Privacy Policy AsyLex

valid from 1 September 2023 until revoked

1. General

The privacy policy (“Privacy Policy”) informs you about how the non-profit association AsyLex ("we") collect and otherwise process your personal data ("your data"), as well as the precautions we take to ensure the confidentiality and security of your data. This is not an exhaustive description; other data protection declarations or general terms and conditions, conditions of participation and similar documents may govern specific matters. Personal data means any information relating to an identified or identifiable individual. This includes contact details such as name, telephone number, address or e-mail address as well as other information that you provide to us, for example, when contacting us or submitting your documents for case processing or mandating or using other AsyLex services.

If you provide us with personal data about other people (e.g. family members, friends, work colleagues, etc.), please ensure that they are aware of this Privacy Policy and only provide us with their personal data if you are permitted to do so and if that personal data is accurate.

This privacy policy is designed to meet the requirements of the Swiss Data Protection Act ("DPA") and the revised Swiss Data Protection Act ("nDPA"). However, whether and to what extent these laws are applicable depends on the individual case.

2. Persons responsible for data processing

Responsible for the data processing we carry out here is:

Address: AsyLex, Gotthardstrasse 52, 8002 Zurich
E-mail: info@asylex.ch

For data protection enquiries, you can reach us at the above postal address, with the addition "Data protection" or at the above e-mail address with the subject "Data protection".

3. Collection and processing of personal data of our clients in particular

We process the data for case processing and mandating our clients with the help of purpose-designed processing systems, in particular Eqipe and Zenobis, in the sense of efficient case processing and overview. AsyLex ensures appropriate confidentiality and security in accordance with the state of the art during transmission, processing and storage.

We process personal data (data that directly or indirectly identifies natural persons) that we receive from you or involved third parties within the scope of the mandate relationship or that we collect ourselves.

Some of the personal data you provide to us yourself when you contact us via the contact form on our website, email, social media, by letter or by other means and request our services. This includes, for example, the name and contact details of you or people on whose behalf you contact us. We also process personal data that we receive in our correspondence with third parties (namely clients, counterparties, authorities and courts and their employees or other contact persons) in the context of the client-lawyer relationship (e.g. name, contact details, date of birth, details of employment relationship, income situation, family circumstances, state of health or asylum procedure). In addition, we collect some personal data ourselves, e.g. from public registers or websites.

In order to achieve the purposes described in this Privacy Policy, it may be necessary for us to disclose personal data to the following categories of recipients: External service providers, clients, counterparties and their legal representatives as well as authorities and courts.

In the case of data processing that is necessary to comply with a legal obligation, the legal obligation in question serves as the legal basis.

We process your personal data within the scope of and based on your consent, insofar as we have no other legal basis and we require such a basis. Consent given can be revoked at any time, but this has no effect on data processing that has already taken place. For other processing, we exceptionally rely on our overriding interest, for example, to adapt our offers and services to the needs of our visitors, donors or clients and to continually improve them.

4. Purposes of data processing and legal basis for the processing of client data in particular

We use the personal data we collect primarily to provide, document and bill our legal services. This includes, in particular, providing legal advice and representing our clients before authorities and courts. In order to achieve the purposes described in this Privacy Policy, it may be necessary for us to disclose personal data to the following categories of recipients: External service providers, clients, counterparties and their legal representatives, business partners with whom we may need to coordinate the provision of legal services, as well as authorities and courts.

5. Collection and processing of personal data of donors and other users

We process personal data of visitors to our website only to the extent that this is appropriate and necessary for the provision of a functional website and our content and services. The processing of your data takes place in principle after your express consent, through your contact or the use of our services.

In the case of data processing that is necessary to comply with a legal obligation, the legal obligation in question serves as the legal basis.

For other processing, we exceptionally rely on our overriding interest, for example, to adapt our offers and services to the needs of our visitors and donors and to continuously improve them.

6. Purposes of data processing and legal basis for processing the data of donors and other users

In addition to collecting and processing personal data for the purpose of advising and representing our clients (4. above), we also process personal data about you and other persons, to the extent permitted and deemed appropriate, for the following purposes in which we (and sometimes third parties) have a legitimate interest corresponding to the purpose:

Offer and further develop our offers, services and websites and other platforms on which we are present;
Communicating with third parties and handling their enquiries (e.g. applications, media enquiries);
Carrying out occasions, provided you have not objected to the use of your data (if we send you advertising from us as an existing customer, you can object to this at any time, we will then put you on a blocking list against further advertising mailings);
Assertion of legal claims and defence in connection with legal disputes and official proceedings;
Prevention and investigation of criminal offences and other misconduct (e.g. conducting internal investigations, data analysis to combat fraud);
Guarantees of our operations, in particular IT, our websites, apps and other platforms;

7. Website

Regarding the use of the website, it should be noted that the AsyLex website is operated by WIX. Usage and analysis data of our website www.AsyLex.ch are only available to us in anonymised form via our website provider WIX. Information on how WIX handles the data of website visitors can be found in the WIX data protection declaration here. WIX explains in point 6 of its privacy policy that WIX collects, stores and processes certain personal data of website visitors exclusively on their behalf and at their instruction. For example, any:r visitor:in may import email contacts from third-party services such as Gmail or otherwise collect and manage contacts through its visitor website. These contacts are then stored at WIX on behalf of the user:in.

8. Cookies

In order for our website to function properly, certain cookies are used. A cookie is a small file or record that the website can send to your browser, which then stores it on your computer's hard drive. Cookies do not provide us with any information about your use of the website, except in anonymised form. Detailed information on what types of cookies our website provider WIX uses and for what purposes WIX uses them can be found here.

9. Social media

The social media services we use (Facebook, Instagram, LinkedIn and Twitter) are linked on our website so that you can access our social media channels via our website if you are interested. The corresponding buttons only result in an exchange of data with the respective social media platform when they are clicked and the user is logged in to the platform at the time of clicking.

We use our social media channels and in particular our Facebook page to enable potential clients to easily contact us. For this purpose, personal data are necessarily transmitted to the respective social media services, which we try to minimise by referring to other channels (e.g. e-mail). Furthermore, we regularly inform (potential) clients about the possible sharing of their data with the services used, especially before transmitting sensitive data via social media channels.

10. Newsletter

You can subscribe to a free newsletter on our website or through other channels. With our newsletter we provide information at regular intervals on important developments and our positions in the field of asylum, on publications, our services and other news.

When registering for the newsletter, the data (in particular the email address) from the input mask is transmitted to us. We use Mailchimp to send our newsletter. Of the data stored during registration, at most the title, surname, first name and email address are transmitted to Mailchimp. You can find more information about Mailchimp's data protection here.

The data collected is used exclusively for sending our newsletter.

The subscription to the newsletter can be cancelled at any time by the user concerned. For this purpose, a corresponding link can be found in each newsletter.

11. Donations and mandates

The transmission of data from potential donors or clients (in particular via e-mail or Facebook) is carried out for the purpose of processing the donation or the legal advice and mandate as far as this is reasonable and necessary. Any risk, in particular with regard to data security and cyber risk when using the internet, is excluded by AsyLex as far as possible and is in principle borne by users, donors or clients.

We process the data for case management and mandating of our clients with the help of purpose-specific processing systems, in particular Eqipe and Zenobis, in the sense of efficient case management and overview. We pay attention to appropriate and suitable secrecy and security in the transmission, processing and storage of data in accordance with the state of the art. The data is processed in accordance with Swiss data protection law and stored at data centres in Switzerland. Further information on data protection from Eqipe can be found here and from Zenobis here.

If donors or clients use the services of AsyLex via a computer or service provider (e.g. Facebook) located outside Switzerland, donors or clients thereby expressly declare their consent that data (inevitably) may also be transmitted outside Switzerland.

12. Bryter

On our website or via other links, you may be unexpectedly advised to enter your data in a Bryter module in order to efficiently use certain processes for automated processing, information. If technically possible and not relevant for the process, no personal data will be stored. However, especially for the re-entry into a Bryter module that has been started, it may be necessary to save certain data. You can find more information about Bryter's data protection here.

13. YouTube

Our website embeds videos from YouTube. As soon as you start a YouTube video on our website, a connection to the YouTube servers is established. YouTube or Google informs you which of our pages you have visited. If you are logged into your YouTube or Google account, you enable YouTube or Google to associate your surfing behaviour with your personal profile. This happens outside of our responsibility.

YouTube or Google can save various cookies on your end device after starting a video. With the help of these cookies, YouTube or Google can obtain information about visitors to this website. The cookies remain on your device until you delete them. If necessary, further data processing processes may be triggered after the start of a YouTube video, over which we have no influence. You can find more information about YouTube's data protection here.

14. Data transfer and data transmission abroad

In the context of the services provided by AsyLex, personal data of visitors may be transmitted to third parties abroad in accordance with the nature of the services (see in particular the preceding paragraphs 4 to 10). By using the services of AsyLex, visitors give their consent to the collection, transmission, storage and transfer of data to third parties as necessary and required. Furthermore, AsyLex is authorised to anonymise the data of donors or clients and subsequently to use, publish and pass them on for scientific and statistical purposes if this declaration has been consented to.

If a recipient is located in a country without adequate legal data protection, we contractually oblige the recipient to comply with the applicable data protection law, unless the recipient is already subject to a legally recognised set of rules to ensure data protection and we cannot rely on an exemption clause. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interests or if the performance of a contract requires such disclosure, if you have given your consent or if the data in question has been made generally accessible by you and you have not objected to its processing.

15. Duration of the retention of personal data

We only use and retain your data for as long as is necessary for the fulfilment of our contractual and legal obligations or otherwise the purposes pursued with the processing, i.e. for example for the duration of the entire business relationship (from the initiation, processing to the termination of a contract) as well as beyond that in accordance with the statutory retention and documentation obligations. In this context, it is possible that personal data will be retained for the time during which claims can be asserted against our association and insofar as we are otherwise legally obliged to do so or justified business interests require this (e.g. for evidence and documentation purposes). As soon as your personal data is no longer required for the above-mentioned purposes, it will be deleted or anonymised as a matter of principle and as far as possible.

16. Data security

We take appropriate technical and organisational security measures to protect your personal data from unauthorised access and misuse, such as issuing instructions, internal training, password security, access restrictions.

17. Your rights

Below is a list of your rights in relation to the data we process.

1) Right to information and rectification

Within the legal framework, you have the right to receive information from us at any time and free of charge about whether and which of your data we process. In addition, you can demand that we correct or complete incorrect data about you in our systems.

2) Right to erasure and restriction

You have the right to request that we delete your data or restrict the processing of your personal data.

Please note that even after your request for deletion, we may need to retain your personal data due to legal or contractual retention obligations and in this case can only restrict or block your data as necessary.

You can request the restriction of the processing of your data if you dispute the accuracy of this data, the processing is unlawful, the data is no longer needed or if you object.

If the processing of the data is restricted, it may only be stored. Further processing may only be carried out with your consent, for the assertion, exercise or defence of legal claims, to protect the rights of another person or for reasons of important public interest.

3) Right to data output and transfer

You have the right to obtain the data concerning you based on consent, on a contract or on processing by automated means in a structured, commonly used and machine-readable form and to transmit this data to a third party.

Where technically feasible, you may request direct transmission to a third party. The rights and freedoms of other persons must not be affected by this.

4) Revocation of consent

In principle, you can revoke your consent to data processing at any time and with effect from that time. In the event of a revocation, we can no longer provide you with personalised use of our services.

5) Right to complain

Where applicable, you have the right to lodge a complaint with the competent supervisory authority regarding data processing operations.

18. Contact

If you have any questions or suggestions regarding this Privacy Policy, our measures to protect your data or for information regarding your rights pursuant to section 14 or for the assertion thereof, you can contact us as already mentioned at the following address or by e-mail:

Address: AsyLex, Gotthardstrasse 52, 8002 Zurich
E-mail: info@asylex.ch

19. Adaptations and language

We expressly reserve the right to change this Privacy Policy at any time. If such adjustments are made, we will publish them on our website. It is your responsibility to check the current version of the privacy policy on our website.

The German version of this Privacy Policy on the website www.asylex.ch is binding. The translations are for understanding purposes only.