Privacy Policy

Your Rights at a Glance

Under Swiss data protection law, you have the following rights:

Right to access: Request information about your personal data
Right to correction: Correct inaccurate or incomplete data
Right to deletion: Request deletion of your personal data (right to be forgotten)
Right to restriction: Request restriction of data processing
Right to data portability: Receive your data in a machine-readable format
Right to object: Object to processing of your personal data
Right to lodge a complaint: File a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC)

1. Data Protection at a Glance

General Information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to personally identify you.

Data Collection on This Website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. The operator's contact details can be found in the Legal Notice of this website.

Categories of Personal Data Collected:

Contact data (email address when you contact the firm)
Technical data (IP address, browser type, operating system, access times)
Usage data (pages visited, time spent on pages)
Preference data (dark mode setting stored locally in your browser)

How is your data collected?

Your data is collected when you provide it to the firm. This may include data you enter in a contact form or send via email.

Other data is collected automatically by the firm's IT systems when you visit the website. This primarily includes technical data (e.g., internet browser, operating system, or time of page access).

What is your data used for?

The firm processes your personal data for the following purposes:

Website operation and security
Responding to inquiries and providing legal services
Legal compliance and fulfilling statutory obligations
Legitimate interest in website operation and security (improving website functionality and user experience)

2. Hosting and Content Delivery Networks (CDN)

Cloudflare Pages

This website is hosted on Cloudflare Pages. The provider is Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA (hereinafter "Cloudflare").

Cloudflare automatically collects and stores information in server log files that your browser automatically transmits. This includes:

Browser type and version
Operating system used
Referrer URL
Hostname of the accessing computer
Time of server request
IP address

This data is not combined with other data sources.

Legal basis: Data collection is based on the firm's legitimate interest in the technically error-free presentation and optimization of its website (FADP Article 6(2)(f)).

For more information, please see Cloudflare's privacy policy: https://www.cloudflare.com/privacypolicy/

International Data Transfers

This website is hosted on Cloudflare, Inc., based in the USA. Cloudflare is certified under the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF), which was recognized by the Swiss Federal Council as providing an adequate level of data protection as of September 15, 2024. Personal data transferred to Cloudflare is therefore protected at a level equivalent to Swiss data protection standards.

For details about Cloudflare's certification status, please visit: https://www.dataprivacyframework.gov/

In the event Cloudflare ceases to maintain DPF certification, the firm would rely on standard contractual clauses or other appropriate safeguards as required by FADP Article 16.

3. General Information and Mandatory Disclosures

Data Protection

The operators of this website take the protection of your personal data very seriously. The firm treats your personal data confidentially and in accordance with the Swiss Federal Act on Data Protection (FADP), other applicable statutory data protection regulations, and this privacy policy.

When you use this website, various personal data is collected. Personal data is data that can be used to personally identify you. This privacy policy explains what data the firm collects and what it is used for. It also explains how and for what purpose this is done.

Information About the Responsible Party

The responsible party for data processing on this website is:

Kanzlei Dr. Gawel GmbH
Rechtsanwalt Dr. iur. Claus Gawel, LLM, MCIArb
Clarastrasse 2
4058 Basel
Switzerland
Email: contact@gawel.ch

The responsible party is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data (e.g., names, email addresses, etc.).

Data Retention Periods

Unless a more specific storage period is specified within this privacy policy, your personal data will remain with the firm until the purpose for data processing no longer applies. If you assert a legitimate request for deletion or revoke consent for data processing, your data will be deleted unless the firm has other legally permissible reasons for storing your personal data.

Specific retention periods:

Server log files: 30 days
Email correspondence: Duration of business relationship plus applicable retention periods under Swiss law (typically 10 years for business correspondence)
LocalStorage preferences: Until manually deleted by the user or browser cache is cleared

Revocation of Your Consent to Data Processing

Many data processing operations are only possible with your express consent. You can revoke consent you have already given at any time. The lawfulness of data processing carried out until the revocation remains unaffected by the revocation.

Right to Data Portability

You have the right to have data that the firm processes automatically based on your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format.

Information, Deletion, and Correction

Within the scope of applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipients, and the purpose of data processing and, if applicable, a right to correction or deletion of this data. You can contact the firm at any time regarding this and other questions about personal data.

Right to Restriction of Processing

You have the right to request the restriction of the processing of your personal data. You can contact the firm at any time for this purpose.

Right to Lodge a Complaint

You have the right to lodge a complaint with the competent data protection supervisory authority if you believe that the processing of your personal data violates data protection law.

The competent supervisory authority in Switzerland is:

Swiss Federal Data Protection and Information Commissioner (FDPIC)
Feldeggweg 1
3003 Bern
Switzerland
Email: info@edoeb.admin.ch
Website: https://www.edoeb.admin.ch

4. Data Collection on This Website

Server Log Files

The page provider automatically collects and stores information in server log files that your browser automatically transmits. This includes:

Browser type and version
Operating system used
Referrer URL
Hostname of the accessing computer
Time of server request
IP address

This data is not combined with other data sources.

Legal basis: Data collection is based on the firm's legitimate interest in ensuring website security, stability, and optimization (FADP Article 6(2)(f)). The firm has a legitimate interest in the technically error-free presentation and operation of its website, which requires processing of server log data.

Retention period: Server log files are automatically deleted after 30 days.

Contact via Email

If you contact the firm via email, your inquiry, including all resulting personal data (name, email address, inquiry content), will be stored and processed for the purpose of handling your request. The firm does not share this data without your consent.

Legal basis: The processing of email contact data is based on the following legal grounds under FADP Article 6:

FADP Article 6(2)(a) - Consent: Your consent when you voluntarily contact the firm via email
FADP Article 6(2)(b) - Contract/Pre-contractual measures: The necessity to fulfill a contract or implement pre-contractual measures if your inquiry relates to legal services or engagement
FADP Article 6(2)(f) - Legitimate interest: The firm's legitimate interest in effectively responding to and handling inquiries directed to the firm

The data you send to the firm via email will remain with the firm until you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies. Mandatory legal provisions under Swiss law particularly statutory retention periods for business correspondence (typically 10 years) remain unaffected.

5. Cookies and Local Storage

This website only uses technically necessary local storage. Specifically, the website uses LocalStorage (a browser-based storage mechanism) to save your preference settings, such as the dark mode setting.

Important information about LocalStorage:

This data is stored exclusively locally in your browser
No data is transmitted to the firm's servers
No cookies or tracking technologies are used
You can delete this data at any time by clearing your browser cache or browser data
This storage is necessary for basic website functionality and does not require consent

6. Automated Decision-Making and Profiling

The firm does not use automated decision-making, including profiling, as defined under data protection law. All data processing on this website is performed without automated individual decision-making.

7. Plugins and Tools

This website contains links to LinkedIn. When you click on a LinkedIn link, you will be redirected to LinkedIn. LinkedIn is a service of LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.

Data transfer through link clicks: When you click on a LinkedIn link on this website, your browser directly contacts LinkedIn's servers. At that moment, LinkedIn (not the firm) receives technical information such as your IP address, device information, and the fact that you accessed LinkedIn from this website. This data transfer occurs directly between your browser and LinkedIn. The firm does not transmit or have access to this data. This is LinkedIn's own data collection, for which LinkedIn bears responsibility as the data controller.

Important notice about data protection level: LinkedIn Corporation is currently not certified under the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF); a new certification is pending and this status might change. You can review the current status at: https://www.dataprivacyframework.gov/participant/5448. This means that data transferred to LinkedIn in the United States may not receive the same level of data protection as in Switzerland. LinkedIn processes your data according to its own privacy policy and applicable U.S. laws.

Your choice: You can choose not to click on LinkedIn links if you do not wish your data to be transferred to LinkedIn. The legal basis for including these links is the firm's legitimate interest in professional networking and business communication.

For more information on the handling of user data, please see LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy

Last updated: October 2025