal data against loss and unauthorised access. All (client) data is processed on the Microsoft 365 and Vertec cloud solutions, which are operated on servers located in Switzerland. GWK LAW AG accepts no responsibility for the data protection compliance of third-party websites linked to its website.
11. Your rights
Data subjects have, in particular, the right of access (Art. 25 FADP), the right to rectification, erasure or restriction of processing (Art. 32 FADP), the right to object to processing, the right to lodge a complaint with the FDPIC, and the right to data portability (Art. 28 and 29 FADP).
If you do not agree with our data processing, please notify us accordingly. You also have the right to report this to the Federal Data Protection and Information Commissioner (FDPIC, www.edoeb.admin.ch).
12. Communication channels and security
We cannot guarantee the confidentiality of electronic communication channels, in particular email. We accept no liability for the security of data transmitted electronically. We recommend that you encrypt your emails. We assume that persons who communicate with us via email consent to this method of communication.
13. How can you contact us?
Overall responsibility for data protection at GWK LAW AG lies with Martin Klaus personally. Data subjects may contact us in writing regarding data protection matters (telephone enquiries will not be processed):
GWK LAW AG
Gutenbergstrasse 14
P.O. Box
CH – 3001 Bern
VAT No.: CHE-233.418.264
Registered in the Commercial Register of the Canton of Bern
We reserve the right to amend this privacy policy at any time. The current German version of the privacy policy published on this website shall apply.
Date: April 2026