Privacy Policy

What is this about?

Your Privacy matters to LEXR, which is why we comply with the applicable data protection laws, including the EU General Data Protection Regulation (GDPR) and Switzerland’s Federal Act on Data Protection (FADP). 

The purpose of this Privacy Policy is to explain the types of personal data we collect from you or about you from a third party, how we use, disclose, protect and process that information, and who we share it within the context of our Services and the LEXR Site, as well as certain rights you have in this respect. 

How can I get in touch with you regarding privacy issues?

This website is operated by LEXR Tech AG (“us” or “we”), which is the contact and so-called controller for the processing of your Personal Data when using this website. If you have any questions about this Privacy Policy, you can contact us by: 

• e-mail at: [email protected] 
• mailing us at: LEXR Tech AG, Penasch sot 14b, 7078 Lenzerheide/Lai
• or calling us at: +41 44 544 13 30 

In Germany, we have appointed an EU representative according to the GDPR. If you visit us from Germany, you can also contact LEXR Germany Rechtsanwalts GmbH by: 

• e-mail at: [email protected]
• mailing us at: LEXR Germany Rechtsanwalts GmbH, c/o Mindspace, Friedrichstraße 68, 10117 Berlin
• or calling us at: +41 44 544 13 30 

For our legal services, the respective local law firms are the controller of your Personal Data. You can find the respective contact details in the imprint. 

What types of personal data do you collect / process?

We collect and process Personal Data that you provide to us when communicating with us (such as your name and contact information, language preference, job title, business affiliations, and other information you provide to us either directly or indirectly). The Personal Data may relate to you as well as your employees and/or agents. In some cases, the Personal Data is supplemented by data obtained from other public sources, such as company websites or online media, for the purpose of confirming your identity or position or obtaining further information to help us communicate with you. 

If you are a potential recruit, we may process the following Personal Data: Name and job title; Contact information including email address, physical address, and phone number; CV/Resume, including your age and/or gender (if you provide it to us), your education, job history and similar information that you provide to us. 

For which purposes do you process my data?

Our goals for collecting Personal Data from you is to help us do the following: 

• deliver our Services
• verify your identity
• improve, develop, and market our Services
• carry out requests made by you in relation to our Services or requests you make on our Site
• comply with any applicable law, court order, or requirements of a regulator 
• enforce our agreements with you 
• protect our rights, property or safety, along with the rights of certain third parties, including our other clients and other users of the Site or our Services, 
• carry out recruiting, and 
• for Client analysis and insight: In situations where you have provided consent (where lawfully required), we may use log files, cookies, and other technologies to obtain Personal Data. This may include a session ID in order to track use statistics on our Site, an IP address in order to monitor Site traffic/volume, and other information as permitted by law. Kindly see our Cookie Policy to learn more about the cookies we use and how you can manage and delete cookies. 

What legal grounds do you have to process my personal data?

It is necessary for us to use or process your Personal Data for the following reasons: 

• Contract:to perform our obligations under any engagement or contract that we may have with you or your organization (i.e. to register you as a client; to provide and administer Services; and to process payments, billing, and collection, recruiting you.)
• Legitimate interests: Where it is in our legitimate interest (or a third party’s legitimate interest) to use Personal Data to ensure we are providing Services in the best way possible.(i.e. (1) to administer and manage our relationship with you, whether through accounting, auditing, or other steps linked to the performance of our business relationship; (2) to analyze and improve our communications and Services and remain compliant with our policies, and (3) to deliver the work product or Services you have hired us to provide. 
• Legal Obligations: It may be our legal obligation to use your Personal Data in order to comply with certain legal obligations imposed upon us, including but not limited to anti-money laundering, fraud, and crime prevention.
• Consent:We may rely on your freely given consent at the time you provided your Personal Data.

How are you collecting personal data?

We collect Personal Data directly:

• via our Website and electronic communications
• when you or your organization uses our Services
• when you or your organization offer to provide, or provides, services to us
• when you correspond with us by electronic means using our Website
• when you or your organization browse, complete a form or make an inquiry or otherwise interact on our Website.

We collect Personal Data indirectly:

• through public sources
• from public registers (such as commercial registers), news articles, sanctions lists, and Internet searches
• when our business customers engage us to perform professional services which involve them sharing personal data they control with us as part of that engagement

What personal data security measures do you take?

We have implemented technical and organizational measures in an attempt to safeguard the Personal Data in our custody and control. While we always make a conscious effort to protect our systems, operations, sites, and information against unauthorized access, use, modification, and disclosure, due to the inherent nature of the Internet as an open global communications vehicle and other risk factors, we cannot guarantee that information, during transfer or storage, will be absolutely safe from interception. 

Who are you sharing my personal data with?

We may, where necessary and according to the relevant legal basis, share your Personal Data with any number of the following categories of third parties: 

• Insurers
• Regulators/tax authorities/corporate registries
• Professional advisers that we use, such as accountant and lawyers
• Government or regulatory authorities
• Third parties who provide services such as, document processing and translation services, confidential paper shredding and/or disposal companies, software providers or IT systems, IT support services, document and information storage providers
• Third parties that are engaged in the course of your matter, such as counsel, mediators, banks and other payment providers, court, tax advisors or valuation experts
• Third party service providers who help us with client insight analytics, such as Google Analytics
• Third party postal or courier providers who deliver our postal marketing campaigns or documents related to a client matter

We do an appropriate level of due diligence on third party contractors and assure contractually that sub-contractors are processing Personal Data in an appropriate manner and in accordance to our legal and regulatory obligations. In addition, we may use external data controllers where it is necessary in order to deliver the Services (e.g., without limitation: lawyers, accountants, or other third-party experts). 

In the course of doing so, we will adhere to our legal and regulatory obligations regarding Personal Data, including, without limitation, establishing and implementing appropriate safeguards. 

Where are you storing / transferring my data?

We may transfer Personal Data to locations outside of the jurisdiction in which we provide our services to you. We may process your data within Switzerland and the EU/EEA as well as the United States. For example, we currently collaborate with IT service providers who are headquartered in the United States and who may process Personal Data such as for time tracking/billing purposes. 

If and to the extent your Personal Data is transferred to and/or stored at a destination outside of Switzerland/EU/EEA, we will take all steps reasonably necessary to ensure that your data is treated securely. To the extent that these countries are outside the EEA and the EU has not adopted an adequacy decision for these countries, we have made appropriate arrangements to ensure an adequate level of data protection for any data transfers. These include, for example, the EU’s standard contractual clauses. In these cases, however, it is possible and there is a risk that authorities in the respective third country (e.g., intelligence services) may gain access to the transferred data and that the enforcement of your data subject rights cannot be guaranteed. When obtaining your consent via the consent banner, you will also be informed about this. 

Unfortunately, the transmission of information via the internet cannot be completely secure. While we do our best to protect your Personal Data, we cannot guarantee the security of data that is being transmitted. 

How long do you keep my personal data?

In principle, we store your Personal Data only as long as necessary to fulfill the purposes they were collected for. Thereafter, we delete the data immediately, unless we need to keep the data until the expiry of statutory retention obligations. 

With respect to visitors to our Site,

• We retain relevant Personal Data for at most, two years from the date of our last interaction with you.

For the provision of Services to clients,

• We retain relevant Personal Data for at least 10 years from the date of our last interaction with the client and in compliance with our obligations under national law around the world, or for longer if required to do so according to our regulatory obligations or professional insurance obligations. After such time, we may destroy said files without further notice or liability.

For recruiting,

• We retain relevant Personal Data throughout the LEXR recruiting process and delete Personal Data within 6 months after the recruiting process is over. 

What rights do I have regarding my personal data?

You have the following rights regarding the Personal Data we hold about you. If you wish to exercise your rights, please contact us under the details given above: 

• Right of access: You have the right to ask us to furnish you with a copy of the Personal Data that we hold about you. If you need additional copies or if the request is excessive or abusive, we are entitled to charge a reasonable fee.
• Right of rectification: If Personal Data we hold about you is incomplete or inaccurate, you are entitled to ask us to rectify it.
• Right of erasure: You can request for us to delete or remove your Personal Data in certain circumstances (i.e., where we no longer need it or if you have withdrawn your consent (where applicable)).
• Right to restrict processing: You can ask us to block or suppress processing of your Personal Data in certain circumstances (i.e. where you dispute the accuracy of the Personal Data or object to us).
• Right to data portability: Under certain circumstances, you have the right to obtain Personal Data you have provided us with (in a structured, commonly used and machine-readable format) and to reuse it elsewhere or to ask us to transfer it to a third party.
• Right to object: You can request that we stop processing your Personal Data for reasons arising from your particular circumstances if we process the data on the basis of a legitimate interest. If you object to the processing of your data for direct marketing purposes, you have a general right of objection, which we will also implement without giving reasons. 
• Right to withdraw consent: You have the right to fully or partly withdraw your consent at any time with effect for the future if you have provided your consent to the collection, processing and transfer of your Personal Data. You can click on the ‘unsubscribe’ link in the email you received from us or use our contact form. 
• Right to submit a complaint with the supervisory authority: You are entitled to contact the relevant Supervisory Authority—in Switzerland, the Federal Data Protection and Information Commissioner. If you visit us from Germany, you may assert this right, for example, before a supervisory authority in the member state of your place of residence, your place of work or the place of the alleged infringement. In Berlin, the seat of our EU Representative, the competent authority is: Berliner Beauftragte für Datenschutz und Informationsfreiheit, Alt-Moabit 59-61, 10555 Berlin, phone: +49 30 13889-0, e-mail: [email protected]

How do you use Microsoft Teams? 

We use “Teams” to conduct online meetings. Teams is a software from Microsoft Ireland Operations Limited, South County Business Park, Leopardstown, Dublin 18, Ireland (“Microsoft”). The legal basis for the processing of data to conduct meetings via Teams is our legitimate interest in the effective and simple conduct of online meetings, discussion rounds and presentations. Also, we conduct this data processing on a contractual basis insofar as the meetings are held within the framework of existing contractual relationships with you. We are not responsible for any further data processing on the Teams product website, where the desktop software can be downloaded and the web app can be used. 

During a meeting, participant details (e.g. display name, first name, last name, phone), metadata (e.g. meeting topic and description, IP address, time of participant’s last activity on Teams) chat or channel massages, microphone and video recording data and phone use may be processed under certain circumstances. You can deactivate the transmission via microphone and camera at any time via the corresponding settings. We only record meetings or log text data with your consent and prior notification. Microsoft stores and uses the metadata to enable us to analyse and report on the use of Teams. 

Microsoft may become aware of the above data as part of its contract with us. You can find more information in Microsoft’s data protection policy under https://privacy.microsoft.com/de-de/privacystatement. 

Do you send out Newsletters?

We may send newsletters and other notifications by email and through other communication channels. We may have newsletters and other notifications sent by third parties or send them with the help of third parties. 

In principle, you must expressly consent to the use of your e-mail address and other contact addresses, unless the use is permitted for other legal reasons. We use “double opt-in” for any consent in the case of e-mails, i.e. you will receive an e-mail with a web link that you must click to confirm, so that no misuse by unauthorized third parties can take place. We may log such consents including Internet Protocol (IP) address, date and time. 

Newsletters and other notifications may contain web links or tracking pixels that record whether an individual newsletter or notification has been opened and which web links were clicked (performance measurement). Such web links and tracking pixels record the use of newsletters and other notifications. We need this statistical recording of usage, including success and reach measurement, in order to be able to offer newsletters and other notifications effectively and in a user-friendly manner, as well as permanently, securely and reliably, based on the reading habits of the recipients. 

You can unsubscribe from newsletters and other notifications at any time and thereby object in particular to the aforementioned collection of usage. You can do so by contacting us directly or following the link included in the footer of each newsletter we send you. 

Will this privacy policy ever change?

We may amend this Privacy Policy from time to time. We would do that to reflect any changes to our use of your Personal Data or to comply with changes in the law. 

Wherever practicable, we will inform you by email of any significant changes. However, we also encourage you to reread this Privacy Policy periodically to stay up to date and informed about how we use your Personal Data. 

January 2023